开发笔记:centos7openssh版本升级

yum -y install xinetd telnet-server

systemctl enable xinetd.server
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd.service

#!/bin/bash
cd /opt

# 更新 openssh
yum update openssh -y

# 安装依赖
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*

# 下载 openssh、openssl 源码
wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
wget -c https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz

# 解压操作
tar zxf openssh-8.1p1.tar.gz
tar zxf openssl-1.0.2r.tar.gz

# 原文件备份
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak

# 安装 openssl
cd /opt/openssl-1.0.2r
./config shared && make && make install
echo $?

# 链接文件
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

# 编译安装 openssh
cd /opt/openssh-8.1p1
chown -R root.root /opt/openssh-8.1p1
cp -r /etc/ssh /tmp/
rm -rf /etc/ssh
./configure --prefix=/usr/ --syscOnfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
echo $?

# 修改配置文件
cat > /etc/ssh/sshd_config <PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
EOF
grep "^PermitRootLogin" /etc/ssh/sshd_config
cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$'
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /opt/
mv /usr/lib/systemd/system/sshd.socket /opt/
chkconfig sshd on

# 启动
service sshd restart

# 测试
openssl version
ssh -V