Linux更新openssl和openssh

Ubuntu 16.04 更新openssl、openssh

安装依赖

apt-get update
apt-get install -y libzip-dev  libssl-dev autoconf  gcc libxml2 make

下载源码包并安装

wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1o.tar.gz
# wget http://www.zlib.net/zlib-1.2.11.tar.gz

tar -zxvf openssh-9.0p1.tar.gz
tar -zxvf openssl-1.1.1o.tar.gz
# tar -zxvf zlib-1.2.11.tar.gz

# cd zlib-1.2.11
# ./configure --prefix=/usr/local
# make
# make install

mv /usr/local/ssl /usr/local/ssl_bak

cd openssl-1.1.1o
./config shared --prefix=/usr/local/ssl
make test
make install
ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1


service ssh stop
service sshd stop

cd ../openssh-9.0p1
cp -r /etc/ssh /etc/ssh_bak
./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl
make
make install

mv /usr/bin/scp /tmp/;mv /usr/bin/ssh* /tmp/;mv /usr/bin/openssl /tmp/
mv /usr/sbin/sshd /usr/sbin/sshd_bak

ln -s /usr/local/bin/ssh /usr/bin/ssh
ln -s /usr/local/bin/scp /usr/bin/scp
ln -s /usr/local/bin/ssh-add /usr/bin/ssh-add
ln -s /usr/local/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/bin/ssh-keygen  /usr/bin/ssh-keygen
ln -s /usr/local/bin/ssh-keyscan /usr/bin/ssh-keyscan
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/sbin/sshd /usr/bin/sshd
ln -s /usr/local/sbin/sshd /usr/sbin/sshd

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak

# 检测ssh config配置文件
sshd -t -f /etc/ssh/sshd_config
    /etc/ssh/sshd_config line 16: Deprecated option UsePrivilegeSeparation
    /etc/ssh/sshd_config line 19: Deprecated option KeyRegenerationInterval
    /etc/ssh/sshd_config line 20: Deprecated option ServerKeyBits
    /etc/ssh/sshd_config line 31: Deprecated option RSAAuthentication
    /etc/ssh/sshd_config line 38: Deprecated option RhostsRSAAuthentication
    /etc/ssh/sshd_config line 88: Unsupported option UsePAM

修改/etc/ssh/sshd_config文件,将以上不支持 不推荐的注释,并增加以下:
PermitRootLogin yes
PasswordAuthentication yes
UseDNS no

# 重新加载启动文件
mv /lib/systemd/system/ssh.service /lib/systemd/system/ssh.service.bak
systemctl daemon-reload

# 启动服务
systemctl start ssh
systemctl start sshd

systemctl enable ssh
systemctl enable sshd

# 查看新版本
/usr/sbin/sshd -V

# 重启ssh服务,并测试可以远程连接即可
systemctl restart ssh
systemctl restart sshd
posted @ 2022-06-14 18:56  zongxiang  阅读(415)  评论(0编辑  收藏  举报