一、安装前查看系统及版本
- # cat /etc/redhat-release
- CentOS Linux release 7.2.1511 (Core)
- # ssh -V
- OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
二、安装步骤
1.下载tar包
- wget https://www.openssl.org/source/openssl-1.1.1t.tar.gz --no-check-certificate
- wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz
- wget http://www.zlib.net/zlib-1.2.13.tar.gz
解压到指定路径:
- tar zxvf openssl-1.1.1t.tar.gz -C /usr/local/src/
- tar zxvf openssh-9.3p1.tar.gz -C /usr/local/src/
- tar zxvf zlib-1.2.13.tar.gz -C /usr/local/src
2.安装相关依赖和gcc编译工具
- yum -y install gcc gcc-c++ kernel-devel
- yum -y install pam pam-devel zlib zlib-devel
3.安装zlib
- cd /usr/local/src/zlib-1.2.13/
- ./configure --prefix=/usr/local/zlib && make -j 4 && make install
- cd /usr/local/src/openssl-1.1.1t/
- ./config --prefix=/usr/local/ssl -d shared
-
- make -j 4 && make install
- echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
- ldconfig -v
5.安装openssh
- mv /etc/ssh /etc/ssh.bak
- cd /usr/local/src/openssh-9.3p1/
- ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib
-
- make -j 4 && make install
6.修改配置文件
(1)sshd_config文件修改
- echo "X11Forwarding yes" >> /etc/ssh/sshd_config
- echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
- echo "#XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
- echo "UseDNS no" >> /etc/ssh/sshd_config
- echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
- echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
- echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
需要添加X11Forwarding yes开启X11转发,调用图形界面,如oracle安装等操作需要图形界面
***必须添加X11UseLocalhost no 和 XAuthLocation /usr/bin/xauth 这两项,否则X11转发不好使
验证X11转发是否好使,xhost + 出现下面的是可以正常使用的
(2) 备份 /etc/ssh 原有文件,并将新的配置复制到指定目录
- mv /usr/sbin/sshd /usr/sbin/sshd.bak
- cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
- mv /usr/bin/ssh /usr/bin/ssh.bak
- cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
- mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
- cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
安装完成,查看版本ssh -V
- # ssh -V
- OpenSSH_9.3p1, OpenSSL 1.1.1t 7 Feb 2023
7.启动sshd
systemctl restart sshd开机自启
systemctl enable sshd 9.天翼云服务器启动sshd问题
拷贝系统启动文件
cp /usr/local/src/openssh-9.3p1/contrib/redhat/sshd.init /etc/init.d/sshd把原先的systemd管理的sshd文件移走,不然影响重启sshd服务
- mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
- systemctl daemon-reload
将sshd添加到系统服务
- chkconfig --add sshd
- chkconfig sshd on
-
- # chkconfig --list
-
- Note: This output shows SysV services only and does not include native
- systemd services. SysV configuration data might be overridden by native
- systemd configuration.
-
- If you want to list systemd services use 'systemctl list-unit-files'.
- To see services enabled on particular target use
- 'systemctl list-dependencies [target]'.
-
- denyhosts 0:on 1:on 2:on 3:on 4:on 5:on 6:on
- netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
- sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
重启sshd
- service sshd status
- service sshd restart
10.注意
注意:升级后由于加密算法的区别,低版本的SSH工具可能无法连接,建议改用Xshell7或SecureCRT9.0以上版本。