Centos 7.9 升级 ssh 和 openssl

一、环境

[root@tmp179 package]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@tmp179 package]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

二、 升级前准备

mkdir /opt/package
cd /opt/package
wget https://www.openssl.org/source/openssl-3.1.5.tar.gz --no-check-certificate
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz --no-check-certificate


yum -y install gcc gcc-c++ openssl-devel libstdc++* libcap* pam-devel zlib-devel perl perl-IPC-Cmd

三、升级openssl

mv /usr/lib64/openssl /usr/lib64/openssl.old
yum remove openssl     #注意输入y或者直接加-y参数再执行
tar -zxf openssl-3.1.5.tar.gz
cd /opt/package/openssl-3.1.5
./config --prefix=/usr
make && make install   #顺利的话10分钟左右,可能需要20分钟
which openssl          #查看升级后的Openssl路径
openssl version        #确认升级是否成功，成功的话能显示版本号OpenSSL 3.1.5 30 Jan 2024 (Library: OpenSSL 3.1.5 30 Jan 2024)

四、升级openssh

cd /opt/package
tar -zxf openssh-9.6p1.tar.gz
rpm -qa | grep -E  "zlib-devel|openssl-devel|gcc"       #需要有这些组件
mkdir /etc/ssh.bak
mv /etc/ssh/ /etc/ssh.bak/
cd /opt/package/openssh-9.6p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make && make install
cp /opt/package/openssh-9.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
cp /etc/ssh/sshd_config{,.bak}
sed -i 's/^PermitRootLogin/#&/' /etc/ssh/sshd_config
sed -i '32i PermitRootLogin yes' /etc/ssh/sshd_config
chkconfig --add sshd
systemctl daemon-reload
systemctl restart sshd                  #远程连接会断开。
ssh -V                                  #重新打开个远程连接窗口，并执行。会看到新版本OpenSSH_9.6p1, OpenSSL 3.1.5 30 Jan 2024

-------ok------2024年3月9日18:11:09----------------------