preparation in advance
Execute yum update openssh to upgrade first.
The official upgrade is okay anyway.If you have previously manually compiled an upgrade of openssh, test yourself for changes to the default profile path.)
(Unified openssh version 7.4p1 is prepared here before Unified Compile Installation is upgraded to openssh 8.2p1)
[root@node1 ~]# yum update openssh -y [root@node1 ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Download openssh and the openssl installation package
openssl download link: https://www.openssl.org/source/
openssh download link: http://www.openssh.com/portable.html
Install Configuration telnet
install telnet-server as well as xinetd [root@node1 ~]# yum install -y xinetd telnet-server
Many centos7 versions now do not have a configuration file called telnet after telnet-server and xinetd are installed.
If the following telnet file does not exist, you can skip this part of the change
[root@node1 ~]# ll /etc/xinetd.d/telnet ls: cannot access /etc/xinetd.d/telnet: No such file or directory
If the following file exists, change the configuration telnet to allow root login and change disable = no to disable = yes
[root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID } [root@rhel yum.repos.d]# vim /etc/xinetd.d/telnet [root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { disable = yes flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }
Configure the terminal type for telnet login, add some pts terminals at the end of the / etc/securetty file, as follows
pts/0
pts/1
pts/2
pts/3
Start telnet service and set boot autostart
[root@node1 ~]# systemctl start xinetd [root@node1 ~]# systemctl enable xinetd [root@node1 ~]# systemctl start telnet.socket [root@node1 ~]# systemctl enable telnet.socket Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket
Test, switch to telnet login
Install Dependent Packages
Upgrade requires several components, some related to compilation, etc.
[root@node1 ~]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
Install pam, zlib, etc. (Pam may not be used for subsequent upgrades, installation will have no impact, test yourself if you do not want to install pam)
[root@node1 ~]# yum install -y pam* zlib*
Install openssl
Back up the next two files or directories (if they exist)
[root@node1 openssl-1.1.1g]# ll /usr/bin/openssl -rwxr-xr-x 1 root root 555288 Aug 9 2019 /usr/bin/openssl [root@node1 openssl-1.1.1g]# mv /usr/bin/openssl /usr/bin/openssl.20200522 [root@node1 openssl-1.1.1g]# ll /usr/include/openssl/ total 1864 -rw-r--r-- 1 root root 6146 Aug 9 2019 aes.h -rw-r--r-- 1 root root 63204 Aug 9 2019 asn1.h -rw-r--r-- 1 root root 24435 Aug 9 2019 asn1_mac.h ...... [root@node1 openssl-1.1.1g]# mv /usr/include/openssl /usr/include/openssl.20200522bak
Compile and install a new version of openssl
Configure, compile, install three commands to execute together
The &&symbol indicates that the previous execution succeeds before the latter
[root@node1 openssl-1.1.1g]# pwd /root/openssh/openssl-1.1.1g [root@node1 openssl-1.1.1g]# ./config –prefix=/usr/local/openssl && make && make install
The next 2 files or directories are soft-linked (mv backup of previous steps)
[root@node1 openssl-1.1.1g]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl [root@node1 openssl-1.1.1g]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl [root@node1 openssl-1.1.1g]# ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so
The command line executes the following two commands to load the new configuration
[root@node1 openssl-1.1.1g]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf [root@node1 openssl-1.1.1g]# ldconfig
View Confirmation Version
[root@node1 openssl-1.1.1g]# openssl version OpenSSL 1.1.1g 21 Apr 2020
Install openssh
Unzip File
[root@node1 openssh]# tar -xf openssh-8.2p1.tar.gz [root@node1 openssh]# cd openssh-8.2p1 [root@node1 openssh-8.2p1]# ll
Maybe the file defaults to 1000 for uid and gid arrays, reauthorized here.Not authorizing may or may not affect installation (test yourself) (OCD reauthorizes itself)
[root@node1 openssh-8.2p1]# chown root:root -R /root/openssh/openssh-8.2p1
Command line backup of previous ssh configuration files and directories
Then configure, compile, install
[root@node1 openssh-8.2p1]# chown root:root -R /root/openssh/openssh-8.2p1 [root@node1 openssh-8.2p1]# mv /etc/ssh /etc/ssh.20200521bak [root@node1 openssh-8.2p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh/ -with-openssl-includes=/usr/include/openssl --with-ssl-dir=/usr/local/openssl/ --with-zlib --with-md5-passwords --with-pam && make && make install
Copy some files from the original decompressed package to the destination location (overwrite if the destination directory exists)
(Possibly belowSsh.pamNone of the files are needed because sshd_The config configuration file does not appear to be using it, please test it yourself.I'm a copy)
[root@node1 openssh-8.2p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd [root@node1 openssh-8.2p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam [root@node1 openssh-8.2p1]# chmod +x /etc/init.d/sshd [root@node1 openssh-8.2p1]# chkconfig --add sshd [root@node1 openssh-8.2p1]# systemctl enable sshd
Delete or remove or delete the sshd file previously managed by systemd, which will affect our restart of sshd service
[root@node1 openssh-8.2p1]# mv /usr/lib/systemd/system/sshd.service /root/
Set sshd service startup
[root@node1 openssh-8.2p1]# chkconfig sshd on Note: Forwarding request to 'systemctl enable sshd.socket'.
Next, test the start-stop service.All normal
[root@node1 openssh-8.2p1]# systemctl restart sshd [root@node1 openssh-8.2p1]# systemctl status sshd ● sshd.service - SYSV: OpenSSH server daemon Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled) Active: active (running) since Sat 2020-05-23 03:13:21 CST; 4s ago Docs: man:systemd-sysv-generator(8) Process: 161820 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS) Process: 161828 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS) Main PID: 161836 (sshd) Tasks: 1 Memory: 852.0K CGroup: /system.slice/sshd.service └─161836 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups May 23 03:13:20 node1 systemd[1]: Starting SYSV: OpenSSH server daemon... May 23 03:13:21 node1 sshd[161836]: Server listening on 0.0.0.0 port 22. May 23 03:13:21 node1 sshd[161836]: Server listening on :: port 22. May 23 03:13:21 node1 sshd[161828]: Starting sshd:[ OK ] May 23 03:13:21 node1 systemd[1]: Started SYSV: OpenSSH server daemon.
View ssh version
[root@node1 openssh-8.2p1]# ssh -V OpenSSH_8.2p1, OpenSSL 1.1.1g 21 Apr 2020