centos8 SSH版本升级

ssh版本升级会导致配置文件初始化 先检查DNS 建议设置114.114.114.114等

升级完成之后不要关闭连接，先新建连接测试下

cp /etc/ssh /tmp/ssh-bak -R
cp /usr/lib/systemd/system/sshd.service /tmp/sshd.service
rpm -qa pam-devel libselinux-devel zlib-devel openssl-devel
rpm -qa gcc make

yum install gcc
gcc -v
rpm -qa gcc make

yum install pam-devel libselinux-devel zlib-devel openssl-devel
rpm -qa pam-devel libselinux-devel zlib-devel openssl-devel
cd /opt
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxvf openssh-9.8p1.tar.gz
cd openssh-9.8p1/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key
make
rpm -e --nodeps `rpm -qa | grep openssh`
make install
cp /tmp/sshd.service /usr/lib/systemd/system/sshd.service
sed -i '/EnvironmentFile=-\/etc\/crypto-policies\/back-ends\/opensshserver.config/s/^/#/' /usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
sshd -V

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

（当前会话窗不要关闭）如果新建连接测试后发现无法连接，先查看防火墙情况，22端口开启也不行，尝试新建一个账号后，再看能否登陆

useradd -m -s /bin/bash itdb
passwd itdb
usermod -G wheel itdb

另外2个漏洞修复 文件增加一下2行

vim /etc/ssh/sshd_config

#文件最下面添加
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

#重启服务
systemctl restart sshd