1. 准备工作
开启 telnet 访问,防止升级ssh失败无法远程登录。
yum list | grep telnet-server
yum list | grep xinetd
yum -y install telnet-server.x86_64 xinetd.x86_64
#配置开机启动
systemctl enable telnet.socket
systemctl enable telnet.socket
#启动服务
systemctl start telnet.socket
systemctl start xinetd
#查看服务状态
systemctl status telnet.socket
systemctl status xinetd
#查看端口,看到23端口已打开
netstat -ntlp
#开启防火墙允许访问23端口(没开防火墙跳过此步骤)
firewall-cmd --add-port=23/tcp --permanent
firewall-cmd --reload
#默认root无法远程访问,修改/etc/securetty
vi /etc/securetty
在末尾添加
pts/0
pts/1
pts/2
测试使用telnet登录服务器
2. 安装依赖
yum -y install gcc gcc-c++ glibc make autoconf pcre-devel pam-devel
下载新版本安装包
cd /usr/local/src
wget https://mirrors.aliyun.com/openssh/portable/openssh-9.2p1.tar.gz?spm=a2c6h.25603864.0.0.1e113bf9RMTaBt
mv openssh-9.2p1.tar.gz?spm=a2c6h.25603864.0.0.1e113bf9RMTaBt openssh-9.2p1.tar.gz
tar -zxf openssh-9.2p1.tar.gz
3. 编译安装
创建安装目录:
mkdir /usr/local/openssh
备份配置目录:
mv /etc/ssh /etc/ssh.bak20230222
编译安装:
cd /usr/local/src/openssh-9.2p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/openssl/ --with-zlib --with-md5-passwords --with-pam
make
make install
4. 修改配置文件
cat >>/etc/ssh/sshd_config << EOF
UseDNS no
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
X11Forwarding yes
X11UseLocalhost no
XAuthLocation /usr/bin/xauth
EOF
5. 配置软链
备份旧的二进制文件
mv /usr/sbin/sshd /usr/sbin/sshd.bak20230222
mv /usr/bin/ssh /usr/bin/ssh.bak20230222
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak20230222
创建软链:
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd
查看当前版本:
ssh -V
6. 重启服务
CentOS7 不同小版本 sshd 服务的启动方式可能不同,可通过systemctl status sshd命令查看:
- 服务启动
备份服务配置文件:
```bash mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak20221124 mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam.bak20221124
# 如果上面第二个mv报文件不存在,则使用下面这条 mv /etc/pam.d/sshd /etc/pam.d/sshd.bak20221124
```
配置新版本启动脚本:
```bash cp -a contrib/redhat/sshd.init /etc/init.d/sshd cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd
```
重启服务:
```bash systemctl daemon-reload chkconfig --add sshd service sshd restart chkconfig sshd on
```
- 脚本启动
备份服务启动脚本:
bash
mv /etc/rc.d/init.d/sshd /etc/rc.d/init.d/sshd.bak20221124
mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam.bak20221124
配置新版本启动脚本:
bash
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
重启服务:
bash
systemctl daemon-reload
systemctl restart sshd
7. 测试
查看版本:
[root@k8s-master openssh-9.1p1]# telnet 192.168.0.11 22
Trying 192.168.0.11...
Connected to 192.168.0.11.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.1
登录测试。
7. 关闭telnet
#关闭开机启动
systemctl disable telnet.socket
#启动服务
systemctl stop telnet.socket
#检查端口
netstat -tupln