# 一、防止ssh升级失败连接不上，首先开启telnet服务： ## 安装xinetd和telnet-server yum -y install xinetd yum -y install telnet-server ## 配置开机启动 systemctl enable xinetd.service systemctl enable telnet.socket ## 启动服务 systemctl start telnet.socket systemctl start xinetd ## 查看端口,看到23端口已打开 netstat -tunlp|grep 23 ## 开启防火墙允许访问23端口(没开防火墙跳过此步骤) firewall-cmd --add-port=23/tcp --permanent firewall-cmd --reload ## 默认root无法远程访问，修改/etc/securetty vi /etc/securetty #在末尾添加 pts/0 pts/1 pts/2 pts/3 pts/4 ## 测试用telnet连接 telnet 192.168.139.101 23 输入用户 输入密码 # 二、开始升级 ## 1、openssh源码包下载： wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz ## 2、备份ssh相关文件： cd /usr/bin/ mkdir bak.1021 cp -arf scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan bak.1021/ mv /usr/libexec/openssh/sftp-server bak.1021/ ls bak.1021/ cd /usr/sbin/ mkdir bak.1021 cp -arf sshd bak.1021/ ls bak.1021/ ## 3、备份ssh配置文件： mv /etc/ssh /etc/ssh.1021 ## 4、安装依赖： yum -y install gcc yum -y install zlib yum -y install zlib-devel yum -y install openssl-devel yum -y install pam-devel ## 5、编译安装： tar xf openssh-8.9p1.tar.gz cd openssh-8.9p1 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers --without-openssl-header-check make make install ## 6、修改sshd配置文件： vi /etc/ssh/sshd_config ### 修改以下选项 PermitRootLogin yes SyslogFacility AUTHPRIV Subsystem sftp /usr/libexec/openssh/sftp-server ## 7、拷贝新版本ssh： \cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/ \cp -arf /usr/local/openssh/bin/* /usr/bin/ ## 8、#拷贝新版本sftp-server \cp /usr/local/openssh/libexec/sftp-server /usr/libexec/openssh/ ## 9、恢复秘钥文件 \cp -arf /etc/ssh.1021/ssh_host* /etc/ssh/ chmod 600 /etc/ssh/ssh_host_*_key ## 10、修改sshd.service文件 sed -i 's/Type=notify/Type=simple/g' /usr/lib/systemd/system/sshd.service ## 11、重启sshd systemctl daemon-reload systemctl restart sshd ### 查看状态 systemctl status sshd netstat -tunlp|grep 22 ### 如果启动失败，查看日志，按住shift+g 可以查看最后的日志 journalctl -u sshd ## 13、查看版本 sshd -V ssh -V ## 14、最后工作：关闭telnet服务 systemctl disable xinetd.service systemctl disable telnet.socket systemctl stop telnet.socket systemctl stop xinetd