colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben
2026-04-13 19:44:43 +08:00
parent 0be0ad96a4
commit ad2fb67320
1 changed files with 18 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
content/post/openssh-upgrade.md
View File

@@ -1,7 +1,7 @@
--- ---
title: "OpenSSH 升级" title: "OpenSSH 升级"
date: 2024-07-02T19:00:00+08:00 date: 2024-07-02T19:00:00+08:00
lastmod: 2024-07-02T19:00:00+08:00 lastmod: 2026-04-13T19:00:00+08:00
keywords: [] keywords: []
tags: ["openssh", "ssh"] tags: ["openssh", "ssh"]
categories: ["os"] categories: ["os"]
@@ -15,15 +15,14 @@ categories: ["os"]
### 编译 openssh ### 编译 openssh
- 下载 openssh 源码包,解压 - 下载 openssh 源码包,解压
```bash ```bash
curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
tar zxf openssh-9.8p1.tar.gz tar zxf openssh-10.3p1.tar.gz
cd openssh-9.8p1/ cd openssh-10.3p1/
# 版本信息在 version.h # 版本信息在 version.h
``` ```
- 编译安装 openssh - 编译安装 openssh
```bash ```bash
mkdir /opt/openssh
./configure --prefix=/opt/openssh --without-openssl ./configure --prefix=/opt/openssh --without-openssl
make make
make install make install
@@ -34,6 +33,11 @@ categories: ["os"]
# 避免与系统自带的 sshd 端口冲突 # 避免与系统自带的 sshd 端口冲突
Port 22222 Port 22222
#(可选)配置原 ssh hostKey避免其他服务器登录时校验失败
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# 允许 root 用户登录,允许私钥认证,允许密码认证 # 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes PermitRootLogin yes
PubkeyAuthentication yes PubkeyAuthentication yes
@@ -85,15 +89,14 @@ categories: ["os"]
### 编译 openssl ### 编译 openssl
- 下载 openssl 源码包,解压 - 下载 openssl 源码包,解压
```bash ```bash
curl -LO https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz curl -LO https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz
tar zxf openssl-1.1.1w.tar.gz tar zxf openssl-3.5.5.tar.gz
cd openssl-1.1.1w cd openssl-3.5.5
``` ```
- 编译安装 openssl - 编译安装 openssl
```bash ```bash
mkdir /opt/openssl ./Configure --prefix=/opt/openssl
./configure --prefix=/opt/openssl
make make
make install make install
``` ```
@@ -104,37 +107,13 @@ categories: ["os"]
```bash ```bash
mkdir /opt/openssh mkdir /opt/openssh
export PATH=/opt/openssl/bin:$PATH export PATH=/opt/openssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/openssl/lib export LD_LIBRARY_PATH=/opt/openssl/lib64
./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl ./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
make make
make install make install
``` ```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置 - 编辑 /opt/openssh/etc/sshd_config修改常用配置,同上
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
### 创建 systemd 启动文件 ### 创建 systemd 启动文件
- 创建 /opt/openssh/openssh.service内容如下 - 创建 /opt/openssh/openssh.service内容如下
@@ -146,7 +125,7 @@ categories: ["os"]
[Service] [Service]
Type=simple Type=simple
Environment=LD_LIBRARY_PATH=/opt/openssl/lib Environment=LD_LIBRARY_PATH=/opt/openssl/lib64
ExecStart=/opt/openssh/sbin/sshd -D ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process KillMode=process
Restart=on-failure Restart=on-failure
@@ -160,13 +139,13 @@ categories: ["os"]
- 进入 /opt 目录下,打包 openssl 和 openssh 目录 - 进入 /opt 目录下,打包 openssl 和 openssh 目录
```bash ```bash
cd /opt cd /opt
tar zcf /tmp/openssh-9.8p1-with-openssl.tgz openssl/ openssh/ tar zcf /tmp/openssh-10.3p1-with-openssl.tgz openssl/ openssh/
``` ```
## 部署 ## 部署
- 上传部署包到目标服务器中,解压 - 上传部署包到目标服务器中,解压
```bash ```bash
tar zxf openssh-9.8p1-with-openssl.tgz -C /opt/ tar zxf openssh-10.3p1-with-openssl.tgz -C /opt/
``` ```
- 复制 systemd 启动文件 - 复制 systemd 启动文件