共计 11360 个字符,预计需要花费 29 分钟才能阅读完成。
一、参考链接📑🔊
OpenSSH
阿里巴巴开源镜像站 -OPSX 镜像站 - 阿里云开发者社区 (aliyun.com)
openssh 镜像 -openssh 下载地址 -openssh 装置教程 - 阿里巴巴开源镜像站 (aliyun.com)
OpenSSH8.6 装置教程_wqww_1 的博客 -CSDN 博客_openssh8.6 安装包
二、OpenSSH 简介🏆
OpenSSH(OpenBSD Secure Shell)是应用 SSH 透过计算机网络加密通信的实现。它是取代由 SSH Communications Security 所提供的商用版本的凋谢源代码计划。目前 OpenSSH 是 OpenBSD 的子项目。
OpenSSH 经常被误认认为与 OpenSSL 有关系,但实际上这两个我的项目有不同的目标,不同的倒退团队,名称相近只是因为两者有同样的软件倒退指标──提供凋谢源代码的加密通信软件。
起源:维基百科
三、OpenSSH 安装操作🎈
1、革除缓存并更新 YUM 源🥇
[root@centos ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
[root@centos ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
repo id repo name status
base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,072
extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 500
updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 3,190
repolist: 13,762
2、查看原来 SSH 版本信息并卸载🔎
[root@centos ~]# rpm -qa | grep ssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
libssh2-1.8.0-4.el7.x86_64
[root@centos ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@centos ~]# rpm -qa | grep openssh | xargs rpm -e --nodeps
[root@centos ~]# rpm -qa | grep openssh
[root@centos ~]#
3、本地下载 OpenSSH 镜像包并上传至 Linux 零碎📺
(或者采纳步骤 4,二者取其一即可)
下载链接: 阿里云开源镜像站资源目录 (aliyun.com)
4、应用 wget 命令下载 OpenSSH 安装包🔗
复制链接地址。
https://mirrors.aliyun.com/op…
应用 wget 命令下载。🔍
[root@centos ~]# wget https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
--2021-12-15 12:43:53-- https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 27.221.120.242, 61.162.46.209, 27.221.120.240, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|27.221.120.242|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1815060 (1.7M) [application/octet-stream]
Saving to:‘openssh-8.8p1.tar.gz’100%[==============================================================================>] 1,815,060 3.36MB/s in 0.5s
2021-12-15 12:43:54 (3.36 MB/s) -‘openssh-8.8p1.tar.gz’saved [1815060/1815060]
[root@centos ~]#
5、采纳源码进行装置📗
# 查看 openssh 安装包
[root@centos ~]# ll
total 1780
-rw-------. 1 root root 1531 Nov 28 17:50 anaconda-ks.cfg
-rw-r--r-- 1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
[root@centos ~]#
[root@centos ~]# tar -zxvf openssh-8.8p1.tar.gz
[root@centos ~]# ll
total 1796
-rw-------. 1 root root 1531 Nov 28 17:50 anaconda-ks.cfg
drwxr-xr-x 7 1000 1000 12288 Sep 26 22:07 openssh-8.8p1
-rw-r--r-- 1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
#装置依赖包
[root@centos ~]# cd openssh-8.8p1
[root@centos openssh-8.8p1]# ls
······省略
[root@centos openssh-8.8p1]# yum install -y lrzsz zlib-devel perl gcc pam-devel openssl-devel
··········
装置过程省略
··········
Installed:
gcc.x86_64 0:4.8.5-44.el7 lrzsz.x86_64 0:0.12.20-36.el7 openssl-devel.x86_64 1:1.0.2k-22.el7_9
pam-devel.x86_64 0:1.1.8-23.el7 perl.x86_64 4:5.16.3-299.el7_9 zlib-devel.x86_64 0:1.2.7-19.el7_9
Dependency Installed:
keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-51.el7_9
libcom_err-devel.x86_64 0:1.42.9-19.el7 libkadm5.x86_64 0:1.15.1-51.el7_9
libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7
libverto-devel.x86_64 0:0.2.5-4.el7 pcre-devel.x86_64 0:8.32-17.el7
perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7
perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7
perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7
perl-PathTools.x86_64 0:3.40-5.el7 perl-Pod-Escapes.noarch 1:1.04-299.el7_9
perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7
perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
perl-Socket.x86_64 0:2.010-5.el7 perl-Storable.x86_64 0:2.45-3.el7
perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7
perl-libs.x86_64 4:5.16.3-299.el7_9 perl-macros.x86_64 4:5.16.3-299.el7_9
perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7
Dependency Updated:
krb5-libs.x86_64 0:1.15.1-51.el7_9 openssl.x86_64 1:1.0.2k-22.el7_9 openssl-libs.x86_64 1:1.0.2k-22.el7_9
Complete!
[root@centos openssh-8.8p1]#
# 装置 OpenSSH
[root@centos openssh-8.8p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam
OpenSSH has been configured with the following options:
User binaries: /usr/local/ssh/bin
System binaries: /usr/local/ssh/sbin
Configuration files: /etc/ssh
Askpass program: /usr/local/ssh/libexec/ssh-askpass
Manual pages: /usr/local/ssh/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: no
SELinux support: no
MD5 password support: no
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
PKCS#11 support: yes
U2F/FIDO support: yes
Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -g -O2 -pipe -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
Libraries: -lcrypto -ldl -lutil -lz -lcrypt -lresolv
+for sshd: -lpam
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
[root@centos openssh-8.8p1]#
# 开始编译装置
[root@centos openssh-8.8p1]# make
······
编译过程省略
······
[root@centos openssh-8.8p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/root/openssh-8.8p1/openbsd-compat'make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/openssh-8.8p1/openbsd-compat'
/usr/bin/mkdir -p /usr/local/ssh/bin
/usr/bin/mkdir -p /usr/local/ssh/sbin
/usr/bin/mkdir -p /usr/local/ssh/share/man/man1
/usr/bin/mkdir -p /usr/local/ssh/share/man/man5
/usr/bin/mkdir -p /usr/local/ssh/share/man/man8
/usr/bin/mkdir -p /usr/local/ssh/libexec
/usr/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/local/ssh/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/local/ssh/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/local/ssh/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/local/ssh/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/local/ssh/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/local/ssh/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/local/ssh/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/local/ssh/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/local/ssh/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/local/ssh/libexec/ssh-sk-helper
/usr/bin/install -c -m 0755 -s sftp /usr/local/ssh/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/local/ssh/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/local/ssh/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/local/ssh/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/local/ssh/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/local/ssh/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/local/ssh/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/local/ssh/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/local/ssh/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/local/ssh/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/local/ssh/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/local/ssh/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/local/ssh/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/local/ssh/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/ssh/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/ssh/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/ssh/share/man/man8/ssh-sk-helper.8
/usr/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: DSA
/usr/local/ssh/sbin/sshd -t -f /etc/ssh/sshd_config
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
[root@centos openssh-8.8p1]#
解压 openssh-8.8p1.tar.gz 压缩包,后果如下图所示。📌
通过 YUM 源命令装置 lrzsz zlib-devel perl gcc pam-devel 等服务组件,后果如下图所示了。📎📝
运行./configure –prefix=/usr/local/ssh –sysconfdir=/etc/ssh –with-pam 此命令后,后果如下图所示。
运行完 make 命令后,后果如下图所示。
运行完 make install 命令后,后果如下图所示。
6、批改相干参数📚
[root@centos openssh-8.8p1]# cd /etc/init.d/
[root@centos init.d]# cp /root/openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
[root@centos init.d]# ll
total 44
-rw-r--r--. 1 root root 18281 May 22 2020 functions
-rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole
-rwxr-xr-x. 1 root root 7928 May 22 2020 network
-rw-r--r--. 1 root root 1160 Oct 2 2020 README
-rwxr-xr-x 1 root root 1721 Dec 15 13:20 sshd
[root@centos init.d]# chmod u+x /etc/init.d/sshd
[root@centos init.d]# chkconfig --add sshd
[root@centos init.d]# cp /root/openssh-8.8p1/sshd_config /etc/ssh/ssh_config
cp: overwrite‘/etc/ssh/ssh_config’? y
[root@centos init.d]# cp -r /usr/local/ssh/bin/* /usr/bin/
[root@centos init.d]# cp -r /usr/local/ssh/sbin/* /usr/sbin/
[root@centos init.d]# vi /etc/ssh/sshd_config
增加如下内容
#PasswordAuthentication yes
PermitRootLogin yes
[root@centos init.d]#chmod 600 /etc/ssh/*
7、启动并查看 SSH 服务📞🧰
[root@centos ~]# systemctl start sshd
[root@centos ~]# systemctl restart sshd
[root@centos ~]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Wed 2021-12-15 13:24:56 CST; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 19403 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 19409 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 19417 (sshd)
CGroup: /system.slice/sshd.service
└─19417 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Dec 15 13:24:56 centos systemd[1]: Stopped SYSV: OpenSSH server daemon.
Dec 15 13:24:56 centos systemd[1]: Starting SYSV: OpenSSH server daemon...
Dec 15 13:24:56 centos sshd[19409]: Starting sshd:[OK]
Dec 15 13:24:56 centos systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
Dec 15 13:24:56 centos sshd[19417]: Server listening on 0.0.0.0 port 22.
Dec 15 13:24:56 centos sshd[19417]: Server listening on :: port 22.
Dec 15 13:24:56 centos systemd[1]: Started SYSV: OpenSSH server daemon.
8、查看 SSH 服务版本信息。🎶🎧
[root@centos ~]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips 26 Jan 2017