CentOS 7升级OpenSSH

Posted 2022-12-06 obed

目录

• 下载openssh安装包
• 安装telnet
• 卸载旧的openssh
• 安装依赖
• 安装openssh
• 重启验证
• 关闭telnet服务
• 参考

下载openssh安装包

下载地址

wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

安装telnet

安装telnet，防止openssh安装失败导致无法连接服务器

yum install -y telnet-server xinetd

echo -e 'pts/0\npts/1\npts/2\npts/3'  >>/etc/securetty

systemctl enable xinetd.service

systemctl enable telnet.socket

systemctl start telnet.socket

systemctl start xinetd

连接方式：telnet ip
然后输入用户名和密码

卸载旧的openssh

rpm -e `rpm -qa | grep openssh` --nodeps

检查是否还有openssh的包

rpm -qa|grep openssh

安装依赖

yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel

安装openssh

./configure --prefix=/usr --sysconfdir=/etc/ssh  --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/ssl  --with-privsep-path=/var/lib/sshd

make

make install

make install时可能报错

Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.

解决方案：chmod 600 /etc/ssh/ssh_host_*

后续配置操作：

install -v -m755 contrib/ssh-copy-id /usr/bin

install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1

install -v -m755 -d /usr/share/doc/openssh-8.0p1

install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1

echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

echo 'UsePAM yes' >> /etc/ssh/sshd_config

cp -p contrib/redhat/sshd.init /etc/init.d/sshd

chmod +x /etc/init.d/sshd

chkconfig --add sshd

chkconfig sshd on

chkconfig --list sshd

重启验证

systemctl restart sshd

关闭telnet服务

vi /etc/securetty，并删除新增的四行

pts/0

pts/1

pts/2

pts/3

停止telnet服务

systemctl stop telnet.socket

systemctl disable telnet.socket

systemctl stop xinetd.service

systemctl disable xinetd.service

如果需要删除telnet和xinetd

1. 使用yum history list all查看yum的历史记录
2. 通过yum history info ID找到安装这两个包的那一步
3. 使用yum history undo ID回退该操作

参考

Linux openssh升级8.0