1、Configure the system environment
1.1、system environment
# lsb_release -dDescription: CentOS Linux release 7.9.2009 (Core)
#uname -r3.10.0-327.el7.x86_64
#ssh -VOpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 20171.2、Installation of the required compilation environment
yum install gcc
1.3、Notes on Upgrading Openssh
- Be sure to ensure that the Remote Tool Connection ssh service does not disconnect during the upgrade process.
- Can not guarantee the stability of ssh connection, need to configure telnet service for remote connection, if it is a cloud service to ensure that the host background console service available.
- To start the compiled sshd service please do not use restart to restart it, just start it directly.
2、Installation of Openssh dependencies
2.1、Install the zlib environment
# rpm -qa | grep zlib # Check the system zlib package environmentzlib-1.2.7-19.el7_9.x86_64zlib-1.2.7-19.el7_9.i686
# yum install zlib-devel -y
# rpm -qa | grep zlibzlib-1.2.7-19.el7_9.x86_64zlib-devel-1.2.7-19.el7_9.x86_64zlib-1.2.7-19.el7_9.i6862.2、Compile and install Openssl
# tar -xvf openssl-1.1.1l.tar.gz
# cd openssl-1.1.1l
# ./config --perfix=/usr/local/openssl# make && make install
# echo '/usr/local/openssl/lib' >> /etc/ld.so.conf# ldconfig -v
Check that the compiled installation and the version of openssl that comes with the system are working properly# /usr/local/openssl/bin # Go to the compile openssl directory# ./openssl versionOpenssl 1.1.1l 25 Aug 2021 # Compiled openssl version
# openssl versionOpenSSL 1.0.2k-fips 26 Jan 2017 # The system comes with a version3、Compile and install Openssh
3.1、Handling the system comes with Openssh
Warning: Ensure that the current ssh session is not disconnected while performing the current operation!
# rpm -qa | grep opensshopenssh-server-7.4p1-21.el7.x86_64openssh-clients-7.4p1-21.el7.x86_64openssh-7.4p1-21.el7.x86_64
####### Backup the original openssh configuration# cp -rf /etc/ssh /etc/ssh_bak
# rpm -e --nodeps `rpm -qa | grep openssh` # Perform an uninstall of openssh# rpm -qa | grep openssh # View openssh
Verify that the base tool is working properly and that commands are executed without errors# curl -V# wget -V# yum --version3.2、Compile and install Openssh
# tar -xvf openssh-8.7.tar.gz# cd openssh-8.7# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl# make && make install
##### Copy the executable to the system `bin` directory# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd# cp /usr/local/openssh/bin/ssh /usr/bin/ssh# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
##### Copy the sshd startup script# cp contrib/redhat/sshd.init /etc/init.d/sshd3.3、Modify the compiled sshd_config file
Port 22 # list portPermitRootLogin yes # Allow root loginPasswordAuthentication yes # password verification
Add the following to the end of the document:KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha13.4、Compile openssh to add a bootloader.
Warning: Do not run /etc/init.d/sshd restart for the current operation!,Otherwise, the current ssh session will be forcibly disconnected. proper way
# /etc/init.d/sshd startStarting sshd: [ok]Check that the configured ports are OK after the service starts
# netstat -tpln | grep sshtcp 0 0 0.0.0.0:22 0.0.0.0:*
添加sshd开机自启# chkconfig --list | grep sshd # Check that the configured ports are OK after the service starts# chkconfig sshd on # Add boot-up# chkconfig --list | grep sshd # Verify that adding boot-up is normalsshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off4、Verifying Openssh Upgrades
Use the remote tool to add a new session connection and confirm that you can connect to the server remotely ssh properly. Check the upgraded version
# ssh -VOpenSSH_8.7p1, OpenSSL 1.1.1l 25 Aug 2021The upgrade was a complete success
Compile, install and upgrade the new version of Openssh.
https://huoshen.pages.dev/p/20275c3f/