linux ssh7升级
Last updated on June 4, 2026 am
🧙 Questions
centos 从openssh7升级到 openssh10.1
☄️ Ideas
# 查看系统
[root@dcloud-dev ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
# 查看openssh版本
[root@dcloud-dev ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017# 源码升级
yum groupinstall -y "Development Tools"
yum install -y gcc make zlib-devel pam-devel libselinux-devel wget
# 下载
cd /tmp
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.1p1.tar.gz
tar -zxvf openssh-10.1p1.tar.gz
cd /tmp/openssh-10.1p1
# 看看目录里是不是空的
cd /usr/local/openssh
# 配置安装路径
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
# -----------------------------
# 验证可能不通过,需要升级OpenSSL
cd /tmp
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
tar -zxvf openssl-1.1.1w.tar.gz
cd /tmp/openssl-1.1.1w
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make -j $(nproc)
make install
# 更新动态链接库缓存
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
ldconfig
# -----------------------------
# 清理之前的编译文件
cd /tmp/openssh-10.1p1
make clean
# 重新配置,指定新版 OpenSSL
./configure \
--prefix=/usr/local/openssh \
--sysconfdir=/etc/ssh \
--with-pam \
--with-zlib \
--with-ssl-dir=/usr/local/openssl
# 编译
make -j $(nproc)
make install
# sshd_config以下配置,不支持了
# GSSAPIAuthentication
# GSSAPICleanupCredentials
# 验证配置文件
sed -i 's/^GSSAPIAuthentication/#GSSAPIAuthentication/g' /etc/ssh/sshd_config
sed -i 's/^GSSAPICleanupCredentials/#GSSAPICleanupCredentials/g' /etc/ssh/sshd_config
/usr/local/openssh/sbin/sshd -t -f /etc/ssh/sshd_config
# 备份旧版
cp -f /usr/sbin/sshd /usr/sbin/sshd.old
cp -f /usr/bin/ssh /usr/bin/ssh.old
cp -f /usr/bin/ssh-keygen /usr/bin/ssh-keygen.old
cp -f /usr/bin/scp /usr/bin/scp.old
cp -f /usr/bin/sftp /usr/bin/sftp.old
cp -f /etc/pam.d/sshd /etc/pam.d/sshd.old
# 回退版本
# cp /usr/sbin/sshd.old /usr/sbin/sshd
# cp /usr/bin/ssh.old /usr/bin/ssh
# cp /usr/bin/ssh-keygen.old /usr/bin/ssh-keygen
# cp /usr/bin/scp.old /usr/bin/scp
# cp /usr/bin/sftp.old /usr/bin/sftp
# cp /etc/pam.d/sshd.old /etc/pam.d/sshd
# 复制新版到系统路径
cp -f /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp -f /usr/local/openssh/bin/ssh /usr/bin/ssh
cp -f /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp -f /usr/local/openssh/bin/scp /usr/bin/scp
cp -f /usr/local/openssh/bin/sftp /usr/bin/sftp
# 复制新 PAM 配置,可选【centos8、centos9可以,centos7不行】
# cp /tmp/openssh-10.1p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
# 重启服务并验证版本
systemctl restart sshd
systemctl status sshd
ssh -V🔗 Links
linux ssh7升级
https://ispong.isxcode.com/os/linux/linux ssh7升级/