开发的系统准备上线，甲方对欧拉服务器进行了扫描，发现openssh版本为8.2p1，存在漏洞，因此需要升级openssh至9.7p1。欧拉系统版本为20.03 SP3。

1、下载openssh 9.7p1

https://www.openssh.com/releasenotes.html，
将下载的包放在/opt目录下

2、安装telnet

yum -y install telnet
yum -y install telnet-server
systemctl enable telnet.socket
systemctl start telnet.socket
mv /etc/security /etc/security.bak

3、安装依赖

yum -y install gcc keyutils-libs rpm-build krb5-devel libcom_err-devel libselinux-devel pam-* openssl-devel pkgconfig vsftpd zlib*

4、备份文件

mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak

5、清除openssh rpm包

rpm -e rpm -qa | grep openssh --nodeps

6、编译安装openssh

cd /opt
tar zxvf openssh-9.7p1.tar.gz
cd /opt/openssh-9.7p1/
./configure --sysconfdir=/etc/ssh
make
make install

7、查看sshd

which sshd

8、修改文件

cp /opt/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
sed -i ‘25cSSHD=/usr/local/sbin/sshd’ /etc/init.d/sshd
sed -i ‘41c/usr/local/bin/ssh-keygen -A’ /etc/init.d/sshd
下面这个是一行
sed -i “/#PermitRootLogin prohibit-password/c\PermitRootLogin yes” /etc/ssh/sshd_config
cp /opt/openssh-9.7p1/contrib/ssh-copy-id /usr/local/bin/
chmod +x /opt/openssh-9.7p1/contrib/ssh-copy-id

9、验证

systemctl daemon-reload
service sshd start
/usr/local/bin/ssh -V

10、开启安全文件

mv /etc/security.bak /etc/security