1.查看openssh现在的版本:
# sshd -V
unknown option -- V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
2.查看openssh安装的方式:
# rpm -qa|grep openssh openssh-clients-7.4p1-16.el7.x86_64 openssh-7.4p1-16.el7.x86_64 openssh-server-7.4p1-16.el7.x86_64
建议:如果是物理机为了避免openssh升级出现故障,在升级前建议安装telnet,使用yum安装步骤如下:
yum install -y telnet-server xinetd --安装 echo -e 'pts/0pts/1 pts/2pts/3' >>/etc/securetty systemctl enable xinetd.service systemctl enable telnet.socket systemctl start telnet.socket systemctl start xinetd
如果是虚拟机可以使用回滚的方式,使用yum安装原来版本的openssh
3.备份文件,需要备份的是openssh从来都没有升级过的文件,对于openfile非常重要:
mkdir /openssh.bak cp /etc/pam.d/sshd /openssh.bak
4.卸载原openssh的安装包:
rpm安装,卸载方式:
rpm -e `rpm -qa | grep openssh` --nodeps
源码安装的,找到之前的安装包,在里面执行 :
make uninstall
5.安装升级必要的软件:
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
6.开始升级openssh8.4版本:
解压压缩文件:
tar -xf openssh-8.4p1.tar.gz
进入到openssh目录下:
cd openssh-8.4p1/
进行如下操作:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam make&make install
常出现了报错:
ssh-keygen: generating new host keys: DSA /usr/sbin/sshd -t -f /etc/ssh/sshd_config @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. sshd: no hostkeys available -- exiting. make: [check-config] Error 1 (ignored) [1]+ Exit 2 make
解决办法:
chmod 600 /etc/ssh/ssh_host_*
继续升级:
cp contrib/redhat/sshd.pam /etc/pam.d/sshd install -v -m755 contrib/ssh-copy-id /usr/bin install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 install -v -m755 -d /usr/share/doc/openssh-8.4p1 install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.4p1 echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config echo 'UsePAM yes' >> /etc/ssh/sshd_config cp -p contrib/redhat/sshd.init /etc/init.d/sshd cp /openssh.bak/sshd /etc/pam.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd chkconfig sshd on chkconfig --list sshd
查看升级后的版本:
sshd -V
unknown option -- V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
重启ssh服务:
systemctl restart sshd
7.修改open file参数:
在vim /etc/security/limits.conf配置文件里最后一行添加:
* soft nofile 65535 * hard nofile 65535
8.切换到普通用户下验证最大连接数,显示升级成功:
ulimit -n