CentOS8.3 openssh-8.8p1编译安装

  1. 配置镜像源(参考 centos-vault 镜像使用帮助
  • CentOS 8(非 Stream 版本)已停止维护,已被官方移除出官方yum仓库,所以配置镜像源,要注意配置“centos-vault“镜像,以清华镜像为例
  • 首先查看系统小版本号
[root@0006 openssh-8.8p1]#
[root@0006 openssh-8.8p1]# cat /etc/centos-release
CentOS Linux release 8.3.2011
[root@0006 openssh-8.8p1]# minorver=8.3.2011
  • 执行如下命令修改镜像源为清华源
sudo sed -e "s|^mirrorlist=|#mirrorlist=|g" \
        -e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/$minorver|g" \
        -i.bak \
        /etc/yum.repos.d/CentOS-*.repo
  • 更新软件包缓存 yum makecache
  1. 安装telnet (避免ssh升级失败,无法使用ssh远程登录服务器)
yum -y install telnet-server
yum -y install xinetd
  1. 配置开机自启动
systemctl enable telnet.socket
systemctl enable xinetd

  1. 启动telnet服务
systemctl start telnet.socket
systemctl start xinetd

  1. 查看23端口是否启动
netstat -lntup

  1. 在配置文件增加如下2行内容
[root@0006 ~]# cat /etc/securetty
pts/0
pts/1
  1. 尝试用telnet登录服务器
  1. 下载openssh源码并解压
cd /usr/local/src/
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
tar xvf openssh-8.8p1.tar.gz
cd openssh-8.8p1
  1. 先安装可能缺失的安装包
yum -y install zlib* libcry* openssl-devel pam-devel gcc make cmake
  1. 生成Makefile,查看输出是否为0(没有编译ssl,可以去掉参数 –with-ssl-dir)
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/lib64 --without-hardening
echo $?
  1. 编译,查看输出是否为0
make
echo $?

  1. 修改权限及备份
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.back
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.back
mv /etc/ssh/moduli /etc/ssh/moduli.back
  1. 安装,查看输出是否为0
make install
echo $?
  1. 修改ssh配置文件,允许root登录(看个人需求),以及复制文件到系统服务目录
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

  1. 配置ssh服务开机自启动
[root@0006 openssh-8.8p1]# chkconfig --add sshd
[root@0006 openssh-8.8p1]# systemctl enable sshd
Synchronizing state of sshd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable sshd
[root@0006 openssh-8.8p1]# /usr/lib/systemd/systemd-sysv-install enable sshd
[root@0006 openssh-8.8p1]# systemctl enable sshd
Synchronizing state of sshd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable sshd
  1. 移走原来的服务,否则,可能重启ssh失败
mv /usr/lib/systemd/system/sshd.service /home/
  1. 启动ssh服务,查看22端口是否启动,查看ssh版本是否更新
/etc/init.d/sshd restart

  1. 升级openssh版本后,使用SecureCRT连接可能会失败,好像是加密算法升级了。可以使用SecureCRT 8以上的版本,或者在配置文件增加以下配置并重启ssh服务:
[root@0006 ~]# tail -1 /etc/ssh/sshd_config
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org
/etc/init.d/sshd restart