升级OpsnSSH
官网:http://www.openssh.com/
下载软件包:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
#查看SSH版本
[root@cnki-120-145-80 openssl-3.0.4]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
#安装启动并配置telnet服务 | 防止ssh升级失败无法访问服务器
yum install -y telnet-server* telnet xinetd
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd.service
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
echo 'pts/2' >>/etc/securetty
#===================== 升级SSH =============
#1.安装依赖包
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
#2.备份系统现有ssh相关配置
mv /etc/ssh /etc/ssh_bak
cp /etc/pam.d/system-auth-ac /etc/pam.d/system-auth-ac.bak
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
#3.卸载老版本ssh
rpm -qa | grep openssh
#4.进入opt 目录
cd /opt
#5.下载Openssh
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
#6.解压
tar -xvf openssh-8.9p1.tar.gz
#7.进入解压后的目录
cd openssh-8.9p1
#6.编译 -with-ssl-dir=是openssl的安装路径 prefix 安装的目录路径; sysconfdir 这里指定的配置文件的目录路径;
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib
make && make install
#7.以上命令执行完毕,echo $?查看下最后的make install是否有报错,0表示没有问题
echo $?
#9.拷贝一些文件到目标位置
cp -a /opt/openssh-8.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
#====================== 端口相关 ==================
#1.修改ssh端口
#SELinux添加修改的SSH端口
yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 2022
#2.防火墙开启2022端口,删除22端口
firewall-cmd --zone=public --permanent --add-port=2022/tcp
#删除之前防火墙ssh规则
#vi /etc/firewalld/zones/public.xml
#删除这一行:<service name="ssh"/>
#4.重新加载防火墙
firewall-cmd --reload
#5.修改端口 Port 2022
vim /etc/ssh/sshd_config
#修改以下配置项
PORT 2022
PermitRootLogin yes
UsePAM yes
#6.重启SSH
cd /etc/init.d
./sshd restart
#7.测试是否正常连接
ssh -p 2022 localhost
错误1:
错误:
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
解决:查看这个文件
系统中存在两个以上SSL,而指定的SSL版本与系统当前使用的版本并不相同,所以会出现该错误。
将安装选项中指定的SSL的lib文件夹的位置提高即可
cat /etc/ld.so.conf
ldconfig
错误
failed to restart sshd.service:Unit not found.
解决方案:
进入 /etc/init.d 目录执行 ./ssh start
错误
[root@cnki-120-145-77 init.d]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since 三 2022-07-13 17:42:06 CST; 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 12334 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=255)
Main PID: 12334 (code=exited, status=255)
7月 13 17:42:06 cnki-120-145-77 systemd[1]: Failed to start OpenSSH server daemon.
7月 13 17:42:06 cnki-120-145-77 systemd[1]: Unit sshd.service entered failed state.
7月 13 17:42:06 cnki-120-145-77 systemd[1]: sshd.service failed.
解决1:
用vnc连,进行重启
解决2:
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
systemctl daemon-reload
启动之后再恢复
cp /usr/lib/systemd/system/sshd.service.bak /usr/lib/systemd/system/sshd.service
网友评论