适用系统CentOS7.x一升级OpenSSL版本1查看OpenSSL版本信息openssl version2升级OpenSSL版本版本号低于OpenSSL 1.0.2k时执行安装编译依赖sudo yum install -y gcc gcc-c make perl perl-IPC-Cmd zlib-devel下载并编译 OpenSSL 1.1.1可能出现github连接失败等情况多次几次就好了cd ~ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz tar xzf openssl-1.1.1w.tar.gz cd openssl-1.1.1w ./config --prefix/usr/local/openssl --openssldir/usr/local/openssl shared zlib make -j$(nproc) sudo make install切换到新版本# 备份旧版 sudo mv /usr/bin/openssl /usr/bin/openssl.bak sudo mv /usr/include/openssl /usr/include/openssl.bak # 建软链接 sudo ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl sudo ln -s /usr/local/openssl/include/openssl /usr/include/openssl # 更新动态库 echo /usr/local/openssl/lib | sudo tee /etc/ld.so.conf.d/openssl.conf sudo ldconfig验证是否升级成功openssl version看到以下结果证明OpenSSL版本更新成功OpenSSL 1.1.1w ...二升级OpenSSH版本1安装编译依赖yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel2下载安装包https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz最新版下载地址/pub/OpenBSD/OpenSSH/portable/ 的索引https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/3将下载好的压缩包载入到服务器“~”目录cd ~4删除低版本OpenSSH的rpm包rpm -e --nodeps rpm -qa | grep openssh5解压openssh-10.3p1.tar.gz并切换到openssh-10.3p1.tar目录tar -zxvf openssh-10.3p1.tar.gz cd openssh-10.3p16加载configure./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include7编译安装make -j$(nproc) sudo make install8查看当前OpenSSH服务版本ssh -V查看到OpenSSH_10.3p1证明安装成功继续执行下一步。9负责配置文件至/etc/init.d/sshdcp -a contrib/redhat/sshd.init /etc/init.d/sshd10给予配置文件执行权限chmod ux /etc/init.d/sshd11启动SSH服务并设置开机自启# 启动SSH服务 systemctl start sshd.service # 设置开机自启 systemctl enable sshd.service # 查看SSH服务运行状态 systemctl status sshd.service # 关闭SSH服务 systemctl stop sshd.service查看到绿色的Running证明安装成功。三常见报错及修复方式1加载configure出现以下报错checking OpenSSL library version... not found configure: error: OpenSSL library not found.报错原因configure在/usr/lib找库但你的新OpenSSL装在/usr/local/openssl/lib。修复方式重新configure明确制定路径cd ~/openssh-10.3p1 # 清理上次失败的配置 # 可能出现“make: *** 没有规则可以创建目标“clean””正常因为configure失败了Makefile根本没生成不用管直接执行下一步即可 make clean # 重新configure指定OpenSSL路径 ./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include2加载configure出现以下报错configure: error: PAM headers not found报错原因缺失PAM开发头文件修复方式安装PAM开发包sudo yum install -y pam-devel # 重新configure ./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include3其他其他报错情况及修复方式报错信息原因修复方式configure: error: zlib not found缺zlib开发包yum install -y zlib-develconfigure: error: OpenSSL headers missing缺openssl开发头文件注意不是库是头文件yum install -y openssl-develconfigure: error: Your OpenSSL headers do not match your library头文件和库版本不一致比如头是 1.1.1库是 1.0.2./configure --without-openssl-header-checkconfigure: error: OpenSSL 1.0.1 required (have 10000003...)OpenSSL版本太低参考一升级OpenSSL版本configure: error: no working C compiler found没装gccyum install -y gccconfigure: error: working libcrypto not found库路径不对configure 没找到LDFLAGS-L/usr/local/openssl/lib ./configure ...checking for arc4random... noLinux没有这个函数OpenBSD特有一般可忽略或在加载configure时加--without-openssl-header-checkchecking for fido_init in -lfido2... no缺libfido2U2F 密钥支持yum install -y libfido2-devel 或在加载configure时加 --without-security-key-builtinconfigure: error: *** working libz not found缺zlib开发包yum install -y zlib-devel
OpenSSH服务升级至10.3p1详细教程
适用系统CentOS7.x一升级OpenSSL版本1查看OpenSSL版本信息openssl version2升级OpenSSL版本版本号低于OpenSSL 1.0.2k时执行安装编译依赖sudo yum install -y gcc gcc-c make perl perl-IPC-Cmd zlib-devel下载并编译 OpenSSL 1.1.1可能出现github连接失败等情况多次几次就好了cd ~ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz tar xzf openssl-1.1.1w.tar.gz cd openssl-1.1.1w ./config --prefix/usr/local/openssl --openssldir/usr/local/openssl shared zlib make -j$(nproc) sudo make install切换到新版本# 备份旧版 sudo mv /usr/bin/openssl /usr/bin/openssl.bak sudo mv /usr/include/openssl /usr/include/openssl.bak # 建软链接 sudo ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl sudo ln -s /usr/local/openssl/include/openssl /usr/include/openssl # 更新动态库 echo /usr/local/openssl/lib | sudo tee /etc/ld.so.conf.d/openssl.conf sudo ldconfig验证是否升级成功openssl version看到以下结果证明OpenSSL版本更新成功OpenSSL 1.1.1w ...二升级OpenSSH版本1安装编译依赖yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel2下载安装包https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz最新版下载地址/pub/OpenBSD/OpenSSH/portable/ 的索引https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/3将下载好的压缩包载入到服务器“~”目录cd ~4删除低版本OpenSSH的rpm包rpm -e --nodeps rpm -qa | grep openssh5解压openssh-10.3p1.tar.gz并切换到openssh-10.3p1.tar目录tar -zxvf openssh-10.3p1.tar.gz cd openssh-10.3p16加载configure./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include7编译安装make -j$(nproc) sudo make install8查看当前OpenSSH服务版本ssh -V查看到OpenSSH_10.3p1证明安装成功继续执行下一步。9负责配置文件至/etc/init.d/sshdcp -a contrib/redhat/sshd.init /etc/init.d/sshd10给予配置文件执行权限chmod ux /etc/init.d/sshd11启动SSH服务并设置开机自启# 启动SSH服务 systemctl start sshd.service # 设置开机自启 systemctl enable sshd.service # 查看SSH服务运行状态 systemctl status sshd.service # 关闭SSH服务 systemctl stop sshd.service查看到绿色的Running证明安装成功。三常见报错及修复方式1加载configure出现以下报错checking OpenSSL library version... not found configure: error: OpenSSL library not found.报错原因configure在/usr/lib找库但你的新OpenSSL装在/usr/local/openssl/lib。修复方式重新configure明确制定路径cd ~/openssh-10.3p1 # 清理上次失败的配置 # 可能出现“make: *** 没有规则可以创建目标“clean””正常因为configure失败了Makefile根本没生成不用管直接执行下一步即可 make clean # 重新configure指定OpenSSL路径 ./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include2加载configure出现以下报错configure: error: PAM headers not found报错原因缺失PAM开发头文件修复方式安装PAM开发包sudo yum install -y pam-devel # 重新configure ./configure \ --prefix/usr \ --sysconfdir/etc/ssh \ --with-pam \ --with-selinux \ --with-ssl-dir/usr/local/openssl \ LDFLAGS-Wl,-rpath,/usr/local/openssl/lib -L/usr/local/openssl/lib \ CPPFLAGS-I/usr/local/openssl/include3其他其他报错情况及修复方式报错信息原因修复方式configure: error: zlib not found缺zlib开发包yum install -y zlib-develconfigure: error: OpenSSL headers missing缺openssl开发头文件注意不是库是头文件yum install -y openssl-develconfigure: error: Your OpenSSL headers do not match your library头文件和库版本不一致比如头是 1.1.1库是 1.0.2./configure --without-openssl-header-checkconfigure: error: OpenSSL 1.0.1 required (have 10000003...)OpenSSL版本太低参考一升级OpenSSL版本configure: error: no working C compiler found没装gccyum install -y gccconfigure: error: working libcrypto not found库路径不对configure 没找到LDFLAGS-L/usr/local/openssl/lib ./configure ...checking for arc4random... noLinux没有这个函数OpenBSD特有一般可忽略或在加载configure时加--without-openssl-header-checkchecking for fido_init in -lfido2... no缺libfido2U2F 密钥支持yum install -y libfido2-devel 或在加载configure时加 --without-security-key-builtinconfigure: error: *** working libz not found缺zlib开发包yum install -y zlib-devel
