linux openssh升級到7.9

一.先安裝telnet服務,以防卸載openssh後鏈接不到服務器

yum install -y telnet-server
yum install -y xinetd 
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd

默認狀況下，系統是不容許root用戶telnet遠程登陸的。若是要使用root用戶直接登陸，需設置以下內容:

echo  'pts/0'  >>/etc/securetty
echo 'pts/1' >>/etc/securetty

systemctl restart xinetd.service

而後在本地測試telnet可否鏈接到服務器 , 若是一直報密碼無效要注意selinux和防火牆
鏈接到的話就是以下顯示.輸入root密碼便可登陸

Kernel 3.10.0-514.el7.x86_64 on an x86_64
localhost login: root
Password:
Last login: Tue Nov 13 15:57:03 from 172.16.0.10
[root@localhost ~]#

二.升級開始:(注意 : 關閉SELinux)

先把openssh-7.9p1.tar.gz傳到服務器上 , 在進行升級的一系列操做.

1.yum安裝依賴
yum install -y gcc openssl openssl-devel pam-devel rpm-build pam-devel

2.卸載openssh

[root@localhost src]# rpm -qa | grep openssh
[root@localhost src]# rpm -e `rpm -qa | grep openssh` --nodeps
[root@localhost src]# rpm -qa | grep openssh

3.安裝openssh7.9
1)執行以下命令,設置適當的環境
(參考,包在這裏下載 http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html )
install -v -m700 -d /var/lib/sshd && chown -v root:sys /var/lib/sshd && groupadd -g 50 sshd && useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
2)解壓

[root@localhost src]# tar -zxvf openssh-7.9p1.tar.gz 
[root@localhost src]# cd openssh-7.9p1

3)安裝

[root@localhost src]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
[root@localhost src]#  make && make install

由於權限問題而報出警告

修改文件權限後再次執行make install

[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ed25519_key
[root@localhost openssh-7.9p1]#  make install

4)執行以下命令
install -v -m755 contrib/ssh-copy-id /usr/bin && install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 && install -v -m755 -d /usr/share/doc/openssh-7.9p1 && install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1

[root@localhost openssh-7.9p1]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2k-fips  26 Jan 2017

5)修改配置文件 PermitRootLogin yes 容許root遠程登陸 , 開機自啓

[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-7.9p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-7.9p1]# chkconfig --add sshd
[root@localhost openssh-7.9p1]# chkconfig sshd on
[root@localhost openssh-7.9p1]# service sshd start
Starting sshd (via systemctl):                             [  OK  ]
[root@localhost openssh-7.9p1]# service sshd restart
Restarting sshd (via systemctl):                           [  OK  ]
[root@localhost openssh-7.9p1]# chkconfig --list sshd

4.把telnet關掉

[root@localhost openssh-7.9p1]# rpm -qa telnet-server
telnet-server-0.17-64.el7.x86_64
[root@localhost openssh-7.9p1]# systemctl stop telnet.socket 
[root@localhost openssh-7.9p1]# systemctl stop xinetd
[root@localhost openssh-7.9p1]# systemctl disable xinetd.service   
Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.
[root@localhost openssh-7.9p1]# systemctl disable telnet.socket
Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.