#!/bin/bash
备份相关配置文件
cp /etc/pam.d/sshd /etc/pam.d/sshd.before
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before
安装OpenSSH的rpm包
rpm -Uvh *.rpm
进入ssh配置目录并设置密钥权限
cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
修改sshd_config配置项
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's/#UsePAM no/UsePAM yes/g' /etc/pam.d/sshd
/bin/cp /etc/pam.d/sshd.before /etc/pam.d/sshd
清空相关算法配置项
sed -i '/KexAlgorithms/d' /etc/ssh/sshd_config
sed -i '/GSSAPIKexAlgorithms/d' /etc/ssh/sshd_config
sed -i '/HostKeyAlgorithms/d' /etc/ssh/sshd_config
写入新的算法配置
echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256@libssh.org" >> /etc/ssh/sshd_config
echo "HostKeyAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config
重启sshd服务
systemctl restart sshd