目标:
OpenSSL 1.0.2k-fips升级至OpenSSL 3.3.0
OpenSSH_7.4p1升级至OpenSSH_9.7p1
升级前版本:
下载安装包
wget https://www.zlib.net/fossils/zlib-1.3.1.tar.gz
wget https://www.openssl.org/source/openssl-3.3.0.tar.gz
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
安装zlib1.3.1
安装依赖组件
yum install gcc
解压并安装
tar xf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure
make -j4 && make install
安装openssl 3.3.0
安装依赖组件
yum install perl
yum install perl-IPC-Cmd
yum install perl-Data-Dumper
解压并安装
tar -xf openssl-3.3.0.tar.gz
cd openssl-3.3.0
./config
make -j4 && make install
ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
/usr/local/bin/openssl version
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/bin/openssl /usr/bin/openssl
openssl version
安装openssh 9.7p1
cp /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
mv /etc/ssh /etc/ssh.bak
tar xf openssh-9.7p1.tar.gz
cd openssh-9.7p1
./configure –prefix=/usr/ –sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/ssl –with-zlib –with-md5-passwords
make -j8 && make install
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak
# ssh -V
OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd
升级后版本:
问题1:升级后不能用root直接ssh登录服务器
解答1:
修改/etc/ssh/sshd_config中配置项PermitRootLogin prohibit-password
改成PermitRootLogin yes
然后重启sshd服务
问题2:Xshell 5连接提示找不到匹配的host key算法
解答2:
Xshell 6之后可以解决此问题
