@cdmonkey 2025-03-11T00:29:17.000000Z 字数 2703 阅读 86

OpenSSH9.9

SSH

yum install -y telnet zlib zlib-devel gcc gcc-c++ make perl perl-IPC-Cmd pam pam-devel

Install OpenSSL

[root@hidocker tools]# tar -zxvf openssl-3.4.1.tar.gz
[root@hidocker tools]# cd openssl-3.4.1
./config --prefix=/usr/local/openssl shared zlib
make
make install

进行升级

mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
#
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v

检查版本时有报错：

openssl: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory

创建两个软链：

ln -s /usr/local/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

再次检查版本：

[root@hidocker ~]# openssl version -a
OpenSSL 3.4.1 11 Feb 2025 (Library: OpenSSL 3.4.1 11 Feb 2025)
built on: Tue Mar 11 05:27:39 2025 UTC
platform: linux-x86_64
...

Install OpenSSH

首先进行备份。

cp -a /etc/pam.d/sshd /etc/pam.d/sshd-$(date +%Y-%m-%d)
cp -a /etc/pam.d/system-auth-ac /etc/pam.d/system-auth-ac-$(date +%Y-%m-%d)
cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config-$(date +%Y-%m-%d)
cp -a /etc/ssh/ssh_config /etc/ssh/ssh_config-$(date +%Y-%m-%d)
cp -a /usr/bin/ssh-copy-id /usr/bin/ssh-copy-id-$(date +%Y-%m-%d)

先把老版本卸载掉。

rpm -e --nodeps `rpm -qa | grep openssh`

安装：

[root@hidocker tools]# tar -zxvf openssh-9.9p2.tar.gz
[root@hidocker tools]# cd openssh-9.9p2/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh \
--with-ssl-dir=/usr/local/openssl --with-ssl-engine \
--with-pam --with-zlib --with-md5-passwords

上面的配置指令执行完后，最后将显示：

PAM is enabled. You may need to install a PAM control file 
for sshd, otherwise password authentication may fail. 
Example PAM control files can be found in the contrib/ 
subdirectory

进行编译安装：

make
make install

安装完成后检查版本信息：

[root@hidocker ~]# /usr/local/openssh/bin/ssh -V
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025

一堆软链：

ln -s /usr/local/openssh/bin/scp /usr/bin/scp
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-add /usr/bin/ssh-add
ln -s /usr/local/openssh/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/bin/ssh-keyscan /usr/bin/ssh-keyscan
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

还有个服务启停脚本：

[root@hidocker openssh-9.9p2]# cp -a contrib/redhat/sshd.init /etc/rc.d/init.d/sshd
[root@hidocker openssh-9.9p2]# chmod u+x /etc/rc.d/init.d/sshd

最后还原配置：

/etc/ssh

mv /etc/ssh/sshd_config /etc/ssh/sshd_config-9.9p2
mv /etc/ssh/ssh_config /etc/ssh/ssh_config-9.9p2
# 请确认要还原的配置文件
cp -a /etc/ssh/sshd_config-2025-03-11 /etc/ssh/sshd_config
cp -a /etc/ssh/ssh_config-2025-03-11 /etc/ssh/ssh_config

/etc/pam.d

cp -a /etc/pam.d/sshd-2025-03-11 /etc/pam.d/sshd

这时就能够启动服务了：

systemctl daemon-reload && systemctl start sshd && /sbin/chkconfig sshd on

参考内容：

https://blog.csdn.net/a33003623/article/details/144115711

OpenSSH9.9

Install OpenSSL

Install OpenSSH

内容目录