链接: https://pan.baidu.com/s/1pLoMrt1cnsr598Wl2BZAoQ 提取码: m4vr 复制这段内容后打开百度网盘(免费链接) 下载路径(付费支持)
1.执行:
tar xfz openssh-8.1p1.tar.gz解压openssh-8.1p1。
2.执行
cd /home/rpm进入目录并执行rpm的安装
rpm -Uvh *.rpm --nodeps --force1.执行
cd openssh-8.1p12.可能文件默认显示uid和gid数组都是1000,这里重新授权下。不授权可能也不影响安装(请自行测试) 执行
chown -R root.root /home/openssh-8.1p11.命令行删除原先ssh的配置文件和目录
rm -rf /etc/ssh/*然后配置、编译、安装 2.注意下面编译安装的命令是一行
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install1.以上命令执行完毕,echo $?查看下最后的make install是否有报错,0表示没有问题
[root@localhost openssh-8.1p1]# echo $? 02.进入/etc/ssh/sshd_config下修改配置文件查询结果如下,需要修改PermitRootLogin yes以及UseDNS no。有注释需要去掉
[root@localhost openssh-8.1p1]# vi /etc/ssh/sshd_config [root@localhost openssh-8.1p1]# grep "^PermitRootLogin" /etc/ssh/sshd_config PermitRootLogin yes [root@localhost openssh-8.1p1]# grep "UseDNS" /etc/ssh/sshd_config UseDNS no3.从原先的解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖) (可能下面的ssh.pam文件都没用到,因为sshd_config配置文件貌似没使用它,请自行测试。我这边是拷贝了)
[root@localhost openssh-8.1p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd [root@localhost openssh-8.1p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam [root@localhost openssh-8.1p1]# chmod +x /etc/init.d/sshd [root@localhost openssh-8.1p1]# chkconfig --add sshd [root@localhost openssh-8.1p1]# systemctl enable sshd4.把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
[root@localhost openssh-8.1p1]# mv /usr/lib/systemd/system/sshd.service /var/5.设置sshd服务开机启动
[root@localhost openssh-8.1p1]# chkconfig sshd on 注意:正在将请求转发到“systemctl enable sshd.socket”。 Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.6.接下来测试启停服务
[root@localhost openssh-8.1p1]# /etc/init.d/sshd restart Restarting sshd (via systemctl): [ 确定 ]如果启动服务失败
[root@localhost openssh-8.1p1]# systemctl status sshd.service ● sshd.service - SYSV: OpenSSH server daemon Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled) Active: failed (Result: exit-code) since 三 2020-04-29 09:48:24 CST; 26s ago Docs: man:systemd-sysv-generator(8) Process: 2965 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS) Process: 2994 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE) Main PID: 25780 (code=exited, status=0/SUCCESS) 4月 29 09:48:24 localhost.localdomain sshd[2994]: It is required that your private key files are NOT accessible by others. 4月 29 09:48:24 localhost.localdomain sshd[2994]: This private key will be ignored. 4月 29 09:48:24 localhost.localdomain sshd[2994]: Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions 4月 29 09:48:24 localhost.localdomain sshd[2994]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key 4月 29 09:48:24 localhost.localdomain sshd[2994]: sshd: no hostkeys available -- exiting. 4月 29 09:48:24 localhost.localdomain sshd[2994]: [失败] 4月 29 09:48:24 localhost.localdomain systemd[1]: sshd.service: control process exited, code=exited status=1 4月 29 09:48:24 localhost.localdomain systemd[1]: Failed to start SYSV: OpenSSH server daemon. 4月 29 09:48:24 localhost.localdomain systemd[1]: Unit sshd.service entered failed state. 4月 29 09:48:24 localhost.localdomain systemd[1]: sshd.service failed.先赋予权限
chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ecdsa_key重新启动sshd.service
systemctl start sshd.service否则使用Xshell登录会发现即使密码正确也无法登录
vi /etc/selinux/config将SELINUX=enforcing改为SELINUX=disabled 设置后需要重启linux主机才能生效 然后使用Xshell可正常登录。
升级之前
[root@localhost ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017升级之后
[root@localhost ~]# ssh -V OpenSSH_8.1p1, OpenSSL 1.0.2k-fips 26 Jan 2017