OpenSSH升级简要步骤
#安装支持包
yum install -y telnet-server telnet gcc zlib-devel openssl-devel pam-devel automake autoconf libtool make
#替换telnet配置文件
/etc/xinetd.d/telnet 中的yes 修改为no
#重启xinetd
service xinetd restart
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
tar zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config&& make&& make install
mv /usr/bin/openssl /usr/bin/openssl_v101e
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
openssl version
cd ~
cp -rf /etc/ssh /etc/ssh.bak20170609
wget ftp://mirror.jmu.edu/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make && make install
cd ~/openssh-7.5p1/contrib/redhat
mv /etc/init.d/sshd /etc/init.d/sshd20170609
cp sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd
cp -rf /etc/ssh/ssh_config /etc/ssh/ssh_config.bak20170609
cp -p ~/openssh-7.5p1/sshd_config /etc/ssh/sshd_config
cp: overwrite `/etc/ssh/sshd_config'? y
cd ~
#修改ssh的配置文件
echo "Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,arcfour128,arcfour256,arcfour,blowfish-cbc,cast128-cbc" >> /etc/ssh/sshd_config
echo "MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96" >> /etc/ssh/sshd_config
echo "KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org" >> /etc/ssh/sshd_config
/etc/init.d/sshd restart
升级常见问题
可能openssl不支持openssh的版本,需要更新。
浙公网安备 33010602011771号