linux系统openssh升级

说明
整个过程不需要卸载原先的openssl包和openssh的rpm包。本文的环境都是系统自带的openssh，没有经历过手动编译安装方式。如果之前有手动编译安装过openssh，请参照本文自行测试是否能成功。
如果严格参照本文操作，保证你升级没问题

一、安装依赖包

[root@localhost ~]# yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel 

二、下载openssh对应得安装包并上传

openssh-8.0p1.tar.gz此包需要在csdn上面下载
openssl-1.0.2.tar.gz可以在我给得地址进行下载
https://ftp.openssl.org/source/
下载完成之后将这两个包上传到虚拟机喜欢的位置当中。

[root@localhost local]# lsopenssh-8.0p1.tar.gz  openssl-1.0.2.tar.gz  
[root@localhost local]# 

三、安装openssl

解压

[root@localhost local]# tar xf openssl-1.0.2.tar.gz 
[root@localhost local]# 

备份下面两个文件（存在就执行，不存在忽略）

[root@localhost openssl-1.0.2]# mv /usr/bin/openssl /usr/bin/openssl_bak
[root@localhost openssl-1.0.2]# mv /usr/include/openssl/ /usr/include/openssl_bak
[root@localhost openssl-1.0.2]# 

编译安装openssl

[root@localhost local]# cd openssl-1.0.2/
[root@localhost openssl-1.0.2]# ls
ACKNOWLEDGMENTS  CHANGES.SSLeay  doc      GitConfigure  INSTALL.DJGPP  INSTALL.W32   libcrypto.so        libssl.so.1.0.0  Makefile.org     NEWS          perl           rehash.time  tools
apps             config          engines  GitMake       INSTALL.MacOS  INSTALL.W64   libcrypto.so.1.0.0  LICENSE          Makefile.shared  openssl.doxy  PROBLEMS       shlib        util
bugs             Configure       e_os2.h  include       INSTALL.NW     INSTALL.WCE   libssl.a            MacOS            makevms.com      openssl.pc    README         ssl          VMS
certs            crypto          e_os.h   INSTALL       INSTALL.OS2    libcrypto.a   libssl.pc           Makefile         ms               openssl.spec  README.ASN1    test
CHANGES          demos           FAQ      install.com   INSTALL.VMS    libcrypto.pc  libssl.so           Makefile.bak     Netware          os2           README.ENGINE  times
[root@localhost openssl-1.0.2]# ./config shared && make && make install

编译安装完后查看是否编译成功，0代表没有问题

[root@localhost openssl-1.0.2]# echo $?
0
[root@localhost openssl-1.0.2]# 

刚刚前面备份的文件做软连接，没有备份的忽略

[root@localhost openssl-1.0.2]# ln -s /usr/local/ssl/bin//openssl /usr/bin/openssl
[root@localhost openssl-1.0.2]# ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl
[root@localhost openssl-1.0.2]# 

执行下面两个命令加载新配置

[root@localhost openssl-1.0.2]# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
[root@localhost openssl-1.0.2]# /sbin/ldconfig
[root@localhost openssl-1.0.2]# 

查看版本，确定版本

[root@localhost openssl-1.0.2]# openssl version
OpenSSL 1.0.2 22 Jan 2015
[root@localhost openssl-1.0.2]# 

四、升级安装openssh

命令方式删除原先ssh得配置

[root@localhost ~]# rm -rf /etc/ssh/*
[root@localhost ~]# 

解压openssh-8.0p1.tar.gz并编译安装

[root@localhost local]# tar xf openssh-8.0p1.tar.gz 
[root@localhost local]# cd openssh-8.0p1/
[root@localhost openssh-8.0p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include  --with-ssl-dir=/usr/local/ssl   --with-zlib   --with-md5-passwords   --with-pam  && make && make install

检查结果

[root@localhost openssh-8.0p1]# echo $?
0
[root@localhost openssh-8.0p1]# 

修改配置文件并查看

[root@localhost openssh-8.0p1]# echo " PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-8.0p1]# echo " UseDNS no" >> /etc/ssh/sshd_config
[root@localhost openssh-8.0p1]# grep "PermitRootLogin"  /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# the setting of "PermitRootLogin without-password".PermitRootLogin yes
[root@localhost openssh-8.0p1]# grep  "UseDNS"  /etc/ssh/sshd_config
#UseDNS noUseDNS no
[root@localhost openssh-8.0p1]# 

从解压的包中拷贝一些文件到目标位置（如果目标目录存在就覆盖）

[root@localhost openssh-8.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-8.0p1]#  cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@localhost openssh-8.0p1]# chmod +x /etc/init.d/sshd

检查升级成功

[root@localhost ssh]# chkconfig sshd on
Note: Forwarding request to 'systemctl enable sshd.service'.
[root@localhost ssh]# systemctl enable sshd
[root@localhost ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2 22 Jan 2015
[root@localhost ~]# 

注意必须关闭将selinux设置成disabled