OpenSSH升级（从OpenSSH_7.4p1升级到OpenSSH_8.4p1） [操作脚本]

OpenSSH升级（从OpenSSH_7.4p1升级到OpenSSH_8.4p1）

##--升级前状态
[root@ecs-e1d6-0001 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
##--开始升级
wget -c https://ftp.openssl.org/source/openssl-1.1.1h.tar.gz
wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel 
yum install -y pam* zlib*
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
tar xfz openssl-1.1.1h.tar.gz
cd openssl-1.1.1h
./config shared 
make -j4
make install
ln -s /usr/local/include/openssl /usr/include/openssl
ln -s /usr/local/bin/openssl /usr/bin/openssl 
ll /usr/include/openssl -ld
echo "/usr/local/lib">>/etc/ld.so.conf   
/sbin/ldconfig
cd ..
tar xf openssh-8.4p1.tar.gz 
cd openssh-8.4p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/  --with-zlib --with-md5-passwords --with-pam
make -j4
make install 
#--
grep -E  "^PermitRootLogin|^UseDNS" /etc/ssh/sshd_config
#cho "PermitRootLogin yes" >>  /etc/ssh/sshd_config 
#ed -i  's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
echo -e "\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"   >> /etc/ssh/sshd_config


 cp -a contrib/redhat/sshd.init /etc/init.d/sshd
 cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
 chmod +x /etc/init.d/sshd
 chkconfig --add sshd
 systemctl enable sshd
 mv  /usr/lib/systemd/system/sshd.service  /app/sshd.service 
 chkconfig sshd on
 /etc/init.d/sshd restart


##升级完验证
[root@virgo ~]# ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1h  22 Sep 2020

本作品采用《CC 协议》，转载必须注明作者和本文链接