Centos 7.9 升级openssh 9.8p1

发表于 2024-07-02 更新于 2024-07-04 分类于 Linux 阅读次数：

报错处理

npm ERR! ssh_exchange_identification: Connection closed by remote host
npm ERR! fatal: Could not read from remote repository.

MaxStartups 100

navicat 连接失败，版本太低

# 在sshd_config下加入
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

Centos 7.9 升级openssh 9.8p1

openssl 下载：https://www.openssl.org/source/
https://www.openssl.org/source/openssl-3.3.1.tar.gz
openssh 下载：https://www.openssh.com/releasenotes.html#9.8p1
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
zlib 下载：https://www.zlib.net/
https://www.zlib.net/zlib-1.3.1.tar.gz

#/bin/bash
now=`date +%Y%m%d`
yum install  -y gcc gcc-c++  make autoconf openssl openssl-devel pcre-devel  pam-devel  perl-CPAN


# 安装perl执行环境
# https://blog.csdn.net/weixin_45920147/article/details/135200046
# https://blog.csdn.net/u013171471/article/details/136239375?spm=1001.2101.3001.6650.19&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7ERate-19-136239375-blog-137240622.235%5Ev43%5Epc_blog_bottom_relevance_base1&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7ERate-19-136239375-blog-137240622.235%5Ev43%5Epc_blog_bottom_relevance_base1&utm_relevant_index=23


# 安装 openssl-3.3.1
tar -xf openssl-3.3.1.tar.gz
mv /usr/bin/openssl /usr/bin/openssl_bak_${now}
mv /usr/include/openssl /usr/include/openssl_bak_${now}
cd openssl-3.3.1
./config --prefix=/usr/local/ssl-3.3.1 -d shared
make && make install

ln -s /usr/local/ssl-3.3.1/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl-3.3.1/include/openssl /usr/include/openssl

echo '/usr/local/ssl-3.3.1/lib64' >> /etc/ld.so.conf
ldconfig -v
openssl version

# 安装zlib-1.3.1
tar -xf zlib-1.3.1.tar.gz
cd ./zlib-1.3.1
./configure --prefix=/usr/local/zlib-1.3.1
make && make install
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key

# 安装openssh-9.8p1

tar -xf openssh-9.8p1.tar.gz
cd openssh-9.8p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl-3.3.1/include --with-ssl-dir=/usr/local/ssl-3.3.1 --with-zlib=/usr/local/zlib-1.3.1 --with-md5-passwords --with-pam
cp -r /etc/ssh /etc/ssh_${now}
# make 报错的话执行以下命令
#autoreconf
make && make install

sed -i '/X11Forwarding/s/#X11Forwarding yes/X11Forwarding yes/' /etc/ssh/sshd_config
sed -i '/PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i '/UseDNS/s/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
\cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd
\cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
systemctl daemon-reload
/etc/init.d/sshd restart