1013-待更新
#0x01. 检测本地版本,
ssh -V
sshd -V
ps -aux | grep ssh
#0x02. 下载源码
官方站
https://www.zlib.net/
https://www.openssl.org/source/
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
最新版本
https://www.zlib.net/zlib-1.3.tar.gz
https://www.openssl.org/source/openssl-3.1.3.tar.gz
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.5p1.tar.gz
#0x03. 安装编译软件支持
(centos )
yum install vim gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers
如果有提示 错误 Can’t locate IPC/Cmd.pm in @INC
(centos )
yum -y install perl-IPC-Cmd
#0x04. 开启备用远程连接,非必须(开启telnet)
#0x05. 编译zlib,openssl,openssh
#编译安装 zlib
#进入zlib解压目录
cd /opt/zlib-1.3
#编译安装
./configure --prefix=/usr/local/zlib
make && make test && make install
ldconfig -v
/sbin/ldconfig
#进入openssl解压目录
cd /opt/openssl-3.1.3
#编译安装
./config shared zlib --prefix=/usr/local/openssl
make clean && make -j 4 && make install
#更新函数库
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
echo "/usr/local/openssl/lib64/" >> /etc/ld.so.conf.d/openssl-3.1.3.conf
ldconfig
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
#ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
#检查是否升级成功
openssl version -a
#进入openssh解压目录
cd /opt/openssh-9.5p1
#编译安装
./configure --prefix=/usr/local/openssh --sysconfdir=/usr/local/openssh/etc --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make -j 4 && make install
#查看目录版本
/usr/local/openssh/bin/ssh -V
#复制新ssh文件
#cp -rf /opt/openssh-9.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
#cp -rf /opt/openssh-9.5p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#cp -rf /opt/openssh-9.5p1/sshd_config /etc/ssh/sshd_config
#cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
#cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh
#cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#开启sshd
#chmod u+x /etc/init.d/sshd;
#chkconfig --add sshd ##自启动
#chkconfig --list |grep sshd
#chkconfig sshd on
#允许root登录
#echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
#echo 'Subsystem sftp /usr/local/ssh/libexec/sftp-server' >> /etc/ssh/sshd_config
#重启sshd服务
#/etc/init.d/sshd restart
#/etc/init.d/sshd status
#查看升级后ssh版本
ssh -V