安装telnet备用(可选)

安装新的ssh之后,只要配置好启动,就可以做到无缝切换,但是中途断开就不能连接了,为了防止这种情况,我们可以安装telnet当作备用,若是你能保证中途不会断开,此步骤可以忽略

  1. 安装

    yum install telnet telnet-server -y

  2. 启动

    [root@localhost openssh]# systemctl enable telnet.socket
    Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
    [root@localhost openssh]# systemctl start telnet.socket

  3. 连接

    # 创建临时登录的用户
    [root@localhost openssh]# useradd testuser
    [root@localhost openssh]# passwd testuser
    Changing password for user testuser.
    New password:
    BAD PASSWORD: The password is shorter than 8 characters
    Retype new password:
    passwd: all authentication tokens updated successfully.

    # 本地测试
    [root@localhost openssh]# telnet 127.0.0.1
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.

    Kernel 3.10.0-1160.el7.x86_64 on an x86_64
    localhost login: testuser
    Password:
    # 切换 root 账号
    [testuser@localhost ~]$ su root
    Password:
    [root@localhost testuser]#

升级 openssh

下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

安装依赖包

yum install zlib-devel  openssl-devel  pam-devel gcc-c++ -y

备份

[root@localhost openssh]# mkdir /etc/ssh_old
[root@localhost openssh]# mv /etc/ssh/* /etc/ssh_old/

解压、编译安装

# 解压
[root@localhost openssh]# tar xzvf openssh-9.0p1.tar.gz
[root@localhost openssh]# cd openssh-9.0p1

# 编译安装
[root@localhost openssh-9.0p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-pam --with-md5-password --with-ssl-engine --with-selinux
[root@localhost openssh-9.0p1]# make && make install

# 验证
[root@localhost openssh-9.0p1]# ssh -V
OpenSSH_9.0p1, OpenSSL 1.0.2k-fips  26 Jan 2017

配置
1.修改sshd_config

# 修改 PermitRootLogin,允许使用 root 远程登录
PermitRootLogin yes

2.启动

# 移走以前的ssh服务, 防止与新的冲突
[root@localhost openssh-9.0p1]# mv /usr/lib/systemd/system/sshd.service /etc/ssh_old/sshd.service
[root@localhost openssh-9.0p1]# mv /usr/lib/systemd/system/sshd.socket /etc/ssh_old/sshd.socket

# 在解压包中拷贝一些文件
[root@localhost openssh-9.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd

# 重启
[root@localhost openssh-9.0p1]# service sshd restart
Reloading systemd:                                         [  OK  ]
Restarting sshd (via systemctl):                           [  OK  ]
[root@localhost openssh-9.0p1]# systemctl daemon-reload

# 添加自启动
[root@localhost openssh-9.0p1]# chkconfig --add sshd
[root@localhost openssh-9.0p1]# chkconfig sshd on

关闭 telnet

systemctl stop telnet.socket
systemctl disable telnet.socket

参考地址

https://segmentfault.com/a/1190000022756834