colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben
2026-04-13 19:44:43 +08:00
parent 0be0ad96a4
commit ad2fb67320
1 changed files with 18 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
content/post/openssh-upgrade.md
View File

@@ -1,7 +1,7 @@
---
title: "OpenSSH 升级"
date: 2024-07-02T19:00:00+08:00
lastmod: 2024-07-02T19:00:00+08:00
lastmod: 2026-04-13T19:00:00+08:00
keywords: []
tags: ["openssh", "ssh"]
categories: ["os"]
@@ -15,15 +15,14 @@ categories: ["os"]
### 编译 openssh
- 下载 openssh 源码包,解压
```bash
curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxf openssh-9.8p1.tar.gz
cd openssh-9.8p1/
curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
tar zxf openssh-10.3p1.tar.gz
cd openssh-10.3p1/
# 版本信息在 version.h
```
- 编译安装 openssh
```bash
mkdir /opt/openssh
./configure --prefix=/opt/openssh --without-openssl
make
make install
@@ -34,6 +33,11 @@ categories: ["os"]
# 避免与系统自带的 sshd 端口冲突
Port 22222
#(可选)配置原 ssh hostKey避免其他服务器登录时校验失败
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
@@ -85,15 +89,14 @@ categories: ["os"]
### 编译 openssl
- 下载 openssl 源码包,解压
```bash
curl -LO https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
tar zxf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
curl -LO https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz
tar zxf openssl-3.5.5.tar.gz
cd openssl-3.5.5
```
- 编译安装 openssl
```bash
mkdir /opt/openssl
./configure --prefix=/opt/openssl
./Configure --prefix=/opt/openssl
make
make install
```
@@ -104,37 +107,13 @@ categories: ["os"]
```bash
mkdir /opt/openssh
export PATH=/opt/openssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/openssl/lib
export LD_LIBRARY_PATH=/opt/openssl/lib64
./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
make
make install
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置,同上
### 创建 systemd 启动文件
- 创建 /opt/openssh/openssh.service内容如下
@@ -146,7 +125,7 @@ categories: ["os"]
[Service]
Type=simple
Environment=LD_LIBRARY_PATH=/opt/openssl/lib
Environment=LD_LIBRARY_PATH=/opt/openssl/lib64
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
@@ -160,13 +139,13 @@ categories: ["os"]
- 进入 /opt 目录下,打包 openssl 和 openssh 目录
```bash
cd /opt
tar zcf /tmp/openssh-9.8p1-with-openssl.tgz openssl/ openssh/
tar zcf /tmp/openssh-10.3p1-with-openssl.tgz openssl/ openssh/
```
## 部署
- 上传部署包到目标服务器中,解压
```bash
tar zxf openssh-9.8p1-with-openssl.tgz -C /opt/
tar zxf openssh-10.3p1-with-openssl.tgz -C /opt/
```
- 复制 systemd 启动文件