升级openssh
1.下载openssh包
2.开启telnet(防止失败)
yum install -y telnet-server telnet xinetd
systemctl restart telnet.socket
systemctl restart xinetd
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
systemctl restart telnet.socket
3.安装
备份旧ssh配置文件
mv /etc/ssh/ /etc/ssh-bak
编译安装
yum install -y pam-devel zlib-devel
tar zxvf openssh-*.tar.gz
cd openssh*
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make -j $(nproc) && make install
复制启动脚本:
\cp contrib/redhat/sshd.init /etc/init.d/sshd
\chkconfig sshd on
验证版本信息:
ssh -V
配置
cat > /etc/ssh/sshd_config <<EOF
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
PubkeyAuthentication yes
UsePAM yes
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
AllowTcpForwarding yes
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF
调整service,重启ssh服务
sed -i "s;Type=notify;#Type=notify;g" /usr/lib/systemd/system/sshd.service
systemctl daemon-reload && systemctl restart sshd
查看ssh服务是否健康
journalctl -xef -u sshd
启动时,如果报sshd: no hostkeys available — exiting错误,执行以下步骤修复
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/*
重启ssh
systemctl restart sshd
成功后关闭telnet
systemctl disable telnet.socket --now
systemctl disable xinetd --now