升级openssh

1.下载openssh包

下载站点

2.开启telnet(防止失败)

yum install -y telnet-server telnet xinetd 

systemctl restart telnet.socket
systemctl restart xinetd

echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
systemctl restart telnet.socket

3.安装

备份旧ssh配置文件

mv /etc/ssh/ /etc/ssh-bak

编译安装

yum install -y pam-devel zlib-devel
tar zxvf openssh-*.tar.gz
cd openssh*
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make -j $(nproc) && make install

复制启动脚本:

\cp contrib/redhat/sshd.init /etc/init.d/sshd
\chkconfig sshd on

验证版本信息:

ssh -V

配置

cat > /etc/ssh/sshd_config <<EOF
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
PubkeyAuthentication yes
UsePAM yes
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
AllowTcpForwarding yes
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF

调整service,重启ssh服务

sed -i "s;Type=notify;#Type=notify;g" /usr/lib/systemd/system/sshd.service
systemctl daemon-reload && systemctl restart sshd

查看ssh服务是否健康

journalctl -xef -u sshd

启动时,如果报sshd: no hostkeys available — exiting错误,执行以下步骤修复

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/*

重启ssh

systemctl restart sshd

成功后关闭telnet

systemctl disable telnet.socket --now
systemctl disable xinetd --now
Copyright © weiliang 2021 all right reserved,powered by Gitbook本书发布时间: 2024-04-22 16:03:41

results matching ""

    No results matching ""