1.执行:
tar xfz openssh-8.1p1.tar.gz
解压openssh-8.1p1。
2.执行
cd /home/rpm
进入目录并执行rpm的安装
rpm -Uvh *.rpm --nodeps --force
1.执行
cd openssh-8.1p1
2.可能文件默认显示uid和gid数组都是1000,这里重新授权下。不授权可能也不影响安装(请自行测试) 执行
chown -R root.root /home/openssh-8.1p1
1.命令行删除原先ssh的配置文件和目录
rm -rf /etc/ssh/*
然后配置、编译、安装 2.注意下面编译安装的命令是一行
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
1.以上命令执行完毕,echo $?查看下最后的make install是否有报错,0表示没有问题
[root@localhost openssh-8.1p1]# echo $?
0
2.进入/etc/ssh/sshd_config下修改配置文件查询结果如下,需要修改PermitRootLogin yes以及UseDNS no。有注释需要去掉
[root@localhost openssh-8.1p1]# vi /etc/ssh/sshd_config
[root@localhost openssh-8.1p1]# grep "^PermitRootLogin" /etc/ssh/sshd_config
PermitRootLogin yes
[root@localhost openssh-8.1p1]# grep "UseDNS" /etc/ssh/sshd_config
UseDNS no
3.从原先的解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖) (可能下面的ssh.pam文件都没用到,因为sshd_config配置文件貌似没使用它,请自行测试。我这边是拷贝了)
[root@localhost openssh-8.1p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-8.1p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@localhost openssh-8.1p1]# chmod +x /etc/init.d/sshd
[root@localhost openssh-8.1p1]# chkconfig --add sshd
[root@localhost openssh-8.1p1]# systemctl enable sshd
4.把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
[root@localhost openssh-8.1p1]# mv /usr/lib/systemd/system/sshd.service /var/
5.设置sshd服务开机启动
[root@localhost openssh-8.1p1]# chkconfig sshd on
注意:正在将请求转发到“systemctl enable sshd.socket”。
Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.
6.接下来测试启停服务
[root@localhost openssh-8.1p1]# /etc/init.d/sshd restart
Restarting sshd (via systemctl): [ 确定 ]
如果启动服务失败
[root@localhost openssh-8.1p1]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since 三 2020-04-29 09:48:24 CST; 26s ago
Docs: man:systemd-sysv-generator(8)
Process: 2965 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 2994 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
Main PID: 25780 (code=exited, status=0/SUCCESS)
4月 29 09:48:24 localhost.localdomain sshd[2994]: It is required that your private key files are NOT accessible by others.
4月 29 09:48:24 localhost.localdomain sshd[2994]: This private key will be ignored.
4月 29 09:48:24 localhost.localdomain sshd[2994]: Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
4月 29 09:48:24 localhost.localdomain sshd[2994]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
4月 29 09:48:24 localhost.localdomain sshd[2994]: sshd: no hostkeys available -- exiting.
4月 29 09:48:24 localhost.localdomain sshd[2994]: [失败]
4月 29 09:48:24 localhost.localdomain systemd[1]: sshd.service: control process exited, code=exited status=1
4月 29 09:48:24 localhost.localdomain systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 29 09:48:24 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
4月 29 09:48:24 localhost.localdomain systemd[1]: sshd.service failed.
先赋予权限
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
重新启动sshd.service
systemctl start sshd.service
否则使用Xshell登录会发现即使密码正确也无法登录
vi /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled 设置后需要重启linux主机才能生效 然后使用Xshell可正常登录。
升级之前
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
升级之后
[root@localhost ~]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Copyright © QY Network Company Ltd. All Rights Reserved. 2003-2018 群英 版权所有 茂名市群英网络有限公司
增值电信经营许可证 : B1.B2-20140078 粤ICP备09006778号-36 粤公网安备 44090202000006号 粤工商备P091701000595