当前位置：首页 > web >正文

linux环境openssh升级到openssh-10.0p1

web 2025/5/10 2:04:09

一、新版本SSH下载：https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
编译：

./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl341 --sysconfdir=/etc/ssh --with-pam --with-gssapi --with-rsa --with-rhosts-allowed --with-zlib --with-md5-passwords

在configure openssh时，有参数 --with-pam，会提示：
PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/subdirectory
就是如果启用PAM，需要有一个控制文件，按照提示的路径找到redhat/sshd.pam，并复制到/etc/pam.d/sshd，在/etc/ssh/sshd_config中设置UsePAM yes。
/etc/pam.d/sshd中内容如下：

# 文件内容如下
#%PAM-1.0
auth	   required	pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

/etc/ssh/sshd_config 中设置UsePAM yes

二、替换原openssh
1、备份替换相关文件

mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /usr/bin/ssh /usr/bin/ssh_bak
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen_bak

2、建立软连接

ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd //建立软连接
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh //建立软连接
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen //建立软连接

或复制文件

cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

三、修改配置：
1、解决Root不能远程SSH登录问题

注释/etc/pam.d/password-auth或/etc/pam.d/password-auth-ac中
#auth requisite pam_succeed_if.so uid >= 1000 quiet_success

设置/etc/ssh/sshd_config 中PermitRootLogin yes

四、重启ssh服务：
systemctl restart sshd
如果重启报错Permissions 0640 for’/etc/ssh/*****.key’ are too open.

为文件的权限设置过于宽松执行

chmod -R 600 /etc/ssh

限制权限后再重启ssh服务解决
查询服务状态:
systemctl status sshd.service
备注帐户解锁:
sudo passwd -u root
参考资料：
https://blog.csdn.net/Systemmax20/article/details/140006194
https://blog.csdn.net/Daphnisz/article/details/124040904
https://blog.csdn.net/mayifan0/article/details/73293419
https://blog.csdn.net/weixin_43832230/article/details/119565581
https://www.cnblogs.com/clement-jiao/p/9651406.html
https://blog.csdn.net/zhang546030919/article/details/140550933
https://blog.csdn.net/weixin_43742643/article/details/113559949

查看全文

http://www.xdnf.cn/news/4398.html