查看现在的版本SSH -V
一、准备
备份ssh目录(重要)
cp -rf /etc/ssh /etc/ssh.bak
【 可以现场处理的,不用设置
安装telnet,避免ssh升级出现问题,导致无法远程管理
yum install telnet-server
vi /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
默认不允许root登录
vi /etc/securetty
增加
pts/0
pts/1
pts/2
如果登录用户较多,需要更多的pts/*
service xinetd restart
这样root可以telnet登录了
二、安装
升级需要几个组件
yum install -y gcc openssl-devel pam-devel rpm-build
现在新版本,目前是openssh-7.3最新,但刚刚出来,为保险,我选用7.2版本
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p1.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.1p1.tar.gz
解压升级包,并安装
tar -zxvf openssh-7.2p1.tar.gz
cd openssh-7.2p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make && make install
安装后提示:
/etc/ssh/ssh_config already exists, install will not overwrite
/etc/ssh/sshd_config already exists, install will not overwrite
/etc/ssh/moduli already exists, install will not overwrite
ssh-keygen: generating new host keys: ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
/etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials
修改配置文件,允许root登录
vi /etc/ssh/sshd_config
#PermitRootLogin yes
修改为
PermitRootLogin yes
命令:
sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
重启openSSH
service sshd restart
升级后版本
ssh -V
OpenSSH_7.2p1, OpenSSL 1.0.1e-fips 11 Feb 2013
【
如果之前你将原ssh目录修改名字
mv /etc/ssh /etc/ssh_bak
需要修改下配置:
修改配置文件,禁止root登录
sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
可以不操作,禁止dns解析
sed -i '/^#UseDNS yes/s/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
可以不操作默认是22,修改ssh端口至6022
echo "Port 6022" >> /etc/ssh/sshd_config
】
注:在升级SSH时你的SSH是不会因为升级或重启服务而断掉的.
问题1:
[root@testserver2 tmp]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials [ OK ]
解决:
将/etc/ssh/sshd_config文件中以上行数内容注释下即可
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
问题2:
更新后ssh有如下提示,但不影响使用:
[root@testserver2 tmp]# ssh 10.111.32.51
/etc/ssh/ssh_config line 50: Unsupported option "gssapiauthentication"
解决:
可以注释/etc/ssh/ssh_config的gssapiauthentication内容
------------------------------------------------------------------------------------------
CentOS7升级openssh参考这里的内容
本次使用源码安装(系统需要gcc),各软件版本如下:
zlib-1.2.8
openssl-1.0.2h
openssh-7.3p1
安装步骤如下:
1、安装zlib
[root@CentOS7test ~]# cd zlib-1.2.8/
[root@CentOS7test zlib-1.2.8]# ./configure
[root@CentOS7test zlib-1.2.8]# make
[root@CentOS7test zlib-1.2.8]# make install
2、安装openssl
[root@CentOS7test ~]# cd openssl-1.0.2h/
[root@CentOS7test openssl-1.0.2h]# ./config --prefix=/usr/ --shared
[root@CentOS7test openssl-1.0.2h]# make
[root@CentOS7test openssl-1.0.2h]# make install
3、安装openssh
[root@CentOS7test ~]# cd openssh-7.3p1/
[root@CentOS7test openssh-7.3p1]# ./configure --prefix=/usr/local
--sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
--with-tcp-wrappers
[root@CentOS7test openssh-7.3p1]# make
[root@CentOS7test openssh-7.3p1]# make install
4、查看版本是否已更新
[root@CentOS7test openssh-7.3p1]# ssh -V
OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016
5、新介质替换原有内容
[root@CentOS7test openssh-7.3p1]# mv /usr/bin/ssh /usr/bin/ssh_bak
[root@CentOS7test openssh-7.3p1]# cp /usr/local/bin/ssh /usr/bin/ssh
[root@CentOS7test openssh-7.3p1]# mv /usr/sbin/sshd /usr/sbin/sshd_bak
[root@CentOS7test openssh-7.3p1]# cp /usr/local/sbin/sshd /usr/sbin/sshd
6-加载ssh配置重启ssh服务
[root@CentOS7test ~]# systemctl daemon-reload
[root@CentOS7test ~]# systemctl restart sshd.service
7、遇到的问题解决
问题1:
安装完成后,telnet 22端口不通,通过systemctl status sshd.service查看发现有警告信息
部分信息如Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open
修正:
修改相关提示文件的权限为600,并重启sshd服务(systemctl restart sshd.service)
查看服务状态(systemctl status sshd.service)
例:chmod 600 /etc/ssh/ssh_host_ecdsa_key
问题2:
安装完成后,如需root直接登录
修正:
修改/etc/ssh/sshd_config文件,将文件中#PermitRootLogin yes改为PermitRootLogin yes
并重启sshd服务
升级后验证
问题3:
如果你使用了jenkins进行部署,升级后会影响jenkins部署,测试连接web端会报错 Algorithm negotiation fail
修正:
在web端修改sshd_config文件最后一行增加以下内容
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
参考:http://stackoverflow.com/questions/32627998/algorithm-negotiation-fail-in-jenkins
--------------------------------------------------------------
【临时修改版本号,运行很久的线上环境升级存在风险,如果可以的话只修改版本号吧(后期经过验证,这种修改版本号的方法无效,ssh -v IP可以查看版本)
查询
ssh -V
sshd -V
备份
cp /usr/bin/ssh /usr/bin/ssh.bak.version_edit
cp /usr/sbin/sshd /usr/sbin/sshd.bak.version_edit
修改
sed -i 's#OpenSSH_5.3p1#OpenSSH_7.2p1#g' /usr/bin/ssh
sed -i 's#OpenSSH_5.3p1#OpenSSH_7.2p1#g' /usr/sbin/sshd
】
补充汇总下:
centos7.X主机升级ssh
cp /usr/bin/ssh /usr/bin/ssh.bak.20161124
cp /usr/sbin/sshd /usr/bin/sshd.bak.20161124
mv /etc/ssh /etc/ssh.bak
---下载包、安装gcc 、编译等中间步骤参上边内容---
make && make install
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
cp /etc/ssh.bak/sshd_config /etc/ssh/sshd_config 将原来的文件覆盖下这个新生成的内容
/bin/systemctl restart sshd.service
centos6.X升级ssh
cp /usr/bin/ssh /usr/bin/ssh.bak.20161124
cp /usr/sbin/sshd /usr/bin/sshd.bak.20161124
cp -rf /etc/ssh /etc/ssh.bak
---下载包、安装gcc 、编译等中间步骤参上边内容---
make && make install
sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^UsePAM/s/UsePAM yes/#UsePAM yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart
附录:
CentOS7 sshd_config配置内容
- # $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
- # This is the sshd server system-wide configuration file. See
- # sshd_config(5) for more information.
- # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
- # The strategy used for options in the default sshd_config shipped with
- # OpenSSH is to specify options with their default value where
- # possible, but leave them commented. Uncommented options override the
- # default value.
- # If you want to change the port on a SELinux system, you have to tell
- # SELinux about this change.
- # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
- #
- #Port 22
- #AddressFamily any
- #ListenAddress 0.0.0.0
- #ListenAddress ::
- # The default requires explicit activation of protocol 1
- #Protocol 2
- # HostKey for protocol version 1
- #HostKey /etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
- HostKey /etc/ssh/ssh_host_rsa_key
- #HostKey /etc/ssh/ssh_host_dsa_key
- HostKey /etc/ssh/ssh_host_ecdsa_key
- HostKey /etc/ssh/ssh_host_ed25519_key
- # Lifetime and size of ephemeral version 1 server key
- #KeyRegenerationInterval 1h
- #ServerKeyBits 1024
- # Ciphers and keying
- #RekeyLimit default none
- # Logging
- # obsoletes QuietMode and FascistLogging
- #SyslogFacility AUTH
- SyslogFacility AUTHPRIV
- #LogLevel INFO
- # Authentication:
- #LoginGraceTime 2m
- PermitRootLogin yes
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile .ssh/authorized_keys
- #AuthorizedPrincipalsFile none
- #AuthorizedKeysCommand none
- #AuthorizedKeysCommandUser nobody
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
- #HostbasedAuthentication no
- # Change to yes if you don't trust ~/.ssh/known_hosts for
- # RhostsRSAAuthentication and HostbasedAuthentication
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
- PasswordAuthentication yes
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
- ChallengeResponseAuthentication no
- # Kerberos options
- #KerberosAuthentication no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- #KerberosGetAFSToken no
- #KerberosUseKuserok yes
- # GSSAPI options
- GSSAPIAuthentication yes
- GSSAPICleanupCredentials no
- #GSSAPIStrictAcceptorCheck yes
- #GSSAPIKeyExchange no
- #GSSAPIEnablek5users no
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
- # be allowed through the ChallengeResponseAuthentication and
- # PasswordAuthentication. Depending on your PAM configuration,
- # PAM authentication via ChallengeResponseAuthentication may bypass
- # the setting of "PermitRootLogin without-password".
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
- # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
- # problems.
- UsePAM yes
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
- #GatewayPorts no
- X11Forwarding yes
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PermitTTY yes
- #PrintMotd yes
- #PrintLastLog yes
- #TCPKeepAlive yes
- #UseLogin no
- UsePrivilegeSeparation sandbox # Default for new installations.
- #PermitUserEnvironment no
- #Compression delayed
- #ClientAliveInterval 0
- #ClientAliveCountMax 3
- #ShowPatchLevel no
- #UseDNS yes
- UseDNS no
- #PidFile /var/run/sshd.pid
- #MaxStartups 10:30:100
- #PermitTunnel no
- #ChrootDirectory none
- #VersionAddendum none
- # no default banner path
- #Banner none
- # Accept locale-related environment variables
- AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
- AcceptEnv XMODIFIERS
- # override default of no subsystems
- Subsystem sftp /usr/libexec/openssh/sftp-server
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
- # AllowTcpForwarding no
- # PermitTTY no
- # ForceCommand cvs server
CentOS6 sshd_config配置内容
- # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
- # This is the sshd server system-wide configuration file. See
- # sshd_config(5) for more information.
- # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
- # The strategy used for options in the default sshd_config shipped with
- # OpenSSH is to specify options with their default value where
- # possible, but leave them commented. Uncommented options change a
- # default value.
- #Port 22
- #AddressFamily any
- #ListenAddress 0.0.0.0
- #ListenAddress ::
- # Disable legacy (protocol version 1) support in the server for new
- # installations. In future the default will change to require explicit
- # activation of protocol 1
- Protocol 2
- # HostKey for protocol version 1
- #HostKey /etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
- #HostKey /etc/ssh/ssh_host_rsa_key
- #HostKey /etc/ssh/ssh_host_dsa_key
- # Lifetime and size of ephemeral version 1 server key
- #KeyRegenerationInterval 1h
- #ServerKeyBits 1024
- # Logging
- # obsoletes QuietMode and FascistLogging
- #SyslogFacility AUTH
- SyslogFacility AUTHPRIV
- #LogLevel INFO
- # Authentication:
- #LoginGraceTime 2m
- PermitRootLogin yes
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- #AuthorizedKeysFile .ssh/authorized_keys
- #AuthorizedKeysCommand none
- #AuthorizedKeysCommandRunAs nobody
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
- #HostbasedAuthentication no
- # Change to yes if you don't trust ~/.ssh/known_hosts for
- # RhostsRSAAuthentication and HostbasedAuthentication
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
- PasswordAuthentication yes
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
- ChallengeResponseAuthentication no
- # Kerberos options
- #KerberosAuthentication no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- #KerberosGetAFSToken no
- #KerberosUseKuserok yes
- # GSSAPI options
- #GSSAPICleanupCredentials yes
- #GSSAPICleanupCredentials yes
- #GSSAPIStrictAcceptorCheck yes
- #GSSAPIKeyExchange no
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
- # be allowed through the ChallengeResponseAuthentication and
- # PasswordAuthentication. Depending on your PAM configuration,
- # PAM authentication via ChallengeResponseAuthentication may bypass
- # the setting of "PermitRootLogin without-password".
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
- #UsePAM no
- UsePAM yes
- # Accept locale-related environment variables
- AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
- AcceptEnv XMODIFIERS
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
- X11Forwarding yes
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PrintMotd yes
- #PrintLastLog yes
- #TCPKeepAlive yes
- #UseLogin no
- UseLogin no
- #UsePrivilegeSeparation yes
- #PermitUserEnvironment no
- #Compression delayed
- #ClientAliveInterval 0
- #ClientAliveCountMax 3
- #ShowPatchLevel no
- #PidFile /var/run/sshd.pid
- #MaxStartups 10
- #PermitTunnel no
- #ChrootDirectory none
- # no default banner path
- #Banner none
- # override default of no subsystems
- Subsystem sftp /usr/libexec/openssh/sftp-server
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
- # AllowTcpForwarding no
- # ForceCommand cvs server
- UseDNS no
- #GSSAPIAuthentication no
- #GSSAPIAuthentication yes
20161205补充:
实际使用中发现ansible和jenkins使用时有些问题,网上查询了下,需要在/etc/ssh/sshd_config文件中最后增加两行:
- Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,arcfour128,arcfour256,arcfour,blowfish-cbc,cast128-cbc
- KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
因为升级了openssh太新导致通信时加密算法出现问题,加上后重启就可以了。
20170428补充:
升级openssh版本脚本
- cp /usr/bin/ssh /usr/bin/ssh.bak.20161124
- cp /usr/sbin/sshd /usr/bin/sshd.bak.20161124
- cp -rf /etc/ssh /etc/ssh.bak
- yum install -y gcc openssl-devel pam-devel rpm-build
- wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p1.tar.gz
- tar -zxvf openssh-7.2p1.tar.gz && cd openssh-7.2p1 && ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers && make && make install
- sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
- sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/ssh_config
- sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
- sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
- sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
- #sed -i '/^#UsePAM/s/#UsePAM yes/UsePAM yes/' /etc/ssh/sshd_config 如果内网使用ldap需要设置这项
- echo "
- #ansible support" >>/etc/ssh/sshd_config
- echo "Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,arcfour128,arcfour256,arcfour,blowfish-cbc,cast128-cbc" >>/etc/ssh/sshd_config
- echo "
- service sshd restart
重要提示:最近发现,在升级完ssh版本后,如果你进行了系统update或者升级用到ssh包的相关软件包,会导致ssh的版本回退到原来的版本。
20170504补充:
对于linux执行update,会导致升级后的ssh恢复到之前版本问题,处理方式(新版本ssh安装到不用的目录中,系统启动使用新目录的ssh)
一、备份文件
cp /usr/bin/ssh /usr/bin/ssh.bak.20171124
cp /usr/sbin/sshd /usr/bin/sshd.bak.20171124
cp -rf /etc/ssh /etc/ssh.bak.20171124
二、安装(/usr/local/ssh7为新目录,/usr/local/ssh7/ssh放置配置文件)
yum install -y gcc openssl-devel pam-devel rpm-build
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p1.tar.gz
tar -zxvf openssh-7.2p1.tar.gz && cd openssh-7.2p1 &&
./configure --prefix=/usr/local/ssh7 --sysconfdir=/usr/local/ssh7/ssh
--with-pam --with-zlib --with-md5-passwords
--with-tcp-wrappers && make && make install
三、修改sshd_config内容
vi /usr/local/ssh7/ssh/sshd_config文件内容:
Port 22
Protocol 2
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/local/ssh7/libexec/sftp-server
UseDNS no
#ansible支持加入
Ciphers
aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,arcfour128,arcfour256,arcfour,blowfish-cbc,cast128-cbc
#jenkins支持加入
KexAlgorithms
diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
sha256,diffie-hellman-group14-sha1
四、修改启动文件
cp /etc/init.d/sshd /etc/init.d/sshd7
mv /etc/init.d/sshd /etc/init.d/sshd.bak.20171124
vi /etc/init.d/sshd7
修改:
#SSHD=/usr/sbin/sshd 为
SSHD=/usr/local/ssh7/sbin/sshd
修改:
#[ -f /etc/ssh/sshd_config ] || exit 6 为
[ -f /usr/local/ssh7/ssh/sshd_config ] || exit 6
五、root下修改环境变量
# vi /etc/profile.d/ssh7.sh
export SSH_7=/usr/local/ssh7
export PATH=${SSH_7}/bin:${SSH_7}/sbin:$PATH
六、重启ssh
service sshd7 restart
以后需要这样重启ssh服务