升级前的准备
查看当前openssh版本
[root@localhost ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
|
上传新版本openssh
[root@localhost software]# ls -ltrh
total 9.2M
-rw-r--r--. 1 root root 1.5M Jun 28 09:14 openssh-7.2p2.tar.gz
-rw-r--r--. 1 root root 5.1M Jun 28 09:14 openssl-1.0.2h.tar.gz
-rw-r--r--. 1 root root 2.7M Jun 28 09:14 zlib-1.2.8.tar.gz
|
安装依赖包
yum -y install gcc* make perl pam pam-devel zlib zlib-devel openssl openssl-devel telnet-server
|
安装telnet并启用
# vi /etc/xinetd.d/telnet
disable=no
# vi /etc/securetty
pst/1
pst/2
pst/3
pst/4
pst/5
pst/6
pst/7
pst/8
pst/9
pst/10
pst/11
# service xinetd start
|
升级openssh
通过telnet连接并卸载openssh
rpm -e --nodeps openssh-askpass-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-clients-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-server-5.3p1-84.1.el6.x86_64
|
安装zlib
# tar -xvf zlib-1.2.8.tar.gz
# ./configure --prefix=/usr/local/zlib && make && make install
|
安装openssl
# tar -xvf openssl-1.0.2h.tar.gz
# ./config --prefix=/usr/local/openssl
# make depend
# make && make install
|
安装openssh
# tar -xvf openssh-7.2p2.tar.gz
# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh \
-with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib \
--with-md5-passwords --without-hardening && make && make install
|
拷贝sshd服务到/etc/init.d下
# cp /software/openssh-7.2p2/contrib/redhat/sshd.init /etc/init.d/sshd
# chmod +x /etc/init.d/sshd
|
修改sshd配置
# vi /etc/init.d/sshd
SSHD=/usr/local/openssh/sbin/sshd
# /usr/local/openssh/bin/ssh-keygen -A
|
sshd自启动
# chkconfig --add sshd
# chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# service sshd start
|
Tips:安装完成默认不允许root用户远程登陆,需要修改PermitRootLogin为yes
修改环境变量
# echo "export PATH=$PATH:/usr/local/openssh/bin" >> /etc/profile
|
查看ssh版本并卸载telnet
# ssh -V
OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016
# service stop xinetd
# rpm -e --nodeps telnet*
|
