[root@localhost ~]# mkdir ssh (用来存放升级包)
[root@localhost ~]# cd ssh/
[root@localhost ssh]# ls (上传3个文件后,如下)
openssh-8.3p1.tar.gz openssl-1.1.1g.tar.gz rhel-server-7.5-x86_64-dvd.iso
[root@localhost ssh]# tar -zxvf openssh-8.3p1.tar.gz
[root@localhost ssh]# tar -zxvf openssl-1.1.1g.tar.gz
[root@localhost ~]# cd /mnt/ (离线升级,采用镜像作为yum源,开始挂载)
[root@localhost mnt]# mkdir cdrom
[root@localhost mnt]# cd
[root@localhost ~]# mount ssh/rhel-server-7.5-x86_64-dvd.iso /mnt/cdrom/
mount: /dev/loop0 写保护,将以只读方式挂载
[root@localhost mnt]#cd ssh
[root@localhost ssh]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
redhat.repo
[root@localhost yum.repos.d]# vi rh.repo (新建并编辑,内容如下)
[rh]
name=hm
baseurl=file:///mnt/cdrom
gpgcheck=0
enabled=1
[root@localhost yum.repos.d]# ls
redhat.repo rh.repo
[root@localhost yum.repos.d]# mv redhat.repo redhat.repo.bak (将redhat.repo 改文件名为 redhat.repo.bak)
[root@localhost yum.repos.d]# ls
redhat.repo.bak rh.repo
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum clean all
[root@localhost ~]# yum list (检查yum源是否可用,可省略)
[root@localhost ~]# yum install gcc*
root@localhost openssl-1.1.1g]# yum install xinetd -y
[root@localhost openssl-1.1.1g]# yum install telnet -y
[root@localhost openssl-1.1.1g]# yum install telnet-server -y
[root@localhost openssl-1.1.1g]# systemctl start telnet.socket
[root@localhost openssl-1.1.1g]# systemctl start xinetd.service
[root@localhost openssl-1.1.1g]# systemctl stop firewalld.service
(重新采用telnet登陆,继续操作)
[root@localhost ~]# systemctl stop sshd
[root@localhost ~]# cd ssh/
[root@localhost ssh]# ls
openssh-8.3p1 openssl-1.1.1g rhel-server-7.5-x86_64-dvd.iso
openssh-8.3p1.tar.gz openssl-1.1.1g.tar.gz
[root@localhost ssh]# cd openssl-1.1.1g/
[root@localhost openssl-1.1.1g]# ./config shared
[root@localhost openssl-1.1.1g]# make && make install
[root@localhost openssl-1.1.1g]# cd /usr/local/lib64/ (查看升级是否成功)
[root@localhost lib64]# ll
总用量 10480
drwxr-xr-x. 2 root root 39 9月 2 10:18 engines-1.1
-rw-r--r--. 1 root root 5630658 9月 2 10:18 libcrypto.a
lrwxrwxrwx. 1 root root 16 9月 2 10:18 libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x. 1 root root 3380224 9月 2 10:18 libcrypto.so.1.1
-rw-r--r--. 1 root root 1024200 9月 2 10:18 libssl.a
lrwxrwxrwx. 1 root root 13 9月 2 10:18 libssl.so -> libssl.so.1.1
-rwxr-xr-x. 1 root root 685528 9月 2 10:18 libssl.so.1.1
drwxr-xr-x. 2 root root 61 9月 2 10:18 pkgconfig
[root@localhost lib64]# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory (错误信息)
[root@localhost lib64]# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
[root@localhost lib64]# ln -s /usr/local/lib64/libcrypto.so.1.1.1/usr/lib64/libcrypto.so.1.1
[root@localhost lib64]# openssl version
OpenSSL 1.1.1g 21 Apr 2020
[root@localhost lib64]# rpm -qa|grep ssh* (可省略,查询ssh相关应用)
[root@localhost lib64]# rpm -qa|grep openssh* (可省略,查询ssh相关应用)
[root@localhost ~]# yum install zlib*
[root@localhost ~]# cd ssh/
[root@localhost ssh]# cd openssh-8.3p1/
[root@localhost openssh-8.3p1]# ./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/ssl --with-zilb=/usr/local/zlib
[root@localhost openssh-8.3p1]# make
[root@localhost openssh-8.3p1]# make install
(安装完成,接下来作相应配置)
[root@localhost openssh-8.3p1]# vi /usr/local/openssh/etc/sshd_config
PermitRootLogin yes #允许root用户通过ssh登陆 (少了此步骤,会导致root无法登陆,采用其他账号登陆则会因为权限问题导致sshd.service无法正常启动 )
PubkeyAuthentication yes #公钥授权
PasswordAuthentication yes #密码授权
[root@localhost openssh-8.3p1]# mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@localhost openssh-8.3p1]# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
[root@localhost openssh-8.3p1]# mv /usr/sbin/sshd /usr/sbin/sshd.bak
[root@localhost openssh-8.3p1]# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
[root@localhost openssh-8.3p1]# mv /usr/bin/ssh /usr/bin/ssh.bak
[root@localhost openssh-8.3p1]# cp /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@localhost openssh-8.3p1]# mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
[root@localhost openssh-8.3p1]# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@localhost openssh-8.3p1]# mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
[root@localhost openssh-8.3p1]# cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start sshd
[root@localhost ~]# systemctl status sshd
[root@localhost ~]# systemctl status sshd.service
[root@localhost ~]# ssh -V
[root@localhost ~]# systemctl stop telnet.socket (关闭telnet服务)
以上是redhat 7.5和centos 7.5 升级SSH过程记录。唯一区别是 redhat 的默认yum源文件是redhat.repo,而centos 的是Centos-Base.repo。
如果出现如下报错情况 [root@localhost ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: timeout) since 一 2020-09-14 17:13:10 CST; 24s ago Docs: man:sshd(8) man:sshd_config(5) Process: 2511 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 2511 (code=exited, status=0/SUCCESS) Tasks: 6 CGroup: /system.slice/sshd.service ├─2106 sshd: ynjl [priv] ├─2108 sshd: ynjl@pts/0 ├─2109 sshd: ynjl [priv] ├─2111 -bash ├─2154 sshd: ynjl@notty └─2155 /usr/local/openssh/libexec/sftp-server
9月 14 17:13:10 localhost.localdomain systemd[1]: sshd.service failed.
权限问题:执行一下命令
chomd 600 /etc/ssh/ssh_host_ecdsa_key chmod 600 /etc/ssh/ssh_host_rsa_key
systemctl restart sshd
