升级前的准备工作:

开启服务器的telnet 因为在升级过程中可能导致ssh无法使用。


下载升级软件:


从站点上下在最新的软件包

http://www.openssl.org/

http://www.openssh.org/

解压:

#tar -zxvf openssh-6.6p1.tar.gz 

#tar -zxvf openssl-1.0.1g.tar.gz 


升级openssl


备份原有的openssl:

#mkdir -p /root/usr/openssl

#mkdir -p /root/usr/include/

#cp /usr/bin/openssl /root/usr/openssl

#cp -r /usr/include/openssl /root/usr/include/openssl

编译

#cd openssl-1.0.1g

#./config --prefix=/usr --shared  


补充说明:

要加上shared参数,否则在升级ssh时会出现头文件和库文件不匹配的信息:

checking whether getpgrp requires zero arguments... yes

checking OpenSSL header version... 1000103f (OpenSSL 1.0.1c 10 May 2012)

checking OpenSSL library version... 90802f (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008)

checking whether OpenSSL's headers match the library... no

configure: error: Your OpenSSL headers do not match your

library. Check config.log for details.

If you are sure your installation is consistent, you can disable the check

by running "./configure --without-openssl-header-check".

Also see contrib/findssl.sh for help identifying header/library mismatches.

会无法正常运行


补充说明:

如果不想升级ssh,那么只要使用

#./config --prefix=/usr

但是升级完后版全是升上去了,但是sshd -v时,发现sshd显示的还是原来的openssl版本。


#make

#make test

#make install

#openssh version -a

OpenSSL 1.0.1g 7 Apr 2014

built on: Fri May 23 16:56:53 CST 2014

platform: linux-x86_64

options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

OPENSSLDIR: "/usr/ssl"

此时去运行sshd -v 或是重启sshd服务时会提示:

OpenSSL version mismatch. Built against 1000103f, you have 90802f

当现面以上进示时,只能强行重新编译SSH。


升级SSH


备份原来的ssh版本

#mv /etc/ssh /etc/ssh_old

编译

#cd openssh-6.6p1

#./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-openssl-includes=/usr/ --with-md5-passwords --mandir=/usr/share/man 

#make 

#make isntall

#service sshd restart

#sshd -v

OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014

usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]

            [-E log_file] [-f config_file] [-g login_grace_time]

            [-h host_key_file] [-k key_gen_time] [-o option] [-p port]

            [-u len]