需求描述

系统预装的 OpenSSH 版本较低，不满足安全要求。故需要源码编译安装 OpenSSH。

官方地址

https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

命令记录

  220  cd openssl-1.1.1i/
  # 是否放在opt目录下表示疑问
  221  ./config --prefix=/opt/modules/ssl/
  222  make && make installl
  223  make install
  224  /opt/modules/ssl/bin/openssl version
  225  vi ~/.bashrc
  226  source ~/.bashrc

  233  cd openssh-8.7p1/
  234  ./configure --prefix=/opt/modules/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/opt/modules/ssl
  235  make 
  236  make install
  237  /opt/modules/ssh/bin/ssh -V
  240  ssh -V
  241  find / -name sshd.init
  242  cp /root/openssh-8.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
  243  chmod u+x /etc/init.d/sshd
  244  chkconfig --add sshd

  245  cp /root/openssh-8.7p1/contrib/redhat/sshd_config /etc/ssh/sshd_config

  246  cat /etc/ssh/sshd_config 
  248  cd /etc/ssh/
  250  cp sshd_config sshd_config_bak

  255  find / -name sftp-server
  256  vi /etc/ssh/sshd_config

  259  cd /usr/bin
  260  ls
  261  mv ./scp ./scp_bak
  262  mv ./sftp ./sftp_bak
  263  mv ./ssh ./ssh_bak
  264  mv ./ssh-add ./ssh-add_bak
  265  mv ./ssh-agent ./ssh-agent_bak
  266  mv ./ssh-keygen ./ssh-keygen_bak
  267  mv ./ssh-keyscan ./ssh-keyscan_bak
  268  cd /usr/sbin
  269  mv ./sshd ./sshd_bak
  270  cp /opt/modules/ssh/bin/* /usr/bin/
  271  cp /opt/modules/ssh/sbin/sshd /usr/sbin/
  272  vi /etc/ssh/sshd_config
  273  chmod 600 /etc/ssh/*
  274  rpm -qa | grep openssh
  275  rpm -e --nodeps openssh-7.4p1-21.el7.x86_64
  276  rpm -e --nodeps openssh-server-7.4p1-21.el7.x86_64
  277  rpm -e --nodeps openssh-clients-7.4p1-21.el7.x86_64
  278  rpm -qa | grep openssh
  279  cd /etc/ssh/
  280  cp ./sshd_config.rpmsave ./sshd_config
  281  ls
  282  cp /opt/modules/ssh/bin/ssh-keygen /usr/bin/
  283  cp /opt/modules/ssh/sbin/sshd /usr/sbin/
  284  systemctl restart sshd
  285  systemctl status sshd
  286  reboot

参考资料

https://blog.csdn.net/gdkyxy2013/article/details/88906630

附加问题

OpenSSH算法协议漏洞修复

见链接