一、准备环境

1、准备一台CentOS7系统的虚拟机

2、 配置好网络和YUM源

3、安装版本确认

openssh升级到9.7

zlib 使用 1.3.1

openssl 使用 1.1.1.w

二、升级openssh

1、安装编译环境基础

<code>yum -y install build-essential perl gcc gcc-c++ make pam-devel

2、编译安装zlib

2.1 下载zlib安装包

wget https://zlib.net/fossils/zlib-1.3.1.tar.gz

2.2 解压缩

tar -zxvf zlib-1.3.1.tar.gz

2.3 创建工作目录

mkdir -p /opt/ssh-upgrade/zlib

2.4 编译三部曲

# 进入zlib解压目录

# 1、执行编译脚本

./configure --prefix=/opt/ssh-upgrade/zlib

# 2、编译

make

# 3、安装

make install

3、编译安装openssl

3.1 查看当前版本

# 查看版本

[root@localhost ~]# openssl version

OpenSSL 1.0.2k-fips 26 Jan 2017

# 查看openssl命令所在路径，后面创建软链接需要用到

[root@localhost ~]# whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz

3.2 卸载当前openssl

yum remove openssl

3.3 备份并删除openssl目录

[root@localhost ~]# cp -rf /etc/ssl/ /tmp/ssl_bak

[root@localhost ~]# rm -rf /etc/ssl

3.4 下载源码包

wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz

3.5 解压

tar -zxvf openssl-1.1.1w.tar.gz

3.6 创建工作目录

mkdir -p /opt/ssh-upgrade/openssl

3.7 编译三部曲

# 进入openssl解压目录

# 1、执行编译脚本

./config --prefix=/opt/ssh-upgrade/openssl/ --openssldir=/opt/ssh-upgrade/openssl/ shared

# 2、编译

make

# 3、安装

make install

3.8 创建软连接

[root@localhost openssl-1.1.1w]# ln -s /opt/ssh-upgrade/openssl/bin/openssl /usr/bin/openssl

[root@localhost openssl-1.1.1w]# ln -s /opt/ssh-upgrade/openssl/include/openssl /usr/include/openssl

[root@localhost openssl-1.1.1w]# whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl

3.9 更新系统配置

[root@localhost openssl-1.1.1w]# vi /etc/ld.so.conf.d/ssh-upgrade.conf

/opt/ssh-upgrade/openssl/lib

# 重新加载配置，使其生效

[root@localhost openssl-1.1.1w]# ldconfig

3.10 检查当前版本

[root@localhost openssl-1.1.1w]# openssl version

OpenSSL 1.1.1w 11 Sep 2023

4、安装openssh

4.1 查看当前版本

[root@localhost ~]# ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

4.2 卸载当前版本

# 备份文件

[root@localhost openssl-1.1.1w]# cp -rf /etc/ssh/ /tmp/

# 卸载

[root@localhost openssl-1.1.1w]# yum remove openssh

4.3 下载源码包

wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz

4.4 解压

tar -zxvf openssh-9.7p1.tar.gz

4.5 创建工作目录

mkdir -p /opt/ssh-upgrade/openssh/

4.6 编译三部曲

# 进入openssh解压目录

# 1、执行编译脚本

./configure \

--prefix=/opt/ssh-upgrade/openssh/ \

--sysconfdir=/opt/ssh-upgrade/openssh/ssh/ \

--with-openssl-includes=/opt/ssh-upgrade/openssl/include/ \

--with-ssl-dir=/opt/ssh-upgrade/openssl/ \

--with-zlib=/opt/ssh-upgrade/zlib/ \

--with-md5-passwords \

--without-openssl-header-check

# 2、编译

make

# 3、安装

make install

4.7 创建软链接

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/sbin/sshd /usr/sbin/sshd

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh /usr/bin/ssh

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-add /usr/bin/ssh-add

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-agent /usr/bin/ssh-agent

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-keyscan /usr/bin/ssh-keyscan

4.8 修改配置文件

# 1、拷贝openssh/ssh/目录下的文件到/etc/ssh目录下

cp -rf /opt/ssh-upgrade/openssh/ssh/* /etc/ssh/

# 2、修改配置

vi /etc/ssh/sshd_config

PermitRootLogin no

4.9 启动sshd服务

# 1、设置启动脚本

[root@localhost openssh-9.7p1]# cp -rf /opt/upgrade/package/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd

# 2、将sshd添加到系统中

[root@localhost openssh-9.7p1]# chkconfig --add sshd

# 3、设置开机自启动

[root@localhost openssh-9.7p1]# chkconfig sshd on

# 4、启动服务

[root@localhost openssh-9.7p1]# systemctl restart sshd

[root@localhost openssh-9.7p1]# systemctl status sshd

● sshd.service - SYSV: OpenSSH server daemon

Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

Active: active (running) since Wed 2024-05-15 04:12:49 EDT; 4s ago

Docs: man:systemd-sysv-generator(8)

Process: 25079 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)

Main PID: 25087 (sshd)

CGroup: /system.slice/sshd.service

└─25087 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups

May 15 04:12:49 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...

May 15 04:12:49 localhost.localdomain sshd[25079]: Starting sshd:[ OK ]

May 15 04:12:49 localhost.localdomain systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory

May 15 04:12:49 localhost.localdomain sshd[25087]: Server listening on 0.0.0.0 port 22.

May 15 04:12:49 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.

May 15 04:12:49 localhost.localdomain sshd[25087]: Server listening on :: port 22

4.10 检查当前版本

[root@localhost openssh-9.7p1]# ssh -V

OpenSSH_9.7p1, OpenSSL 1.1.1w 11 Sep 2023