Redhat7.3升级OpenSSH

创建本地YUM源

cd /mnt
mkdir cdrom
mount -o loop -t iso9660 /dev/cdrom /mnt/cdrom/
cd /etc/yum.repos.d/

vi redhat7.repo

[redhat7]

name=redhat7

baseurl=file:///mnt/cdrom

enabled=1

gpgcheck=0

再输入yum repolist 查看可用yum源

再输入yum makecache 缓存本地源

注意：
如果想永久挂载的话就需要编辑vi /etc/fstab 这个文件在末尾添加一行,本次不需要
/dev/sr0 /mnt/cdrom udf defaults 0 0

cd /usr/local/src/

mv /openssh-7.9p1.tar.gz ./

tar -zxvf *

安装telnet服务，防止ssh升级后登录不上,如果以安装跳过
rpm -qa|grep telnet
rpm -qa|grep xinetd

telnet的安装和启动

1. 安装telent服务端
yum -y install telnet-server*
2.安装telnet客户端
yum install telnet.*

3.安装telnet守护进程xinetd
yum install xinetd.x86_64

4、启动telnet服务

vi /etc/xinetd.d/telnet，将disable=yes改成disable=no；

systemctl start telnet.socket

关闭telnet服务
vi /etc/xinetd.d/telnet，将disable=no改成disable=yes

systemctl stop telnet.socket

5、关闭防火墙

systemctl stop firewalld

安装编译所需工具包

yum -y install gcc pam-devel zlib-devel

yum -y install openssl-devel

find / -name openssl
find / -name ssh
whereis ssh

备份当前openssh
# 备份启动脚本以及配置文件
cp -rf /etc/init.d/ssh /etc/init.d/ssh.old
cp -rf /etc/ssh /etc/ssh.old

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers

tar -zxf openssh-7.9p1.tar.gz
cd openssh-7.9p1

yum install -y gcc openssl-devel pam-devel rpm-build
make && make install
---------------------------------------------

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so

make && make install

---------------------------------------------

修改配置文件,允许root登录
/bin/sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config

/bin/sed -i 's_#PermitRootLogin yes_PermitRootLogin yes_g' /etc/ssh/sshd_config

sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config

编译OpenSSH可能遇到的报错

# 报错： configure: error: PAM headers not found
# 解决： ubuntu: apt-get install libpam0g-dev
# centos: yum -y install pam-devel

# 报错： configure: error: *** OpenSSL headers missing - please install first or check config.log ***
# 解决： ubuntu: apt-get install libssl-dev
# centos: yum -y install openssl-devel

恢复
cp -rf /etc/ssh.old /etc/ssh