一、准备工作

mkdir /home/openssh_upgrade

cd /home/openssh_upgrade/

上传 openssh-9.3p1.tar.gz、openssl-3.0.7.tar.gz

二、升级openssl

tar -zxvf openssl-3.0.7.tar.gz
cd openssl-3.0.7/
yum install -y gcc gcc-c++ glibc make automake autoconf zlib zlib-devel
./config shared zlib -fPIC --prefix=/usr/local/openssl

报错Can't locate IPC/Cmd.pm in @INC (@INC contains:XXX
解决yum -y install perl-IPC-Cmd

再执行

./config shared zlib -fPIC --prefix=/usr/local/openssl
make
make install

备份老版本的openssl

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

将新版本链接到指定路径

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl

将新的库文件地址写入记录so库的配置文件

echo '/usr/local/openssl/lib64' > /etc/ld.so.conf.d/openssl-x86_64.conf

ldconfig -v

查看安装后的版本号能正常显示则表示安装成功

openssl version -a

二、升级openssh

卸载这三个软件包

快捷卸载方法rpm -e rpm -qa | grep openssh --nodeps

rpm -qa | grep openssh

rpm -e openssh-clients-xxx --nodeps
rpm -e openssh-server-xxx
rpm -e openssh-xxx

安装依赖包

yum install -y gcc gcc-c++ glibc make automake autoconf zlib zlib-devel pcre-devel  perl perl-Test-Simple

解压源码包

tar -zxvf openssh-9.3p1.tar.gz
cd openssh-9.3p1

编译安装

./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib
make
make install

正常情况下这些脚本都会在卸载老版本openssh的自动删除

ls /usr/lib/systemd/system/ssh*
rm -f /usr/lib/systemd/system/ssh*

拷贝启动脚本

cp contrib/redhat/sshd.init /etc/init.d/sshd

如果安装了pam模块则需要拷贝sshd.pam配置文件

# cp contrib/redhat/sshd.pam /etc/pam.d/

建立软连接

ln -s /usr/local/openssh/etc /etc/ssh
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/
ln -s /usr/local/openssh/bin/* /usr/bin/

systemctl daemon-reload

启动并设置开机自启动

systemctl start sshd && systemctl enable sshd

查看状态已经是 running 状态了

systemctl status sshd

查看版本号已经升级成功

ssh -V

ssh的默认配置文件是禁止root用户远程登录的

若需要root用户远程登录则按修改如下配置文件然后重启ssh服务即可

vi /etc/ssh/etc/sshd_config
PermitRootLogin yes

systemctl restart sshd

参考

CentOS7升级openssl
CentOS7升级openssh