升级openssh

升级openssh版本至8.x操作步骤

前提条件：

•  自行配置系统网络yum源。

操作步骤：

说明：经验证操作系统类型为centos 7.4 、redhat 6.5、redhat 6.8、redhat 6.9、redhat 7.4、redhat 7.5 的都可以顺利升级至openssh 7.9；

RedHat_6.5                OpenSSH_5.3p1
RedHat_6.8                OpenSSH_5.3p1
RedHat_6.9                OpenSSH_5.3
RedHat_7.4                OpenSSH_7.4p1
RedHat_7.5                OpenSSH_7.4p1
CentOS_7.4.1708                                OpenSSH_7.4p1
Ubuntu_16.04.1                   OpenSSH_7.2p2 

1.设置系统登录提示；

[root@centos7 ~]# cat /etc/motd

Welcome to **** Financial Cloud Elastic Compute Service !

This ECS instance is based on image CentOS_7.4_baseline_20190702

 

2.设置镜像服务器的域名解析，在/etc/hosts文本中最后一行添加IP即可；

sed -i '$a172.190.10.204 mirrors.htsec.com' /etc/hosts

 

3.将openssh版本升级至最新版本；

yum update -y openssh openssl 
yum install -y gcc gcc-c++ glibc make autoconf  openssl-devel pcre-devel  pam-devel

 

4.使用tftp方式拷贝openssh升级包至/home目录，并进行解压缩；

官网站点下载地址 https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

tar -zxf  /home/openssh-*tar.gz -C /home

 

5.备份文件夹，将旧 openssh配置文件进行备份；

mv /etc/ssh /etc/ssh.old
#或者直接删除
rm -rf /etc/ssh/*

 

6.卸载当前 openssh；

rpm -qa | grep openssh |xargs -n1  rpm -e --nodeps

#卸载前后查询rpm包。
[root@localhost src]# rpm -qa | grep openssh
openssh-clients-6.4p1-8.el7.x86_64
openssh-server-6.4p1-8.el7.x86_64
openssh-6.4p1-8.el7.x86_64

 

7.配置openssh 8.X安装路径；

cd /home/openssh-*p1/
./configure --prefix=/usr  --sysconfdir=/etc/ssh  --with-md5-passwords  --with-pam  --with-zlib --with-ssh1

 

8.编译并安装openssh-8.Xp1；

make && make install

 

9.安装完成后进行环境配置；

cd /home/openssh-*p1/
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd #此命令只适用于centos7以上操作系统。 

10.（可选）把原先的systemd管理的sshd文件删除或者移走或者删除，不移走的话影响我们重启sshd服务；此命令只适用于centos7以上操作系统。

mv  /usr/lib/systemd/system/sshd.service  /home
rm -rf /usr/lib/systemd/system/sshd.service

11.设置sshd服务开机启动.

[root@linux-node3 ~]# chkconfig sshd on
Note: Forwarding request to 'systemctl enable sshd.socket'.
Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.

12.升级后操作；

centos 7版本以上

systemctl stop firewalld      #关闭防火墙。
setenforce 0                  #临时关闭SELinux，不需重启。
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config  #永久关闭selinux，需重启生效。

centos 6版本以下

service iptables status
service iptables stop
setenforce 0                  #临时关闭SELinux，不需重启。
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config  #永久关闭selinux，需重启生效。

 

13.开启root登陆权限

sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

sed -i 's/^#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config

sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config

service sshd restart #重新启动服务

 

14.测试启停服务.

[root@linux-node3 ~]# /etc/init.d/sshd restart
Restarting sshd (via systemctl):                          [  OK  ]
[root@linux-node3 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      31800/sshd       
tcp6      0      0 :::22                  :::*                    LISTEN      31800/sshd       
tcp6      0      0 :::23                  :::*                    LISTEN      1/systemd         

[root@linux-node3 ~]# /etc/init.d/sshd stop
Stopping sshd (via systemctl):                            [  OK  ]
[root@linux-node3 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
tcp6      0      0 :::23                  :::*                    LISTEN      1/systemd         
[root@linux-node3 ~]# /etc/init.d/sshd start
Starting sshd (via systemctl):                            [  OK  ]

使用systemd方式启停也可以。此命令只适用于centos7以上操作系统

[root@linux-node3 ~]# systemctl stop sshd
[root@linux-node3 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
tcp6      0      0 :::23                  :::*                    LISTEN      1/systemd         
[root@linux-node3 ~]# systemctl start sshd
[root@linux-node3 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      31958/sshd       
tcp6      0      0 :::22                  :::*                    LISTEN      31958/sshd       
tcp6      0      0 :::23                  :::*                    LISTEN      1/systemd         
[root@linux-node3 ~]# systemctl restart sshd
[root@linux-node3 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name 
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      31999/sshd       
tcp6      0      0 :::22                  :::*                    LISTEN      31999/sshd       
tcp6      0      0 :::23                  :::*                    LISTEN      1/systemd        

 

15.验证是否升级成功 

[root@linux-node3 ~]# 
ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2k-fips  26 Jan 2017