前言:该升级操作是为了处理openssh漏洞
一、基础依赖
下载相关的包
wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
wget --no-check-certificate http://www.zlib.net/zlib-1.3.1.tar.gz
wget --no-check-certificate https://www.openssl.org/source/openssl-3.2.1.tar.gz安装依赖
apt update
apt install -y g++ perl make libpam0g-dev build-essential二、安装telnet
在升级SSH过程中,确保Telnet能够连接服务器是为了提供远程访问方式(以防ssh升级失败,导致无法连接服务器)。需要注意的是,由于Telnet的不安全性,应尽量减少在正式环境中使用Telnet,并在SSH升级完成&恢复正常的SSH远程访问后关闭Telnet。
apt install openbsd-inetd telnetd telnet -y
systemctl restart openbsd-inetd
systemctl status openbsd-inetd
netstat -anpt|grep 23
telnet 1.2.3.4 23卸载原openssh:
apt-get autoremove openssh-server openssh-client -y三、安装zlib
cd /home/sys-software
sudo tar zxvf zlib-1.3.1.tar.gz
cd zlib-1.3.1/
sudo ./configure --shared
sudo make && make install四、.安装openssl
cd /home/sys-software
tar zxvf openssl-3.2.1.tar.gz
cd openssl-3.2.1/
./config --shared zlib && make && make installmv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
mkdir -p /usr/local/openssl/lib64ln -s /usr/local/lib64/libssl.so /usr/local/openssl/lib64/libssl.so
echo “/usr/local/openssl/lib64” > /etc/ld.so.conf.d/openssl.conf
ln -s /usr/local/lib64/libssl.so.3 /usr/lib/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3openssl version
五、安装更新ssh
cd /home/sys-software
tar zxvf openssh-9.6p1.tar.gz
cd /home/sys-software/openssh-9.6p1./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/include/openssl --with-privsep-path=/var/lib/ssh --with-ssl-dir=/home/sys-software/openssl-3.2.1 【路径修改为ssl的路径】
make && make installssh -V
六、启动ssh
systemctl unmask ssh
systemctl restart sshdscp如果传不了文件则修改如下配置
vim /etc/ssh/sshd_config
#Subsystem sftp /usr/local/openssh/libexec/sftp-server改成下面这句
Subsystem sftp internal-sftp
systemctl restart sshd
