統信v20-1050e升級openssh到9.8p1
1.備份配置文件:
[root@localhost ~]# cp -rf /etc/ssh /etc/ssh.bak
[root@localhost ~]# cp -rf /usr/bin/openssl /usr/bin/openssl.bak
[root@localhost ~]# cp -rf /etc/pam.d /etc/pam.d.bak
[root@localhost ~]# cp -rf /usr/lib/systemd/system /usr/lib/systemd/system.bak
2.安裝依賴環境
[root@localhost ~]# dnf -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers libedit-devel perl-IPC-Cmd
3.下載源碼包
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# wget https://www.zlib.net/zlib-1.3.1.tar.gz
[root@localhost src]# wget https://www.openssl.org/source/openssl-3.2.1.tar.gz
[root@localhost src]# wget https://mirrors.aliyun.com/openssh/portable/openssh-9.8p1.tar.gz
4.解壓安裝包
[root@localhost src]# tar -zxvf openssh-9.8p1.tar.gz
[root@localhost src]# tar -zxvf openssl-3.2.1.tar.gz
[root@localhost src]# tar -zxvf zlib-1.3.1.tar.gz
5.安裝Zlib
[root@localhost src]# cd /usr/local/src/zlib-1.3.1
[root@localhost zlib-1.3.1]# ./configure --prefix=/usr/local/src/zlib
[root@localhost zlib-1.3.1]# make -j 4 && make test && make install
6.安裝OpenSSL
[root@localhost zlib-1.3.1]# cd /usr/local/src/openssl-3.2.1
[root@localhost openssl-3.2.1]# ./config --prefix=/usr/local/src/openssl
[root@localhost openssl-3.2.1]# make -j 4 && make install
[root@localhost openssl-3.2.1]# mv /usr/bin/openssl /usr/bin/oldopenssl
[root@localhost openssl-3.2.1]# ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
[root@localhost openssl-3.2.1]# ln -s /usr/local/src/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
[root@localhost openssl-3.2.1]# ln -s /usr/local/src/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
7.更新動態庫并查看是否升級成功
[root@localhost openssl-3.2.1]# echo "/usr/local/src/openssl/lib64" >> /etc/ld.so.conf
[root@localhost openssl-3.2.1]# ldconfig
[root@localhost openssl-3.2.1]# openssl version -v
6.下載老版本(這里卸載之后它會卸載make依賴包,要重新安裝)
[root@localhost openssl-3.2.1]# dnf remove -y openssh
[root@localhost openssl-3.2.1]# rm -rf /etc/ssh/*
8.openssh安裝
UOS中缺少pam,需要手動安裝一下,如沒有源的話,請離線準備好文件,以下為在線安裝方式。
[root@localhost openssl-3.2.1]# dnf -y install pam*
[root@localhost openssl-3.2.1]# cd /usr/local/src/openssh-9.8p1
[root@localhost openssh-9.8p1]# ./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
[root@localhost openssh-9.8p1]# make -j 4 && make install
9.復制新ssh文件
[root@localhost openssh-9.8p1]# /usr/local/src/ssh/bin/ssh -V
[root@localhost openssh-9.8p1]# cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-9.8p1]# cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
[root@localhost openssh-9.8p1]# cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
[root@localhost openssh-9.8p1]# cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
[root@localhost openssh-9.8p1]# cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
10.允許root登錄
[root@localhost openssh-9.8p1]# echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
[root@localhost openssh-9.8p1]# echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
11.重啟并設置開機自啟動
[root@localhost openssh-9.8p1]# /etc/init.d/sshd restart
[root@localhost openssh-9.8p1]# /etc/init.d/sshd status
[root@localhost openssh-9.8p1]# chkconfig --add sshd
[root@localhost openssh-9.8p1]# ssh -V
12.配置環境變量
[root@localhost ~]# cat >/etc/profile.d/openssh.sh<<'EOF'
#!/bin/bash
export LD_LIBRARY_PATH=/usr/local/src/openssl/lib64:$LD_LIBRARY_PATH
export PATH=/usr/local/src/ssh/bin:/usr/local/src/ssh/sbin:/usr/local/src/openssl/bin:$PATH
EOF
[root@localhost ~]# source /etc/profile.d/openssh.sh
[root@localhost ~]# openssl version
浙公網安備 33010602011771號