openssh8.0低版本存在漏洞,所以需要升级到最新版,由于内网环境所以需要采用离线安装。
下载依赖openssl、zlib、openssh 下载:openssh8.4需要的 openssl-1.1.1g, openssh-8.4p1,zlib-1.2.11解压升级包 tar -zxvf zlib-1.2.11.tar.gz tar -zxvf openssh-8.4p1.tar.gz tar -zxvf openssl-1.1.1g.tar.gz 编译安装zlib cd zlib-1.2.11 ./configure --prefix=/usr/local/zlib make && make install 编译安装openssl cd openssl-1.1.1g ./config --prefix=/usr/local/ssl -d shared make && make install echo '/usr/local/ssl/lib' >> /etc/ld.so.conf ldconfig -v 安装openssh cd openssh-8.4p1 ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl make && make install sshd_config文件修改 echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config备份原有文件,并将新的配置复制到指定目录
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config mv /usr/sbin/sshd /usr/sbin/sshd.bak cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd mv /usr/bin/ssh /usr/bin/ssh.bak cp /usr/local/openssh/bin/ssh /usr/bin/ssh mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub 启动sshd service sshd restart ssh -V [root@localhost openssh-8.4p1]# ssh -V OpenSSH_8.4p1, OpenSSL 1.1.1g 21 Apr 2020