内容目录
1. 需求原因
一台老服务器centos6.5
#192.168.0.55 另一台是台新的ubuntu24.04 远程不过去
[root@1 ~]# ssh 192.168.0.55
no hostkey alg
[root@1 ~]# whereis ssh
ssh: /usr/bin/ssh /etc/ssh.zip /etc/ssh /usr/share/man/man1/ssh.1.gz
[root@1 ~]# ssh -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013需要升级openssh到最新
升级后如果高版本连低版本报错
Unable to negotiate with 127.0.0.8 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
参考文章添加配置解决
https://www.ku0.cc/?p=701
编译安装openssh
在 CentOS 6 中升级 OpenSSH 可能会比较麻烦,因为 CentOS 6 的官方仓库通常只提供较旧版本的软件。为了升级到较新的版本,你可能需要手动编译 OpenSSH 或使用第三方仓库。以下是如何手动编译和安装最新版本的 OpenSSH 的步骤:
步骤 1: 安装编译所需的依赖包
首先,确保你的系统已经安装了必要的开发工具和库:
sudo yum groupinstall "Development Tools"
sudo yum install zlib-devel openssl-devel升级openssl
至少1.1以上
参考本站教程 :https://www.ku0.cc/?p=630
步骤 2: 下载最新版本的 OpenSSH 源代码
你可以从 OpenSSH 的官方网站下载最新的源代码包:
#example: wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-<version>.tar.gz
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz将 <version> 替换为你需要下载的 OpenSSH 版本号,例如 openssh-9.0p1.tar.gz。
步骤 3: 解压缩源代码包
tar -zxvf openssh-<version>.tar.gz
cd openssh-<version>步骤 4: 编译和安装 OpenSSH
4.1 备份配置文件
sudo mv /etc/ssh/ssh_config /etc/ssh/ssh_config.bak
sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo mv /etc/ssh/moduli /etc/ssh/moduli.bak
cp /etc/init.d/sshd /tmp/4.2 配置、编译并安装 OpenSSH:
[root@192 ~]# cd /usr/local/openssl
[root@192 openssl]# ls
bin include lib share ssl
[root@192 openssl]# /usr/local/openssl/bin/openssl version
OpenSSL 1.1.1d 10 Sep 2019
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make
sudo make install
sudo mv /usr/bin/ssh /usr/bin/ssh.old
sudo ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
sudo mv /usr/sbin/sshd /usr/sbin/sshd.old
sudo ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd
步骤 5: 配置 OpenSSH
安装完成后,确保配置文件正确。你可能需要编辑 /etc/ssh/sshd_config 文件来符合你的需求。
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys步骤 6: 更新 SSH 服务脚本
确保你的 SSH 服务脚本正确指向新的 OpenSSH 安装。你可能需要编辑或创建服务脚本 /etc/init.d/sshd:
sudo vim /etc/init.d/sshd确保指向正确的 OpenSSH 二进制文件路径,例如:
将 SSHD=/usr/sbin/sshd 更新为新的 OpenSSH 安装路径 SSHD=/usr/local/openssh/sbin/sshd。
将 KEYGEN=/usr/bin/ssh-keygen 更新为新的 OpenSSH 安装路径 KEYGEN=/usr/local/openssh/bin/ssh-keygen。
#!/bin/bash
#
# sshd Start up the OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: SSH is a protocol for secure remote shell access. \
# This service starts up the OpenSSH server daemon.
#
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd.pid
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $syslog
# Should-Start: $syslog
# Should-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start up the OpenSSH server daemon
# Description: SSH is a protocol for secure remote shell access.
# This service starts up the OpenSSH server daemon.
### END INIT INFO
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
RETVAL=0
prog="sshd"
lockfile=/var/lock/subsys/$prog
# Some functions to make the below more readable
KEYGEN=/usr/local/openssh/bin/ssh-keygen
SSHD=/usr/local/openssh/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
fips_enabled() {
if [ -r /proc/sys/crypto/fips_enabled ]; then
cat /proc/sys/crypto/fips_enabled
else
echo 0
fi
}
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
echo -n $"Generating SSH1 RSA host key: "
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
fi
success $"RSA key generation"
echo
else
failure $"RSA key generation"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
echo -n $"Generating SSH2 DSA host key: "
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
fi
success $"DSA key generation"
echo
else
failure $"DSA key generation"
echo
exit 1
fi
fi
}
do_restart_sanity_check()
{
$SSHD -t
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
failure $"Configuration file or keys are invalid"
echo
fi
}
start()
{
[ -x $SSHD ] || exit 5
[ -f /etc/ssh/sshd_config ] || exit 6
# Create keys if necessary
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
do_rsa_keygen
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
do_rsa1_keygen
do_dsa_keygen
fi
fi
echo -n $"Starting $prog: "
$SSHD $OPTIONS && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $PID_FILE $SSHD
RETVAL=$?
# if we are in halt or reboot runlevel kill all running sessions
# so the TCP connections are closed cleanly
if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
trap '' TERM
killall $prog 2>/dev/null
trap TERM
fi
[ $RETVAL -eq 0 ] && rm -f $lockfile
echo
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $PID_FILE $SSHD -HUP
RETVAL=$?
echo
}
restart() {
stop
start
}
force_reload() {
restart
}
rh_status() {
status -p $PID_FILE openssh-daemon
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
start
;;
stop)
if ! rh_status_q; then
rm -f $lockfile
exit 0
fi
stop
;;
restart)
restart
;;
reload)
rh_status_q || exit 7
reload
;;
force-reload)
force_reload
;;
condrestart|try-restart)
rh_status_q || exit 0
if [ -f $lockfile ] ; then
do_restart_sanity_check
if [ $RETVAL -eq 0 ] ; then
stop
# avoid race
sleep 3
start
else
RETVAL=6
fi
fi
;;
status)
rh_status
RETVAL=$?
if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
RETVAL=2
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
RETVAL=2
esac
exit $RETVAL
保存并退出编辑器。
步骤 7: 启动并验证新的 SSH 服务
重启 SSH 服务以使用新的 OpenSSH 版本:
sudo service sshd restart步骤 8: 验证版本
确认 SSH 服务已成功升级:
[root@ openssl]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1d 10 Sep 2019这将输出当前安装的 OpenSSH 版本,确保它与刚刚安装的版本一致。
通过这些步骤,你应该能够在 CentOS 6 上升级 OpenSSH。如果遇到任何依赖性问题或其他错误,请确保安装了所有必要的库,并根据错误信息进行调整。
近期评论