Centos | centos7升级openssh记录

升级OpenSSL到OpenSSL 1.1.1w

yum install perl-core zlib-devel gcc -y
tar xvf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
make -j8
make install
echo 'export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH' >> /etc/profile
source /etc/profile
/usr/local/openssl/bin/openssl version

升级Openssh到Openssh-9.8p1

tar xvf openssh-9.8p1.tar.gz
cd openssh-9.8p1
./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl
make -j8
make install
cp /usr/sbin/sshd /usr/sbin/sshd.old
cp /usr/bin/ssh /usr/bin/ssh.old
cp -r /usr/local/openssh/etc /usr/local/openssh/etc.bak
yes | cp -f /etc/ssh/ssh_host_* /usr/local/openssh/etc
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /usr/local/openssh/etc/sshd_config
cat << 'EOF' > /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
Environment="LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH"
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
EOF
rm -f /usr/sbin/sshd /usr/bin/ssh
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/
ln -s /usr/local/openssh/bin/ssh /usr/bin/
systemctl daemon-reload && systemctl restart sshd && sshd -V