从OpenSSH_7.4升级到OpenSSH_8.8
[baikai@sh ~]$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
// 下载openssl、openssh源码
[baikai@sh ~]$ wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
[baikai@sh ~]$ wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
[baikai@sh ~]$ rpm -qa | grep openss
openssl-libs-1.0.2k-22.el7_9.x86_64
[baikai@sh ~]$ tar -zxf openssh-8.8p1.tar.gz
[baikai@sh ~]$ tar -zxf openssl-1.1.1m.tar.gz
[baikai@sh ~]$ sudo mkdir /usr/local/openssl
[baikai@sh ~]$ sudo mkdir /usr/local/openssh
// 编译和安装openssl
[baikai@sh ~]$ cd openssl-1.1.1m
[baikai@sh openssl-1.1.1m]$ ./config --prefix=/usr/local/openssl
[baikai@sh openssl-1.1.1m]$ ./config -t
[baikai@sh openssl-1.1.1m]$ sudo su -
Last login: Sun Jan 9 18:34:38 CST 2022 on pts/2
[root@sh ~]# cd /home/baikai/openssl-1.1.1m
[root@sh openssl-1.1.1m]# make && make install
[root@sh openssl-1.1.1m]# export LD_LIBRARY_PATH=/usr/local/openssl/lib/
[root@sh openssl-1.1.1m]# /usr/local/openssl/bin/openssl version
OpenSSL 1.1.1m 14 Dec 2021
// 替换openssl:
[root@sh openssl-1.1.1m]# type openssl
openssl is /bin/openssl
[root@sh openssl-1.1.1m]# cd /bin
[root@sh bin]# mv openssl openssl.bak
[root@sh openssl-1.1.1m]# type openssl
-bash: type: openssl: not found
[root@sh openssl-1.1.1m]# ln -s /usr/local/openssl/bin/openssl /bin
[root@sh openssl-1.1.1m]# type openssl
openssl is /bin/openssl
[root@sh openssl-1.1.1m]# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
[root@sh openssl-1.1.1m]# export LD_LIBRARY_PATH=/usr/local/openssl/lib/
[root@sh openssl-1.1.1m]# openssl version
OpenSSL 1.1.1m 14 Dec 2021
[root@sh openssl-1.1.1m]# echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
[root@sh openssl-1.1.1m]# ldconfig -v
// 编译和安装 openssh
[root@sh ~]# yum install zlib-devel pam-devel
[root@sh ~]# cd /home/baikai/openssh-8.8p1
[root@sh openssh-8.8p1]# mkdir /usr/local/openssh_etc
[root@sh openssh-8.8p1]# ./configure --prefix=/usr/local/openssh --sysconfdir=/usr/local/openssh_etc --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
...
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
...
[root@sh openssh-8.8p1]# cat contrib/redhat/sshd.pam
[root@sh openssh-8.8p1]# make && make install
[root@sh openssh-8.8p1]# sed -i 's/^#PermitRootLogin.*$/PermitRootLogin yes/' /usr/local/openssh_etc/sshd_config
[root@sh openssh-8.8p1]# type ssh
ssh is /bin/ssh
[root@sh openssh-8.8p1]# type sshd
sshd is /sbin/sshd
[root@sh openssh-8.8p1]# type sftp
sftp is /bin/sftp
[root@sh openssh-8.8p1]# mv /bin/ssh /bin/ssh.bak
[root@sh openssh-8.8p1]# mv /sbin/sshd /sbin/sshd.bak
[root@sh openssh-8.8p1]# mv /bin/sftp /bin/sftp.bak
[root@sh openssh-8.8p1]# ln -s /usr/local/openssh/bin/ssh /bin/
[root@sh openssh-8.8p1]# ln -s /usr/local/openssh/sbin/sshd /sbin/
[root@sh openssh-8.8p1]# ln -s /usr/local/openssh/bin/sftp /bin/
[root@sh openssh-8.8p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[root@sh openssh-8.8p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@sh openssh-8.8p1]# ls -ltr /usr/lib/systemd/system/sshd.service
-rw-r--r-- 1 root root 373 Aug 9 2019 /usr/lib/systemd/system/sshd.service
[root@sh openssh-8.8p1]# mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
[root@sh openssh-8.8p1]#
[root@sh openssh-8.8p1]# mv /etc/ssh/ /etc/ssh.bak
[root@sh openssh-8.8p1]# ln -s /usr/local/openssh_etc/ /etc/ssh
[root@sh openssh-8.8p1]# systemctl daemon-reload
[root@sh openssh-8.8p1]# service sshd restart
Restarting sshd (via systemctl): [ OK ]
[root@sh openssh-8.8p1]# chkconfig --add sshd
[root@sh openssh-8.8p1]# chkconfig --level 2345 sshd on
Note: Forwarding request to 'systemctl enable sshd.socket'.
Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.