注:此文章属原创,转载请注明出处,谢谢。
1. 环境信息: (vm, centos 7.1 x64)
# rpm -qa | grep openssh
openssh-server-6.6.1p1-11.el7.x86_64
openssh-6.6.1p1-11.el7.x86_64
openssh-clients-6.6.1p1-11.el7.x86_64
# rpm -qa | grep openssl
openssl-libs-1.0.1e-42.el7.x86_64
openssl-1.0.1e-42.el7.x86_64
#
2. 准备工作:
a). centos 7.1的操作系统光盘或ISO文件
b). openssh 7.6p1源码包(openssh-7.6p1.tar.gz)
c). openssl 1.0.2n源码包(openssl-1.0.2n.tar.gz)
d). 操作前,要先关闭SELINUX和防火墙服务
源码包下载地址
Openssh: http://www.openssh.com/
Openssl: https://www.openssl.org/
3. 上传文件包
先将源码包通过FTP上传到服务器中。
4. 配置YUM源
略
5. 安装gcc/zlib等编译工具
# yum -y install gcc-* libmpc-* cpp-* pam-devel-*
# yum -y install krb5-devel* zlib-devel* zlib-*
6. 安装telnet、创建临时普通用户
a). 安装telnet
# yum -y install telnet-server.x86_64
# yum -y install telnet.x86_64
# yum -y install xinetd.x86_64
b). 设置开机启动
# systemctl enable xinetd.service
# systemctl enable telnet.socket
c). 开启service
# systemctl start telnet.socket
# systemctl start xinetd
d). 创建临时普通用户
# useradd user1
# passwd user1
使用普通用户user1,通过telnet协议登录到服务器中 (root用户默认不能登录)
7. 安装openssl
a). 编译openssl
# tar -xvzf openssl-1.0.2n.tar.gz
# cd openssl-1.0.2n/
# ./config
# make
# make install
b). 创建新的openssl文件
# mv /usr/bin/openssl /usr/bin/openssl.bak
# mv /usr/include/openssl /usr/include/openssl.bak
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# ln -s /usr/local/ssl/include/openssl /usr/include/openssl
c). 配置openssl库文件搜索路径
# cat /etc/ld.so.conf
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# /sbin/ldconfig -v
d). 验证版本:
# openssl version -a
8. 安装openssh
a). 先备份原有ssh目录
# mv /etc/ssh/ /etc/ssh.bak/
b). 停止和卸载openssh
# service sshd stop
# rpm -qa | grep openssh
# rpm -e --nodeps `rpm -qa | grep openssh`
c). 编译openssh
# tar -xvzf openssh-7.6p1.tar.gz
# cd openssh-7.6p1/
# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
# make
# make install
# mv /etc/init.d/sshd /etc/init.d/sshd.bak
# cd openssh-7.6p1/
# cp contrib/redhat/sshd.init /etc/init.d/sshd
# chmod u+x /etc/init.d/sshd
# chkconfig --add sshd
# cd openssh-7.4p1/
# cp /usr/sbin/sshd /usr/sbin/sshd.bak
# cp sshd /usr/sbin/sshd
d). 设置允许root帐号通过SSH登录
# vi /etc/ssh/sshd_config
PermitRootLogin yes
e). 启动openssh
# service sshd restart
f). 验证openssh版本
# ssh -V
9. 卸载telnet
a). 重新登录
使用root用户,通过ssl协议登录到服务器中
b). 停止服务
# systemctl stop telnet.socket
# systemctl stop xinetd
c). 卸载telnet
# rpm -e telnet-server.x86_64
# rpm -e telnet.x86_64
# rpm -e xinetd.x86_64
d). 删除临时普通用户
# userdel -r user1