源码升级ssh到8.3p,ssl到1.1.1g
目录:
- 第1点,下载安装包
- 第2点,安装zlib
- 第3点,安装openssl
- 第4点,Ubuntu安装openssh。
- 第5点,Centos安装openssh。
- 第6点,测试openssh
1. 安装包
- 下载文件
wget http://www.zlib.net/zlib-1.2.11.tar.gz
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1g.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
wget https请求需要加 --no-check-certificate
- 文件位置
cd ~ && ll
openssh-8.3p1.tar.gz
openssl-1.1.1g.tar.gz
zlib-1.2.11.tar.gz
2.zlib安装
- 切换目录
cd ~
- 解压
tar -xvf zlib-1.2.11.tar.gz
- 切换目录
cd zlib-1.2.11
- 安装
./configure --prefix=/usr/local/zlib
make && make install
- 新建并编辑配置文件
vim /etc/ld.so.conf.d/zlib.conf
- 添加如下内容后保存退出
/usr/local/zlib/lib
- 刷新
ldconfig -v
ldconfig是一个动态链接库管理命令,其目的为了让动态链接库为系统所共享。
ldconfig的主要用途:
默认搜寻/lilb和/usr/lib,以及配置文件/etc/ld.so.conf内所列的目录下的库文件。
3. openssl安装
- 切换目录
cd ~
- 解压文件
tar -zxvf openssl-1.1.1g.tar.gz
- 切换目录
cd openssl-1.1.1g/
- 安装
./config --prefix=/usr/local/ssl -d shared
make && make install
- 创建软链接
# 备份文件,可不做
mv /usr/bin/openssl /usr/bin/openssl_bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
- 新建并编辑配置文件
vim /etc/ld.so.conf.d/ssl.conf
- 添加如下内容后保存退出
/usr/local/ssl/lib
- 刷新
ldconfig -v
ldconfig是一个动态链接库管理命令,其目的为了让动态链接库为系统所共享。
ldconfig的主要用途:
默认搜寻/lilb和/usr/lib,以及配置文件/etc/ld.so.conf内所列的目录下的库文件
- 复制文件
cp libssl.so.1.1 /usr/lib/
cp libcrypto.so.1.1 /usr/lib/
# Ubuntu版本
cp libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
# Centos版本
cp libcrypto.so.1.1 /usr/libx86_64-redhat-linux6E/
- 查看版本:
openssl version
# OpenSSL 1.1.1g 21 Apr 2020
4. 升级ssh(Ubuntu版本)
- 切换目录
cd ~
- 解压文件
tar -zxvf openssh-8.3p1.tar.gz
- 切换目录
cd openssh-8.3p1
- 安装
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
- 编辑文件
vim /usr/local/openssh/etc/sshd_config
添加以下配置
# PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
- 复制文件
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
- 重启ssh
systemctl restart sshd
- 查看版本,注意V是大写
ssh -V
# OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
5. 升级ssh(Centos版本)
- 卸载预装的openssh
rpm -qa | grep openssh
yum -y remove openssh-server-6.6.1p1-11.el7.x86_64 openssh-clients-6.6.1p1-11.el7.x86_64 openssh-6.6.1p1-11.el7.x86_64
[root@localhost ~]# rpm -qa | grep openssh
openssh-server-6.6.1p1-11.el7.x86_64
openssh-clients-6.6.1p1-11.el7.x86_64
openssh-6.6.1p1-11.el7.x86_64[root@localhost ~]# yum -y remove openssh-server-6.6.1p1-11.el7.x86_64 openssh-clients-6.6.1p1-11.el7.x86_64 openssh-6.6.1p1-11.el7.x86_64
- 备份文件
mv /etc/ssh /etc/ssh_bak
- 解压文件
tar -zxvf openssh-8.3p1.tar.gz
- 切换目录
cd openssh-8.3p1
- 安装
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
- 编辑文件
vim /usr/local/openssh/etc/sshd_config
添加以下配置
# PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
- 创建软链接以及复制文件
ln -s /usr/local/openssh/bin/ssh-add /usr/bin/ssh-add
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/bin/ssh-keyscan /usr/bin/ssh-keyscan
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
- 复制服务脚本
# sshd.init 文件是存放在openssh的压缩包中,需要在解压的文件夹中查找
cp contrib/redhat/sshd.init /etc/init.d/sshd
- 修改权限
chmod u+x /etc/init.d/sshd
- 添加服务
chkconfig --add sshd
- 设置为开机自启
chkconfig sshd on
- 重启ssh
systemctl daemon-reexec
systemctl restart sshd
- 查看版本,注意V是大写
ssh -V
# OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
6. 升级后测试ssh连接
连接不成功
可以通过shh -v 查看详情
# ssh -v sinoyue@192.168.1.152
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /usr/local/openssh/etc/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.1.152 [192.168.1.152] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.152 port 22
解决方法
vim /etc/hosts.allow
追加一行
sshd: ALL
重启ssh
service sshd restart
网友评论