linux升级openssh9

下载

下载 libressl-3.5.3.tar.gz、openssh-9.0p1.tar.gz、zlib-1.2.12.tar.gz，放到 /usr/local 目录下

链接：https://pan.baidu.com/s/1ZCyDDmJ5hgbtSYmaJa8dnw
提取码：6zax

安装 zlib-1.2.12.tar.gz

tar xzvf zlib-1.2.12.tar.gz
cd zlib-1.2.12/
./configure --prefix=/opt/zlib-1.2.12
make
make install
1
2
3
4
5

安装 libressl-3.5.3.tar.gz

tar xzvf libressl-3.5.3.tar.gz
cd libressl-3.5.3/
./configure --prefix=/opt/libressl-3.5.3
make
make install
echo '/opt/libressl-3.5.3/lib' > /etc/ld.so.conf.d/libressl.conf
ldconfig
1
2
3
4
5
6
7

安装 openssh-9.0p1.tar.gz

tar xzvf openssh-9.0p1.tar.gz
cd openssh-9.0p1
./configure --prefix=/opt/openssh-9.0p1 --with-zlib=/opt/zlib-1.2.12 --with-ssl-dir=/opt/libressl-3.5.3
make && make install
1
2
3
4

创建ssh服务

touch sshd9.service
1

内容如下：

[Unit]
Description=OpenSSH 9 server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/opt/openssh-9.0p1/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

• 修改 /opt/openssh-9.0p1/etc/sshd_config 以下几项

Port 22

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

PermitRootLogin yes
1
2
3
4
5
6
7

• 把服务文件加入 systemd 管理

cp sshd9.service /usr/lib/systemd/system
systemctl daemon-reload
1
2

• 停止原来的sshd服务

systemctl stop sshd
1

不要断开远程
不要断开远程
不要断开远程

• 修改权限

chmod go-r /etc/ssh/ssh_host_ed25519_key
chmod go-r /etc/ssh/ssh_host_ecdsa_key
chmod go-r /etc/ssh/ssh_host_rsa_key

1
2
3
4

• 启动新的sshd服务

systemctl start sshd9
systemctl status sshd9
1
2

开启一个新终端，验证能正常登陆

然后把新服务设为开机启动

systemctl disable sshd
systemctl enable sshd9
1
2