环境:# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
Openssl编译安装
Openssl官网下载地址https://www.openssl.org/source/
安装依赖 gcc gcc-c++ perl
# tar xf openssl-1.1.1g.tar.gz
# cd openssl-1.1.1g
# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl/ssl -fPIC shared zlib
编译参数解释:
--openssldir=OPENSSLDIR 安装目录,默认是 /usr/local/ssl
--prefix=PREFIX 设置 lib include bin 目录的前缀,默认为 OPENSSLDIR 目录
zlib zlib-dynamic no-zlib 使用静态的zlib压缩库、使用动态的zlib压缩库、不使用zlib压缩功能
shared 生成动态连接库
# make && make install
# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
# ldconfig
# echo "export PATH=/usr/local/openssl/bin:$PATH" >> /etc/profile
# source /etc/profile
# openssl version
OpenSSL 1.1.1g 21 Apr 2020
Openssh升级
Openssh下载官网https://www.openssh.com/
依赖:gcc gcc-c++ autoconf zlib-devel pam-devel make
查看当前版本
# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
# tar xf openssh-8.3p1.tar.gz
# cd openssh-8.3p1
# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-ssl-dir=/usr/local/openssl --with-pam --with-zlib
# make
# mv /etc/ssh/ /etc/ssh_bak
# mv /etc/pam.d/sshd /etc/pam.d/sshd_bak
# make install
# cp contrib/redhat/sshd.init /etc/init.d/sshd
# cp contrib/redhat/sshd.pam /etc/pam.d/sshd
# sed -i '/#PermitRootLogin/a PermitRootLogin yes' /etc/ssh/sshd_config
# sed -i '/#PubkeyAuthentication/a PubkeyAuthentication yes' /etc/ssh/sshd_config
# sed -i '/#PasswordAuthentication/a PasswordAuthentication yes' /etc/ssh/sshd_config
# sed -i '/#UseDNS/a UseDNS no' /etc/ssh/sshd_config
# sed -i '/#UsePAM/a UsePAM yes' /etc/ssh/sshd_config
需要删除原来的sshd启动服务不然重启sshd服务启动不起来
# rm -f /usr/lib/systemd/system/sshd.service
# systemctl daemon-reload
# service sshd restart
添加开机启动
# chkconfig --add sshd
# chkconfig --list
# ssh -V
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020