1. 安装telnet

安装telnet，防止意外ssh无法登录
centos 6.8 安装telnet-server服务

yum -y install xinetd

验证

rpm -qa | grep telnet

记录：

rpm -qa | grep telnettelnet-0.17-64.el7.x86_64telnet-server-0.17-64.el7.x86_64

rpm -qa | grep xinetd

记录：

rpm -qa | grep xinetdxinetd-2.3.15-13.el7.x86_64

关闭防火墙

service iptables status
service iptables stop

调整安全策略

setenforce 0
getenforce

记录：

getenforcedisabled

启动telnet服务和xinetd服务

service telnet start
service xinetd start

mv /etc/securetty /etc/securetty.old
service xinetd restart

2. 上传openssh安装包

将安装包openssh-8.7p1.tar上传至/tmp，升级完成后，可删除tar包

3. 安装依赖包

依赖包必须都安装，无法安装的包需联系厂商要

yum -y install lrzsz*

yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel

yum install -y pam* zlib*

ssh -V

4. 卸载现在的openssh

查询是否有rpm，若有执行下一步
卸载现有的openssh版本

rpm -qa | grep openssh   

rpm -e $(rpm -qa | grep openssh) --nodeps

5. 解压赋予权限

解压新的安装包

cd  /tmp
tar xf openssh-8.7p1.tar.gz

赋予权限

cd /tmp/openssh-8.7p1
chown -R root.root /tmp/openssh-8.7p1

6. 开始安装

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl  && make && make install

echo $?

配置文件

sed -i.bak '/Subsystem/s/Subsystem/#Subsystem/' /etc/ssh/sshd_config
sed -i.bakUseDNS '/#UseDNS/s/#UseDNS/UseDNS/' /etc/ssh/sshd_config
sed -i.bak '/^#PermitRootLogin/cPermitRootLogin yes' /etc/ssh/sshd_config

cat<<EOF>>/etc/ssh/sshd_config
Subsystem        sftp    /usr/libexec/openssh/sftp-server 
Ciphers +aes128-cbc,aes192-cbc,aes256-cbc
KexAlgorithms +diffie-hellman-group1-sha1
EOF

cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd 
chkconfig --add sshd
chkconfig sshd on
/etc/init.d/sshd start
ssh -V

mv /etc/securetty.old /etc/securetty