OpenSSH是一款开源的安全远程登陆工具,也是Linux系统中最常用的服务之一,近年来频繁爆出高危漏洞,深受各大企业关注。掌握升级OpenSSH或许是每位运维人员必经的成长阶段,今天给大家分享编译安装OpenSSH的方法,希望能帮助刚入门的Linux运维朋友们。
实验环境
操作系统:RHEL 6.10
OpenSSH:8.3p1
OpenSSL:1.1.1g
服务端篇
第一步 安装依赖软件
- [root@wanghualang ~]# yum -y install gcc make wget vim zlib-devel pam-devel
第二步 编译安装OpenSSL
- [root@wanghualang ~]# cd /usr/local/src/
- [root@wanghualang src]# wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1g.tar.gz
- [root@wanghualang src]# tar xzf openssl-1.1.1g.tar.gz
- [root@wanghualang src]# cd openssl-1.1.1g
- [root@wanghualang openssl-1.1.1g]# ./config \
- --prefix=/usr/local/openssl-1.1.1g \
- --openssldir=/usr/local/openssl-1.1.1g/ssl -fPIC
- [root@wanghualang openssl-1.1.1g]# make
- [root@wanghualang openssl-1.1.1g]# make install
第三步 配置动态库
- [root@wanghualang ~]# echo "/usr/local/openssl-1.1.1g/lib" >> /etc/ld.so.conf
- [root@wanghualang ~]# ldconfig
第四步 编译安装OpenSSH
- [root@wanghualang ~]# cd /usr/local/src/
- [root@wanghualang src]# wget --no-check-certificate https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
- [root@wanghualang src]# tar xzf openssh-8.3p1.tar.gz
- [root@wanghualang src]# cd openssh-8.3p1
- [root@wanghualang openssh-8.3p1]# ./configure \
- --prefix=/usr \
- --sysconfdir=/etc/ssh \
- --with-ssl-dir=/usr/local/openssl-1.1.1g \
- --with-zlib \
- --with-pam \
- --with-md5-passwords
- [root@wanghualang openssh-8.3p1]# make
- [root@wanghualang openssh-8.3p1]# make install
第五步 配置OpenSSH(可选)
- [root@wanghualang ~]# sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
- [root@wanghualang ~]# sed -i 's/#X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config
- [root@wanghualang ~]# sed -i 's/#PrintMotd yes/PrintMotd no/' /etc/ssh/sshd_config
- [root@wanghualang ~]# sed -i 's/#PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config
- [root@wanghualang ~]# sed -i 's/#UseDNS no/UseDNS no/' /etc/ssh/sshd_config
第六步 添加实用脚本(可选)
- [root@wanghualang ~]# cp /usr/local/src/openssh-8.3p1/contrib/ssh-copy-id /usr/bin/ssh-copy-id
- [root@wanghualang ~]# chmod +x /usr/bin/ssh-copy-id
第七步 启动OpenSSH
- [root@wanghualang ~]# cp -rf /usr/local/src/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
- [root@wanghualang ~]# chmod +x /etc/init.d/sshd
- [root@wanghualang ~]# chkconfig --add sshd
- [root@wanghualang ~]# chkconfig sshd on
- [root@wanghualang ~]# service sshd start
2020年4月14日 00:00 0楼
装这个干啥用呢