友情提示:由于openssh的更新可能会影响ssh的登录,保险起见最好先配置talnet的登录。如果openssh更新失败,页面不会阻止ssh正常登录。1.查看服务器ssh-V2的当前版本。从官网下载最新版的openssl和openssh3。首先更新openssl4。首先更新需要的依赖包yuminstall-ygccgcc-c++glibcmakeautoconfopensslopenssl-develpcre-develpam-develyuminstall-ypamzlib5.解压新版openssltar-zxvf*.tar.gz6。手动编译./config--prefix=/usr/local/opensslmakemakeinstall7。备份旧的openssl文件mv/usr/bin/openssl/usr/bin/openssl.oldmv/usr/lib64/openssl/usr/lib64/openssl.oldmv/usr/lib64/libssl.so/usr/lib64/libssl。so.old#创建软链接ln-s/usr/local/openssl/bin/openssl/usr/bin/opensslln-s/usr/local/openssl/include/openssl/usr/include/opensslln-s/usr/local/openssl/lib/libssl.so/usr/lib64/libssl.soecho"/usr/local/openssl/lib">>/etc/ld.so.confldconfig-v#显示正在扫描的目录和动态链接库找到8。测试opensslversion9。解压新版本opensshtar-zxvf**.tar.gz10。重新授权,其实未授权页面不会影响安装chown-Rroot.root/usr/local/data/openssh-8.6p111。备份mv/etc/ssh/etc/sshbakmv/usr/bin/ssh/usr/bin/sshbakmv/usr/sbin/sshd/usr/sbin/sshdbak删除之前的sshrm-rf/etc/ssh/*12.切换到新版本根目录openssh./configure--prefix=/usr/--sysconfdir=/etc/ssh--with-openssl-includes=/usr/local/openssl/include--with-ssl-dir=/usr/local/openssl--with-zlib--with-md5-passwords--with-pam&&make&&makeinstall13。修改sshd_config配置文件vim/etc/ssh/sshd_configPermitRootLoginprohibit-password为PermitRootLoginyesPasswordAuthenticationyes注释掉UseDNSno,改为UseDNSno14。验证配置grep"^PermitRootLogin"/etc/ssh/sshd_configgrep"UseDNS"/etc/ssh/sshd_config15.回到新版本openssh复制文件cp-acontrib/redhat/sshd.init/etc/init.d/sshdcp-acontrib/redhat/sshd.pam/etc/pam.d/sshd.pamchmod+x/etc/init.d/sshd16。添加sshd启动并启动chkconfig--addsshdsystemctlenablesshd17。删除或删除原来的sshd文件否则会影响新版本的启动mv/usr/lib/systemd/system/sshd.service/Setsshdservicestartchkconfigsshdon19.测试启动和停止服务/etc/init.d/sshdrestartnetstat-lntp/etc/init.d/sshdstopnetstat-lntp使用systemctl方法也可以systemctlstopsshdnetstat-lntpsystemctl启动sshdnetstat-lntp20。查看版本ssh-V到目前为止openssl和openssh更新完成
