Openssl升级至openssl9.8p1含全部踩坑内容

发布于:2025-04-13 ⋅ 阅读:(32) ⋅ 点赞:(0)

1、安装依赖包基础条件

yum install gcc
yum install gcc-c++ 
yum install perl 
yum install perl-IPC-Cmd
yum install pam 
yum install pam-devel
sudo yum install perl-Data-Dumper

问题一:提示yum不可用 镜像源问题更换阿里源即可

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

 官网地址:

OpenSSL官网地址:https://www.openssl.org/ OpenSSH官网地址:https://www.openssh.com/

zlib地址:

wget http://www.zlib.net/zlib-1.3.1.tar.gz

注意:openssl版本大于1.1.1则无需升级 openssl,反之需要升级

升级openssl

下载解压

笔者在 cd  /datasoft/openssl-3.4.0

 其中 ./config --prefix=/usr/local/openssl-3.4.0 安装路径 先编译环境是否存在问题 没问题则安装

./config --prefix=/usr/local/openssl-3.4.0

 安装

make && make install

替换新安装路径软连接 sf强制转换 

echo /usr/local/openssl-3.4.0/lib64 >> /etc/ld.so.conf 
ln -sf /usr/local/openssl-3.4.0/bin/openssl /usr/bin/openssl
ln -sf /usr/local/openssl-3.4.0/include/openssl /usr/include/openssl 
ln -sf /usr/local/openssl-3.4.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -sf /usr/local/openssl-3.4.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
ldconfig -v 

openssl version

--------------------------------------------------------------------------------------------------------------------------------

2、升级openssh

下载zlib需要前置条件

wget http://www.zlib.net/zlib-1.3.1.tar.gz

cd zlib-1.3.1 zlib安装

./configure --prefix=/usr/local/zlib-1.3.1 make && make install

权限设置 

chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key

 禁用此项不然安装会提示不兼容问题

/etc/ssh/ssh_host_ed25519_key
vim ect/ssh/sshd_config
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
./configure --prefix=/usr/local/openssh-9.8p1 --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl-3.4.0 --with-zlib=/usr/local/zlib-1.3.1 --without-hardening
make && make install

 新openssh 路径设置 执行命令后点击y覆盖即可

cp -arpf /usr/local/openssh-9.8p1/bin/scp /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/sftp /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/ssh /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/ssh-add /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/ssh-agent /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/ssh-keygen /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/bin/ssh-keyscan /usr/bin/
cp -arpf /usr/local/openssh-9.8p1/sbin/sshd /usr/sbin/sshd

【解压路径】cd /datasoft/openssh-9.8p1

cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak

自启动 

systemctl daemon-reload
systemctl enable sshd.socket
sshd -t
systemctl restart sshd

-------------------------------------------------------------------------------------------------------------------------------

查看

 最后注意

vim /etc/ssh/sshd_config

请开通root直连和端口22端口 即可 enjoy

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布