1.升级前的openssh版本
代码语言:bash复制[root@ncayu8847 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
2.下载软件包(离线包)
openssh 源码下载地址
代码语言:bash复制https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssl源码下载
代码语言:bash复制https://www.openssl.org/source/github编译项目
源码地址
代码语言:bash复制https://github.com/boypt/openssh-rpms/直接下载压缩包
代码语言:bash复制wget https://github.com/boypt/openssh-rpms/archive/refs/heads/main.zip3.上传文件到Linux服务器
4.解压压缩包
代码语言:bash复制unzip openssh-rpms-main.zip
cd openssh-rpms-main/5.安装编译环境
代码语言:bash复制yum groupinstall -y "Development Tools"
yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel perl perl-IPC-Cmd6.修改openssl版本
修改openssl版本否会编译失败
代码语言:bash复制cat version.env 如有必要,编辑 version.env 文件
代码语言:bash复制[root@ncayu8847 openssh-rpms-main]# cat version.env
# OPENSSLSRC=openssl-3.0.14.tar.gz # 注释此版本
OPENSSLSRC=openssl-1.1.1v.tar.gz # 修改为1.1.1
OPENSSHSRC=openssh-9.8p1.tar.gz
ASKPASSSRC=x11-ssh-askpass-1.2.4.1.tar.gz
PERLSRC=perl-5.38.2.tar.gz
PKGREL=1
OPENSSHVER=${OPENSSHSRC%%.tar.gz}
OPENSSHVER=${OPENSSHVER##openssh-}
OPENSSLVER=${OPENSSLSRC%%.tar.gz}
OPENSSLVER=${OPENSSLVER##openssl-}
PERLVER=${PERLSRC%%.tar.gz}
PERLVER=${PERLVER##perl-}7.拉取源码并编辑打包
下载源码包
代码语言:bash复制./pullsrc.sh如果出现任何错误,请手动将源文件下载到下载目录中。
查看下载文件,文件夹是download
代码语言:bash复制[root@ncayu8847 openssh-rpms-main]# ll downloads/
总用量 11564
-rw-r--r--. 1 root root 1910393 7月 1 15:34 openssh-9.8p1.tar.gz
-rw-r--r--. 1 root root 9893443 1月 22 2024 openssl-1.1.1v.tar.gz
-rw-r--r--. 1 root root 29229 7月 5 17:52 x11-ssh-askpass-1.2.4.1.tar.gz
[root@ncayu8847 openssh-rpms-main]#运行脚本来构建 RPM。
代码语言:bash复制./compile.sh
[root@ncayu8847 openssh-rpms-main]# ll el7/RPMS/x86_64/
总用量 16840
-rw-r--r--. 1 root root 5112928 7月 23 12:05 openssh-9.8p1-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 5197296 7月 23 12:05 openssh-clients-9.8p1-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 4153264 7月 23 12:05 openssh-debuginfo-9.8p1-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 2773660 7月 23 12:05 openssh-server-9.8p1-1.el7.x86_64.rpm
[root@ncayu8847 openssh-rpms-main]#8.所需要的文件
实际升级openssh过程中只需要这3个文件即可,不需要使用debuginfo文件
代码语言:bash复制openssh-9.8p1-1.el7.x86_64.rpm
openssh-clients-9.8p1-1.el7.x86_64.rpm
openssh-server-9.8p1-1.el7.x86_64.rpm9.升级openssh到9.8p1
update_openssh9.8p1.txt
代码语言:bash复制##注释掉的根据实际情况处理
#查询原openssh9.4p1是否有安装openssh-askpass,若有需先删除
rpm -qa | grep openssh
rpm -e openssh-askpass-gnome-9.4p1
#原有openssh配置文件备份
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
cp /etc/pam.d/sshd /etc/pam.d/sshd.backup
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.backup
#安装依赖文件(如果需要)
#yum install -y libICE
#yum install -y libSM
#yum install -y libX11
#yum install -y libXt
#yum install -y atk
#yum install -y cairo
#yum install -y gdk-pixbuf2
#yum install -y gtk2
#openssh9.8p1 RPM包文件目录执行安装
yum localinstall -y openssh-*.rpm
#检查相应配置文件后,还原备份文件(可选)
#cp /etc/ssh/sshd_config.backup /etc/ssh/sshd_config
#cp /etc/pam.d/sshd.backup /etc/pam.d/sshd
#cp /etc/pam.d/system-auth.backup /etc/pam.d/system-auth
#可能出现的报错 :Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
解决办法:权限变成600
chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key
#重启sshd服务
#systemctl enable sshd
systemctl restart sshd
#检查SSH版本
ssh -V10.升级后的版本
代码语言:bash复制[root@ncayu8847 openssh9.8]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1v 1 Aug 2023
11.ssh连接测试
代码语言:bash复制[root@ncayu8847 openssh9.8]# ssh 192.168.0.117
The authenticity of host '192.168.0.117 (192.168.0.117)' can't be established.
ED25519 key fingerprint is SHA256:ug9pQzqfWPCiuX6SWVXSwZEImq1aSjc5GzBGzMZgyAk.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.0.117' (ED25519) to the list of known hosts.
(root@192.168.0.117) Password:
Last login: Tue Jul 23 12:59:07 2024 from 192.168.0.7
[root@ncayu8847 ~]#
[root@ncayu8847 ~]#连接成功
