一、源码下载
https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/
二、依赖环境安装
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make krb5-devel git meson ninja-build glib2-devel lcms2-devel -y
上传或者使用wget下载包
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-10.0p2.tar.gz
三、源码编译安装
安装依赖库
yum groupinstall "Development Tools" -y
yum install zlib-devel openssl-devel pam-devel -y
解压源码包:
tar -zxvf openssh-10.0p2.tar.gz
cd openssh-10.0p2
编译与安装:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib --with-pam
- 如果系统中已安装其他版本的OpenSSL,需将
--with-ssl-dir参数设置为OpenSSL的实际安装路径。
- 编译并安装:
make && make install
**error:**openssl版本低 需要先升级openssl 解决办法看文章最后
配置服务:
- 复制必要的配置文件和服务脚本:
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd
chmod +x /etc/init.d/sshd更新系统服务:
*
systemctl daemon-reexec
systemctl enable sshd
systemctl start sshd验证安装:
- ssh -V
四、用构建的预编译的RPM包
安装依赖
yum -y install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make krb5-devel git meson ninja-build glib2-devel lcms2-devel -y上传或wget下载openssh-10.0p2.tar.gz文件到/root目录下
bash
cd /root/
tar -xvf openssh-10.0p2.tar.gz
mkdir -pv rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
cp openssh-10.0p2/contrib/redhat/openssh.spec rpmbuild/SPECS/
cp ~/openssh-10.0p2.tar.gz /root/rpmbuild/SOURCES
/cd rpmbuild/SPECS/
vi openssh.spec
打开这俩方便调试
把源码包放置在:/root/rpmbuild/SOURCES目录下 过程中发现openssh-10.0p2.tar.gz解压完为openssh-10.0p1 注意一下 开始构建可能会提示SOURCE下找不到包
执行:rpmbuild -bb openssh.spec 开始构建
过程中出现
解决:找到openssh.spec中%files server部分的内容
添加如下内容、再次执行构建rpm包命令
bash
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-auth
构建成功后 rpm包在以下路径:
/root/rpmbuild/RPMS/x86_64
RPM包升级及报错处理
备份配置文件
bash
cp -rp /etc/ssh/ /etc/ssh-backup
cp -p /etc/pam.d/sshd /etc/pam.d/sshd-backup
cp -p /etc/sysconfig/sshd /etc/sysconfig/sshd-backup
cp -p /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service-backup再执行yum安装升级
bash
cd /root/rpmbuild/RPMS/x86_64
yum localinstall *.rpm -y报错排查
sshd -t 校验配置文件
执行以下命令自动生成所有缺失的密钥类型(RSA、ECDSA、ED25519):
`ssh-keygen -A`确保密钥文件权限正确(仅root可读写):
`chmod 600 /etc/ssh/ssh_host_*_key
chmod 644 /etc/ssh/ssh_host_*_key.pub`
临时禁用SELinux:
setenforce 0
systemctl restart sshd
vim /etc/ssh/sshd_config 修改以下两行
PermitRootLogin yes #允许root登陆、 PasswordAuthentication yes #允许使用密码登陆
升级Openssl
一、升级OpenSSL 1.1.1+版本
-
安装编译依赖
`yum groupinstall "Development Tools" -y yum install zlib-devel pam-devel perl-IPC-Cmd -y` -
下载并编译OpenSSL
以OpenSSL 1.1.1w为例:
`wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz tar -zxvf openssl-1.1.1w.tar.gz cd openssl-1.1.1w ./config --prefix=/usr/local/openssl --openssldir=/etc/ssl --shared zlib make -j$(nproc) && make install` -
更新系统链接库
bashecho "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf ldconfig ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl openssl version # 验证应显示1.1.1w二、编译安装OpenSSH 10.0p2
-
下载源码并配置
`wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-10.0p2.tar.gz tar -zxvf openssh-10.0p2.tar.gz cd openssh-10.0p2 ./configure \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --with-ssl-dir=/usr/local/openssl \ --with-pam \ --with-zlib` -
编译与安装
`make -j$(nproc) && make install` -
配置服务与验证
`cp contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd systemctl daemon-reload systemctl restart sshd ssh -V # 应显示OpenSSH_10.0p2 可能会出现以下情况 `执行以下命令自动生成所有缺失的密钥类型(RSA、ECDSA、ED25519):
`ssh-keygen -A`若特定密钥缺失,可单独生成:
`# 生成RSA密钥 ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' # 生成ECDSA密钥 ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' # 生成ED25519密钥 ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''`确保密钥文件权限正确(仅root可读写):
`chmod 600 /etc/ssh/ssh_host_*_key chmod 644 /etc/ssh/ssh_host_*_key.pub`临时禁用SELinux: setenforce 0 systemctl restart sshd vim /etc/ssh/sshd_config 修改以下两行
PermitRootLogin yes #允许root登陆、 PasswordAuthentication yes #允许使用密码登陆
