适用系统:CentOS 7 / 8 / Alibaba Cloud Linux / 火山引擎 Linux / RHEL
一、安装依赖(必须执行)
bash
运行
yum install -y gcc gcc-c++ make zlib-devel openssl-devel pam-devel二、下载并解压 OpenSSH 10.3p1
bash
运行
cd /usr/local/src
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
tar -zxvf openssh-10.3p1.tar.gz
cd openssh-10.3p1三、编译配置
bash
运行
./configure --prefix=/usr/local/openssh103 \
--sysconfdir=/etc/ssh \
--with-pam \
--with-ssl-dir=/usr/include/openssl \
--with-zlib \
--with-md5-passwords四、编译安装
bash
运行
make -j4
make install五、覆盖旧版本(关键)
bash
运行
\cp -f /usr/local/openssh103/bin/ssh /usr/bin/ssh
\cp -f /usr/local/openssh103/sbin/sshd /usr/sbin/sshd
\cp -f /usr/local/openssh103/bin/ssh-keygen /usr/bin/ssh-keygen六、修复权限
bash
运行
chmod 600 /etc/ssh/ssh_host_*key
chmod 755 /usr/sbin/sshd七、重启 SSH 服务(不中断当前连接)
bash
运行
systemctl restart sshd八、验证升级结果
bash
运行
ssh -V成功显示:
plaintext
OpenSSH_10.3p1, OpenSSL 1.1.1w 16 Nov 2023九、SSH 安全加固(可选)
bash
运行
sed -i 's/#PermitRootLogin yes/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sed -i 's/#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
systemctl restart sshd