1、準備:
安裝必須的包:yum install zlib zlib-devel openssl-devel pam-devel pam-krb5 krb5-devel krb5-libs pam-devel
下載:wget https://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
2、安裝:
tar zxf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so(防止出現Unsupported option GSSAPIAuthentication 和 Unsupported option GSSAPICleanupCredentials)
會出現以下提示:
PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail.Example PAM control files can be found in the contrib/ subdirectory
cp /etc/init.d/sshd /etc/init.d/sshd_old
cp /etc/pam.d/sshd /etc/pam.d/sshd_old
cd openssh-7.5p1/contrib/redhat
cp sshd.init /etc/init.d/sshd
cp sshd.pam /etc/pam.d/sshd
修改/etc/ssh/sshd_config中 UsePAM yes
make && make install
3、重啓sshd服務
service sshd restart
ssh -V
4、注:ssh升級後,默認關閉root遠程登錄,如果需要,請打開
5、如果無法登錄,請修改/etc/pam.d/sshd
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth