colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
2a04f3e5cfcc50a28bab3e8b73b93771bfa94261
www.colben.cn/content/post/openssh-upgrade.md
colben 2a04f3e5cf update
2026-04-13 19:53:12 +08:00

2.9 KiB
Raw Blame History

title, date, lastmod, keywords, tags, categories
title date lastmod keywords tags categories
OpenSSH 升级 2024-07-02T19:00:00+08:00 2026-04-13T19:00:00+08:00
openssh
ssh
os

源码包

编译 openssl

  • 下载 openssl 源码包,解压

    curl -LO https://github.com/openssl/openssl/releases/download/openssl-3.5.6/openssl-3.5.6.tar.gz
tar zxf openssl-3.5.6.tar.gz
cd openssl-3.5.6

  • 编译安装 openssl

    ./Configure --prefix=/opt/openssl 
make
make install

编译 openssh

  • 下载 openssh 源码包,解压

    curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
tar zxf openssh-10.3p1.tar.gz
cd openssh-10.3p1/
# 版本信息在 version.h

  • 编译安装 openssh

    mkdir /opt/openssh
export PATH=/opt/openssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/openssl/lib64
./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
make
make install

  • 编辑 /opt/openssh/etc/sshd_config修改常用配置

    # 避免与系统自带的 sshd 端口冲突
Port 22222

#(可选)配置原 ssh hostKey避免其他服务器登录时校验失败
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes

# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes

# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3

# 禁用 dns 解析
UseDNS no

# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid

创建 systemd 启动文件

  • 创建 /opt/openssh/openssh.service内容如下 
    [Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=simple
Environment=LD_LIBRARY_PATH=/opt/openssl/lib64
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

打包

  • 进入 /opt 目录下,打包 openssl 和 openssh 目录 
    cd /opt
tar zcf /tmp/openssh-10.3p1-with-openssl.tgz openssl/ openssh/

部署

  • 上传部署包到目标服务器中,解压

    tar zxf openssh-10.3p1-with-openssl.tgz -C /opt/

  • 复制 systemd 启动文件

    cp /opt/openssh/openssh.service /etc/systemd/system/

  • 启动 openssh并设置开机自动启动

    systemctl daemon-reload
systemctl start openssh
systemctl enable openssh