Ubuntu16.04默認的openssh是7.2p2版的,存在有很多安全漏洞,所以計劃升級至8.1p1
前期準備
- 卸載原有的ssh
- 安裝依賴庫
- 安裝數據壓縮用的函式庫zlib
- 安裝openssl
- 安裝openssh
查看當前版本
1卸載Openssh Openssl
service sshd stop
apt purge openssl
apt purge ssh
2安裝依賴包
apt install libzip-dev libssl-dev autoconf gcc libxml2 make
3編譯安裝zlib
wget http://www.zlib.net/zlib-1.2.11.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local
make
make install
4編譯安裝openssl
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz --no-check-certificate
tar -zxvf openssl-1.1.1.tar.gz
cd openssl-1.1.1
./config shared --prefix=/usr/local/ssl
make test
make install
ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
5編譯安裝openssh
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
tar -zxvf openssh-8.1p1.tar.gz
cd openssh-8.1p1
./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl
make
make install
6設置相關配置文件
mv /usr/bin/scp /tmp/;mv /usr/bin/ssh* /tmp/
ln -s /usr/local/bin/ssh /usr/bin/ssh
ln -s /usr/local/bin/scp /usr/bin/scp
ln -s /usr/local/bin/ssh-add /usr/bin/ssh-add
ln -s /usr/local/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/bin/ssh-keyscan /usr/bin/ssh-keyscan
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/sbin/sshd /usr/bin/sshd
7重啓ssh服務
service sshd restart
8查看當前版本
ssh -V
sshd -V
推薦系統核心精講