OpenSSH 升级到最新OpenSSH 8.8p1过程
一、安装配置telnet
[root@localhost ~]# yum -y install xinetd telnet-server
[root@localhost ~]# cat > /etc/xinetd.d/telnet <<EOF
service telnet {
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
EOF
[root@localhost ~]# cat >> /etc/securetty <<EOF
pts/0
pts/1
pts/2
pts/3
pts/4
EOF
[root@localhost ~]# systemctl enable xinetd --now
[root@localhost ~]# systemctl enable telnet.socket --now
[root@localhost ~]# ss -nltp | grep 23
LISTEN 0 64 [::]:23 [::]:* users:(("xinetd",pid=1744,fd=5))
二、安装openssh
[root@localhost ~]# yum remove openssh-server
[root@localhost ~]# yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
[root@localhost openssh-8.8p1]# pwd
/tmp/openssh-8.8p1
[root@localhost openssh-8.8p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam
[root@localhost openssh-8.8p1]# echo $?
[root@localhost openssh-8.8p1]# make && make install
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
# if GUI
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
[root@localhost ssh]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@localhost redhat]# pwd
/tmp/openssh-8.8p1/contrib/redhat
[root@localhost redhat]# ls
gnome-ssh-askpass.csh gnome-ssh-askpass.sh openssh.spec sshd.init sshd.pam
[root@localhost redhat]# cp -a sshd.init /etc/init.d/sshd
[root@localhost redhat]# cp -a sshd.pam /etc/pam.d/sshd.pam
[root@localhost redhat]# cd /etc/ssh
[root@ykt01 ssh]# chmod 600 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
[root@localhost ~]# chkconfig --add sshd
[root@localhost ~]# systemctl enable sshd --now
# 切换ssh登陆
[root@localhost ~]# systemctl disable xinetd.service --now
[root@localhost ~]# systemctl disable telnet.socket --now
