一、环境
[root@tmp179 package]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@tmp179 package]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
二、 升级前准备
mkdir /opt/package
cd /opt/package
wget https://www.openssl.org/source/openssl-3.1.5.tar.gz --no-check-certificate
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz --no-check-certificateyum -y install gcc gcc-c++ openssl-devel libstdc++* libcap* pam-devel zlib-devel perl perl-IPC-Cmd
三、升级openssl
mv /usr/lib64/openssl /usr/lib64/openssl.old
yum remove openssl #注意输入y或者直接加-y参数再执行
tar -zxf openssl-3.1.5.tar.gz
cd /opt/package/openssl-3.1.5
./config --prefix=/usr
make && make install #顺利的话10分钟左右,可能需要20分钟
which openssl #查看升级后的Openssl路径
openssl version #确认升级是否成功,成功的话能显示版本号OpenSSL 3.1.5 30 Jan 2024 (Library: OpenSSL 3.1.5 30 Jan 2024)
四、升级openssh
cd /opt/package
tar -zxf openssh-9.6p1.tar.gz
rpm -qa | grep -E "zlib-devel|openssl-devel|gcc" #需要有这些组件
mkdir /etc/ssh.bak
mv /etc/ssh/ /etc/ssh.bak/
cd /opt/package/openssh-9.6p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make && make install
cp /opt/package/openssh-9.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
cp /etc/ssh/sshd_config{,.bak}
sed -i 's/^PermitRootLogin/#&/' /etc/ssh/sshd_config
sed -i '32i PermitRootLogin yes' /etc/ssh/sshd_config
chkconfig --add sshd
systemctl daemon-reload
systemctl restart sshd #远程连接会断开。
ssh -V #重新打开个远程连接窗口,并执行。会看到新版本OpenSSH_9.6p1, OpenSSL 3.1.5 30 Jan 2024
-------ok------2024年3月9日18:11:09----------------------