centos7.5升级7.9

1. 当前版本信息

[root@localhost ~]# cat /proc/version 
Linux version 3.10.0-862.14.4.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Wed Sep 26 15:12:11 UTC 2018
[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@localhost ~]# rpm -qa | grep openssh
openssh-clients-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64

2. 升级过程

2.1. remove

yum remove -y openssh openssh-clients openssh-server
setenforce 0

2.2. dependency

yum install -y gcc openssl openssl-devel wget

2.3. user and group

userdel -r sshd
groupdel sshd # 这里会提示没有这个组

2.4. prepare

install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd
groupadd -g 51 sshd # 注意，如果这里提示51已经被使用，可以尝试52，以此类推
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 51 sshd

系统里所有的group以及它们对应的id是多少，可以查看文件：vi /etc/group

2.5. download

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
tar -zvxf openssh-7.9p1.tar.gz
cd openssh-7.9p1

2.6. install

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd
make

2.7. file operation

chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

2.8. install

make install

2.9. config

install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.9p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config # 允许root远程登录
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
systemctl restart sshd

3. 测试

[root@mobaji openssh-7.9p1]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2k-fips  26 Jan 2017