本文主要是介绍centos7.6升级openssh9.3p1,openssl1.1.1t,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一、安装前查看系统及版本
# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013二、安装步骤
1.下载tar包
wget https://www.openssl.org/source/openssl-1.1.1t.tar.gz --no-check-certificate
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz
wget http://www.zlib.net/zlib-1.2.13.tar.gz解压到指定路径:
tar zxvf openssl-1.1.1t.tar.gz -C /usr/local/src/
tar zxvf openssh-9.3p1.tar.gz -C /usr/local/src/
tar zxvf zlib-1.2.13.tar.gz -C /usr/local/src 2.安装相关依赖和gcc编译工具
yum -y install gcc gcc-c++ kernel-devel
yum -y install pam pam-devel zlib zlib-devel3.安装zlib
cd /usr/local/src/zlib-1.2.13/
./configure --prefix=/usr/local/zlib && make -j 4 && make install4.安装openssl
cd /usr/local/src/openssl-1.1.1t/
./config --prefix=/usr/local/ssl -d sharedmake -j 4 && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v5.安装openssh
mv /etc/ssh /etc/ssh.bak
cd /usr/local/src/openssh-9.3p1/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib make -j 4 && make install6.修改配置文件
(1)sshd_config文件修改
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
echo "#XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
需要添加X11Forwarding yes开启X11转发,调用图形界面,如oracle安装等操作需要图形界面
***必须添加X11UseLocalhost no 和 XAuthLocation /usr/bin/xauth 这两项,否则X11转发不好使
验证X11转发是否好使,xhost + 出现下面的是可以正常使用的
(2) 备份 /etc/ssh 原有文件,并将新的配置复制到指定目录
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen安装完成,查看版本ssh -V
# ssh -V
OpenSSH_9.3p1, OpenSSL 1.1.1t 7 Feb 20237.启动sshd
systemctl restart sshd开机自启
systemctl enable sshd 9.天翼云服务器启动sshd问题
拷贝系统启动文件
cp /usr/local/src/openssh-9.3p1/contrib/redhat/sshd.init /etc/init.d/sshd把原先的systemd管理的sshd文件移走,不然影响重启sshd服务
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
systemctl daemon-reload将sshd添加到系统服务
chkconfig --add sshd
chkconfig sshd on# chkconfig --listNote: This output shows SysV services only and does not include nativesystemd services. SysV configuration data might be overridden by nativesystemd configuration.If you want to list systemd services use 'systemctl list-unit-files'.To see services enabled on particular target use'systemctl list-dependencies [target]'.denyhosts 0:on 1:on 2:on 3:on 4:on 5:on 6:on
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off重启sshd
service sshd status
service sshd restart10.注意
注意:升级后由于加密算法的区别,低版本的SSH工具可能无法连接,建议改用Xshell7或SecureCRT9.0以上版本。
这篇关于centos7.6升级openssh9.3p1,openssl1.1.1t的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
