51工具盒子一、Openssh简介
OpenSSH是SSH(Secure SHell)协议的免费开源实现。SSH协议族可以用来进行远程控制, 或在计算机之间传送文件。而实现此功能的传统方式,如telnet(终端仿真协议)、rcp ftp、rlogin、rsh都是极为不安全的,并且会使用明文传送密码。OpenSSH提供了服务端后台程序和客户端工具,用来加密远程控制和文件传输过程中的数据,并由此来代替原来的类似服务。
二、系统环境
1、查看openssl版本
[root@localhost ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
2、查看操作系统版本
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
3、查看openssh版本
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
4、安装编译器
[root@localhost ~]# yum -y install gcc gcc-c++
5、软件下载地址
官方下载地址:http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
官方下载地址:https://www.openssl.org
官方下载地址:http://www.zlib.net
三、安装zlib
1、下载zlib安装包
[root@localhost ~]# wget http://www.zlib.net/zlib-1.2.13.tar.gz
2、解压
[root@localhost ~]# tar xf zlib-1.2.13.tar.gz
3、编译及安装
[root@localhost ~]# cd zlib-1.2.13
[root@localhost zlib-1.2.13]# ./configure --prefix=/usr/local/zlib
[root@localhost zlib-1.2.13]# make && make install
4、配置动态库
[root@localhost zlib-1.2.13]# echo '/usr/local/zlib/lib' >> /etc/ld.so.conf
[root@localhost zlib-1.2.13]# ldconfig -v
四、安装openssl
1、下载openssl安装包
[root@localhost ~]# wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1p.tar.gz
2、解压
[root@localhost ~]# tar xf openssl-1.1.1p.tar.gz
3、编译及安装
[root@localhost ~]# cd openssl-1.1.1p
[root@localhost openssl-1.1.1p]# ./config --prefix=/usr/local/openssl -d shared
[root@localhost openssl-1.1.1p]# make && make install
4、配置动态库
[root@localhost openssl-1.1.1p]# echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
[root@localhost openssl-1.1.1p]# ldconfig -v
五、卸载旧版本openssh
1、备份原有文件
[root@localhost openssh-9.0p1]# mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@localhost openssh-9.0p1]# mv /usr/sbin/sshd /usr/sbin/sshd.bak
[root@localhost openssh-9.0p1]# mv /usr/bin/ssh /usr/bin/ssh.bak
[root@localhost openssh-9.0p1]# mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
[root@localhost openssh-9.0p1]# mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
[root@localhost openssh-9.0p1]# mv /usr/bin/openssl /usr/bin/openssl.bak
2、卸载openssh
[root@localhost openssl-1.1.1p]# rpm -qa |grep openssh
openssh-server-7.4p1-21.el7.x86_64
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
[root@localhost openssl-1.1.1p]# rpm -qa |grep openssh |xargs rpm -e --nodeps
[root@localhost openssl-1.1.1p]# rpm -qa |grep openssh
查看是否卸载完成,确认没有显示就是卸载成功
六、安装openssh
1、下载openssh安装包
[root@localhost ~]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
2、解压
[root@localhost ~]# tar xf openssh-9.0p1.tar.gz
3、编译及安装
[root@localhost ~]# cd openssh-9.0p1
[root@localhost openssh-9.0p1]# ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl
[root@localhost openssh-9.0p1]# make && make install
4、配置sshd_config文件
[root@localhost openssh-9.0p1]# echo 'UseDNS no' >> /usr/local/openssh/etc/sshd_config
[root@localhost openssh-9.0p1]# echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost openssh-9.0p1]# echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost openssh-9.0p1]# echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
5、拷贝新的配置复制到指定目录
[root@localhost openssh-9.0p1]# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
[root@localhost openssh-9.0p1]# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
[root@localhost openssh-9.0p1]# cp /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@localhost openssh-9.0p1]# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@localhost openssh-9.0p1]# cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
[root@localhost openssh-9.0p1]# cp /usr/local/openssl/bin/openssl /usr/bin/openssl
6、配置sshd开机自启动
[root@localhost openssh-9.0p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-9.0p1]# chkconfig --add sshd
[root@localhost openssh-9.0p1]# chkconfig sshd on
7、重启sshd
[root@localhost openssh-9.0p1]# systemctl restart sshd
[root@localhost openssh-9.0p1]# systemctl status sshd
七、验证
1、验证ssh版本
[root@localhost openssh-9.0p1]# ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1p 21 Jun 2022
2、重启服务,测试ssh连接
[root@localhost openssh-9.0p1]# reboot
3、xshell连接ssh测试
[D:\~]$ ssh root@172.16.80.198
Connecting to 172.16.80.198:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Tue Dec 13 17:23:47 2022 from 172.16.80.84
[root@localhost ~]# ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1p 21 Jun 2022
继续阅读
Linux最后更新:2024-1-24
