LinuxCentosOpenSSH升级到8.8版本

参考文档：
https://blog.csdn.net/weixin_29353947/article/details/113090223
https://cloud.tencent.com/developer/article/1883608

OpenSSH下载地址：
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

OpenSSL下载地址：
https://www.openssl.org/source/openssl-1.1.1l.tar.gz

zlib下载地址：
http://www.zlib.net/zlib-1.2.11.tar.gz

Linux依赖下载地址：(中间的版本号6.5替换成当前服务器的,查看版本命令：cat /etc/redhat-release)
https://vault.centos.org/6.5/os/x86_64/Packages/

第一步：

安装gcc、pam-devel、openssl-devel、zlib-devel依赖

#批量安装rpm -Uvh *.rpm --nodeps --force

第二步：

安装OpenSSL

# 解压tar -xf openssl-1.1.1l.tar.gzcd openssl-1.1.1l# 配置./config --prefix=/usr/local/openssl shared# 编译make# 安装make install #配置ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1#验证/usr/local/openssl/bin/openssl

如图所示代表安装成功：

 第三步：

安装zlib

# 解压tar -xf zlib-1.2.11.tar.gz# 进入源码目录cd zlib-1.2.11# 预编译./configure --prefix=/usr/local/zlib# 编译make# 安装make install

第四步：

安装OpenSSH

# 解压tar -xf openssh-8.8p1.tar.gzcd openssh-8.8p1# 备份mv /etc/ssh /etc/sshbakmv /usr/bin/ssh /usr/bin/sshbakmv /usr/sbin/sshd /usr/sbin/sshdbak# 预编译./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib-dir=/usr/local/zlib --without-openssl-header-check# 编译make# 安装make install# 配置cp /usr/local/openssh/sbin/sshd /usr/sbin/sshdcp /usr/local/openssh/bin/ssh /usr/bin/sshcp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygencp contrib/redhat/sshd.init /etc/init.d/sshd# 修改配置文件vi /etc/ssh/sshd_config将以下三行注释放开，去掉#Port 22PermitRootLogin yes(修改为yes)PasswordAuthentication yes在sshd_config文件的最后添加以下内容支持低版本：KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org# 重启SSHservice sshd restart# 查看SSH是否更新成功ssh -V

sshd_config配置文件如下：

 如果连接时出现错误信息： Key exchange failed、No compatible key exchange method、The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 No compatible hostkey、The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

配置文件添加以下内容以支持低版本：

KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org

随后重启即可