colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben 2024-07-02 21:08:41 +08:00
parent abe83ec6bb
commit a6bccc5347
2 changed files with 168 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
content/post/openssh-upgrade.md Normal file
View File

@ -0,0 +1,165 @@
---
title: "OpenSSH 升级"
date: 2024-07-02T19:00:00+08:00
lastmod: 2024-07-02T19:00:00+08:00
keywords: []
tags: ["openssh", "ssh"]
categories: ["os"]
---
## 源码包
- [openssh 源码包](https://www.openssh.com/portable.html)
- [openssl 源码包](https://www.openssl.org/source/)
## 不带 openssl
### 编译 openssh
- 下载 openssh 源码包,解压
```bash
curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxf openssh-9.8p1.tar.gz
cd openssh-9.8p1/
# 版本信息在 version.h
```
- 编译安装 openssl
```bash
mkdir /opt/openssh
./configure --prefix=/opt/openssh --without-openssl
make
make install
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
### 启动 openssh
- 创建 /etc/systemd/system/openssh.service内容如下
```
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=simple
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
```
- 启动 openssh并设置开机自动启动
```bash
systemctl daemon-reload
systemctl start openssh
systemctl enable openssh
```
## 带 openssl
### 编译 openssl
- 下载 openssl 源码包,解压
```bash
curl -LO https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
tar zxf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
```
- 编译安装 openssl
```bash
mkdir /opt/openssl
./configure --prefix=/opt/openssl
make
make install
```
### 编译 openssh
- 下载 openssh 源码包,解压,同上
- 编译安装 openssh
```bash
mkdir /opt/openssh
export PATH=/opt/openssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/openssl/lib
./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
make
make install
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
### 启动 openssh
- 创建 /etc/systemd/system/openssh.service内容如下
```
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=simple
Environment=LD_LIBRARY_PATH=/opt/openssl/lib
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
```
- 启动 openssh并设置开机自动启动
```bash
systemctl daemon-reload
systemctl start openssh
systemctl enable openssh
```

15
content/post/ssh.md
View File

@ -7,17 +7,8 @@ tags: ["ssh", "隧道", "转发"]
categories: ["shell"]
---
## sshd 常规设置
- 禁用 root 远程登陆
```
PermitRootLogin no
```
- 只允许私钥登陆
```
PubkeyAuthentication yes
PasswordAuthentication no
```
- 开启端口转发功能
## 开启端口转发配置
- 修改 sshd 配置
```
AllowTcpForwarding yes
GatewayPorts yes
@ -27,7 +18,7 @@ categories: ["shell"]
ClientAliveCountMax 3
```
## ssh 参数
## ssh 转发用到的参数
- -f 后台运行
- -N 仅作端口转发,不执行任何命令
- -g 绑定端口到全部网卡