Upgrade Openssh on Centos7
step 1 upgrade openssl
1、download openssl from openssl
wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz
2、compile and install
tar xzvf openssl-1.1.1n.tar.gz
cd openssl-1.1.1n
./config --prefix=/usr/local/openssl -d shared # no-shared:指示生成静态库
make
make install
echo '/usr/local/openssl/lib' >>/etc/ld.so.conf.d/openssl.conf
ldconfig -v
mv /bin/openssl /bin/openssl.bak
ln -s /usr/local/openssl/bin/openssl /bin/openssl
openssl version
step 2 upgrade zlib
1、download zlib from zlib
wget http://www.zlib.net/zlib-1.2.12.tar.gz
2、compile and install
tar xzvf zlib-1.2.12.tar.gz
cd zlib-1.2.12
./configure --prefix=/usr/local/zlib
make
make install
step 3 upgrade openssh
1、download openssh from openssh
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz
2、remove and backup old openssh
rpm -e --nodeps `rpm -qa |grep openssh`
mv /etc/ssh /etc/ssh.bak
3、compile and install
tar xzvf openssh-8.7p1.tar.gz
cd openssh-8.7p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib-dir=/usr/local/zlib --without-hardening
make
make install
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp contrib/redhat/sshd.init /etc/init.d/sshd
systemctl daemon-reload
systemctl start sshd.service
systemctl enable sshd.service
