keylin(麒麟) V10 sp2升级到openssl3.2.4和openssh9.9
如有报错可在 这里 寻求帮助
前奏
[root@kyline10 ~]# cat /etc/os-release
NAME="Kylin Linux Advanced Server"
VERSION="V10 (Sword)"
ID="kylin"
VERSION_ID="V10"
PRETTY_NAME="Kylin Linux Advanced Server V10 (Sword)"
ANSI_COLOR="0;31"
[root@kyline10 ~]# nkvers
############## Kylin Linux Version #################
Release:
Kylin Linux Advanced Server release V10 (Sword)
Kernel:
4.19.90-25.45.v2101.ky10.x86_64
Build:
Kylin Linux Advanced Server
release V10 (SP2) /(Sword)-x86_64-Build09.01/20210524
#################################################
下载并安装包
[root@kyline10 ~]# wget https://github.com/openssl/openssl/releases/download/openssl-3.2.4/openssl-3.2.4.tar.gz
[root@kyline10 ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz
[root@kyline10 ~]# ls -alh openss*
-rw-r--r-- 1 root root 1.9M 9月 20 07:23 openssh-9.9p1.tar.gz
-rw-r--r-- 1 root root 17M 2月 11 22:42 openssl-3.2.4.tar.gz
[root@kyline10 ~]# tar -zxvf openssh-9.9p1.tar.gz
[root@kyline10 ~]# tar -zxvf openssl-3.2.4.tar.gz
安装openssl
[root@kyline10 ~]# cd openssl-3.2.4/
[root@kyline10 openssl-3.2.4]# ./config --prefix=/usr/local/src/openssl
Configuring OpenSSL version 3.2.4 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************
[root@kyline10 openssl-3.2.4]# make -j4 # 需要几分钟
[root@kyline10 openssl-3.2.4]# make install # 因为使用的是root所以不加sudo
# 创建openssl软链接
[root@kyline10 openssl-3.2.4]# mv /usr/bin/openssl{,-bak2}
[root@kyline10 openssl-3.2.4]# ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
[root@kyline10 openssl-3.2.4]# ln -s /usr/local/src/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
[root@kyline10 openssl-3.2.4]# ln -s /usr/local/src/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
[root@kyline10 openssl-3.2.4]# openssl version
OpenSSL 3.2.4 11 Feb 2025 (Library: OpenSSL 3.2.4 11 Feb 2025)
[root@kyline10 openssl-3.2.4]# cd
安装openssh
[root@kyline10 ~]# cd openssh-9.9p1/
[root@kyline10 openssh-9.9p1]# vim /etc/ssh/sshd_config # 注释以下行
# GSSAPIAuthentication yes
# GSSAPICleanupCredentials yes
[root@kyline10 openssh-9.9p1]# ./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl/ --with-zlib=/usr
....
....
Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -I/root/gcc-8.5.0/zlib/include -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -I/usr/local/src/openssl//include -I/root/gcc-8.5.0/zlib -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DOPENSSL_API_COMPAT=0x10100000L
Linker flags: -L/usr/local/src/openssl//lib64 -L/root/gcc-8.5.0/zlib -L/root/gcc-8.5.0/zlib/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
Libraries: -ldl -lutil -lresolv
+for channels: -lcrypto -lz
+for sshd: -lcrypt -lpam
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
[root@kyline10 openssh-9.9p1]# make -j$(nproc)
[root@kyline10 openssh-9.9p1]# make install
....
....
/usr/bin/install -c -m 644 sshd.8.out /usr/local/src/ssh/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/local/src/ssh/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/local/src/ssh/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/src/ssh/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/src/ssh/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/src/ssh/share/man/man8/ssh-sk-helper.8
/usr/bin/mkdir -p /etc/ssh
/etc/ssh/ssh_config already exists, install will not overwrite
/etc/ssh/sshd_config already exists, install will not overwrite
/etc/ssh/moduli already exists, install will not overwrite
/usr/local/src/ssh/sbin/sshd -t -f /etc/ssh/sshd_config
# ssh文件覆盖
[root@kyline10 openssh-9.9p1]# cp -rf contrib/redhat/sshd.init /etc/init.d/sshd
[root@kyline10 openssh-9.9p1]# cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
[root@kyline10 openssh-9.9p1]# cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
[root@kyline10 openssh-9.9p1]# cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@kyline10 openssh-9.9p1]# systemctl restart sshd
[root@kyline10 openssh-9.9p1]# ssh -V
OpenSSH_9.9p1, OpenSSL 3.2.4 11 Feb 2025
[root@kyline10 openssh-9.9p1]# systemctl enable sshd
Synchronizing state of sshd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable sshd
重新ssh登陆
rambo@e8bit:~$ ssh root@172.16.186.144
Authorized users only. All activities may be monitored and reported.
root@172.16.186.144's password:
Authorized users only. All activities may be monitored and reported.
Web console: https://kyline10:9090/ or https://172.16.186.144:9090/
Last login: Fri Mar 14 20:59:13 2025 from 172.16.186.1
浙公网安备 33010602011771号