colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
www.colben.cn/content/post/openssh-upgrade.md
colben a6bccc5347 update
2024-07-02 21:08:41 +08:00

166 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "OpenSSH 升级"
date: 2024-07-02T19:00:00+08:00
lastmod: 2024-07-02T19:00:00+08:00
keywords: []
tags: ["openssh", "ssh"]
categories: ["os"]
---
## 源码包
- [openssh 源码包](https://www.openssh.com/portable.html)
- [openssl 源码包](https://www.openssl.org/source/)
## 不带 openssl
### 编译 openssh
- 下载 openssh 源码包,解压
```bash
curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxf openssh-9.8p1.tar.gz
cd openssh-9.8p1/
# 版本信息在 version.h
```
- 编译安装 openssl
```bash
mkdir /opt/openssh
./configure --prefix=/opt/openssh --without-openssl
make
make install
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
### 启动 openssh
- 创建 /etc/systemd/system/openssh.service内容如下
```
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=simple
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
```
- 启动 openssh并设置开机自动启动
```bash
systemctl daemon-reload
systemctl start openssh
systemctl enable openssh
```
## 带 openssl
### 编译 openssl
- 下载 openssl 源码包,解压
```bash
curl -LO https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
tar zxf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
```
- 编译安装 openssl
```bash
mkdir /opt/openssl
./configure --prefix=/opt/openssl
make
make install
```
### 编译 openssh
- 下载 openssh 源码包,解压,同上
- 编译安装 openssh
```bash
mkdir /opt/openssh
export PATH=/opt/openssl/bin:$PATH
export LD_LIBRARY_PATH=/opt/openssl/lib
./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
make
make install
```
- 编辑 /opt/openssh/etc/sshd_config修改常用配置
```
# 避免与系统自带的 sshd 端口冲突
Port 22222
# 允许 root 用户登录,允许私钥认证,允许密码认证
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# 开启 ssh 转发
AllowTcpForwarding yes
GatewayPorts yes
# ssh 保活
TCPKeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 3
# 禁用 dns 解析
UseDNS no
# 避免与系统自带的 sshd pid 文件冲突
PidFile /var/run/openssh.pid
```
### 启动 openssh
- 创建 /etc/systemd/system/openssh.service内容如下
```
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=simple
Environment=LD_LIBRARY_PATH=/opt/openssl/lib
ExecStart=/opt/openssh/sbin/sshd -D
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
```
- 启动 openssh并设置开机自动启动
```bash
systemctl daemon-reload
systemctl start openssh
systemctl enable openssh
```
Reference in New Issue View Git Blame Copy Permalink