文章目录
资源下载路径
## openssl 源码包(升级到sshd 9.7 版本要求 openssl 版本至少1.1.1)
#https://www.openssl.org/source/openssl-1.1.1w.tar.gz
https://qiniu.wsfnk.com/bokefiles/openssl-1.1.1w.tar.gz
## openssh 源码包
#https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
https://qiniu.wsfnk.com/bokefiles/openssh-9.7p1.tar.gzdebian9 将sshd 升级至9.7
## 安装必要组件
apt -y install build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev
## 编译安装openssl
tar xf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/openssl shared zlib
make -j 4
make install
## 更新openssl lib文件链接
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ldconfig -v
ldd /usr/local/openssl/bin/openssl
# 查看版本
openssl version
## 编译安装sshd
tar xf openssh-9.7p1.tar.gz
cd openssh-9.7p1
# 若是升级sshd到9.3版本,可以按如下执行,因为不需单独升级openssl
#./configure --prefix=/usr --sysconfdir=/etc/ssh
# 若是升级sshd到9.7版本,需要用下面这行,因为要升级openssl
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl
make -j 4
make install
## 修改ssh的service配置文件,注释Type=notify这行,就能重启sshd服务
vi /lib/systemd/system/ssh.service
#Type=notify
systemctl daemon-reload
systemctl restart sshd
## 附1、字节的sshd_config需要注释如下这行
#GSSAPIKeyExchange no
## 附2、字节的sshd升级,需要先备份原版,并准备一份debian9原版的sshd_config配置替换后,再执行make 及 make install
centos7 将sshd 升级至9.7
## 安装必要组件
yum -y install gcc pam-devel zlib-devel openssl-devel net-tools perl
## 编译安装openssl
tar xf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/openssl shared zlib
make -j 4
make install
## 更新openssl lib文件链接
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ldconfig -v
ldd /usr/local/openssl/bin/openssl
# 查看版本
openssl version
## 编译安装sshd
tar xf openssh-9.7p1.tar.gz
cd openssh-9.7p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
make -j 4
# 在执行如下步骤,可能需要修改权限
#chmod 600 /etc/ssh/ssh_host_*_key
#chmod 644 /etc/ssh/ssh_host_*_key.pub
make install
## 更新二进制文件
cp contrib/redhat/sshd.init /etc/init.d/sshd
cat /etc/init.d/sshd | grep SSHD
sed -i "s/SSHD=\/usr\/sbin\/sshd/SSHD=\/usr\/local\/openssh\/sbin\/sshd/g" /etc/init.d/sshd
cat /etc/init.d/sshd | grep SSHD
## 查看并修改ssh-keygen的新路径,将新的ssh-keygen安装路径更新
cat -n /etc/init.d/sshd | grep ssh-keygen
sed -i "s#/usr/bin/ssh-keygen -A#/usr/local/openssh/bin/ssh-keygen -A#g" /etc/init.d/sshd
cat -n /etc/init.d/sshd | grep ssh-keygen
# 复制ssh的相关命令--------可能不用,请先停止sshd服务
#cp -arp /usr/local/openssh/bin/* /usr/bin/
cp -arp /usr/local/openssh/sbin/* /usr/sbin/
## 修改ssh的service配置文件,注释Type=notify这行,就能重启sshd服务
vi /lib/systemd/system/ssh.service
#Type=notify
systemctl daemon-reload
systemctl restart sshd
## 附1、字节的sshd_config需要注释如下这行
#GSSAPIKeyExchange no
## 附2、字节的sshd升级,需要先备份原版,并准备一份centos7原版的sshd_config配置替换后,再执行make 及 make install
## 附3、兼容老客户端sshd_config
KexAlgorithms +diffie-hellman-group14-sha1
Ciphers +aes128-cbc,aes192-cbc,aes256-cbc
## 附4、爱奇艺可能要这样
sed -i '/GSSAPIAuthentication/d' /etc/ssh/sshd_config
sed -i '/GSSAPICleanupCredentials/d' /etc/ssh/sshd_config声明:本文为原创,作者为 辣条①号,转载时请保留本声明及附带文章链接:https://boke.wsfnk.com/archives/1593.html
赏
谢谢你请我吃辣条
谢谢你请我吃辣条
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论