centos离线补丁服务器 centos离线升级

转载

架构魔法之光 2024-02-23 21:10:12

文章标签 centos离线补丁服务器 linux ssh 服务器 java 文章分类 架构后端开发

centos6.5 离线升级openssh7.7

测试环境需要联网准备离线升级的安装包
使用环境：centos6.5 数据迁移到centos 9
openssh 版本太低导致6.5无法ssh到9上面。

1.注意网关

route -n 
route add default gw  192.168.11.2

2.注意dns

vim /etc/resolv.conf
nameserver	114.114.114.114
重启网络命令： service network restart 
重启ssh命令：service sshd restart

3.注意下载源

这里使用阿里源
地址：https://developer.aliyun.com/mirror/
地址：https://developer.aliyun.com/mirror/centos?spm=a2c6h.13651102.0.0.3e221b11DPaMrO

centos6（centos6官方源已下线，建议切换centos-vault源）

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo
运行 yum makecache 生成缓存
yum makecache

4.下载

yum install yum-plugin-downloadonly 

参数说明：
--downloadonly 仅下载依赖包不安装

--downloaddir 下载的依赖包保存的文件位置

示例：yum install --downloadonly --downloaddir=/opt/rpm/gcc/ gcc    -y

5.开始操作

cd /opt

1：下载openssh7.7
wget https://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/openssh-7.7p1.tar.gz

2备份ssh配置
mkdir /bak && mv /etc/ssh /bak/ssh.bak

解压  tar -zxf openssh-7.7p1.tar.gz
cd  openssh-7.7p1

[root@localhost openssh-7.7p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh
checking for gcc... no
checking for cc... no
checking for cl.exe... no
configure: error: in `/opt/openssh-7.7p1':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details

6.安装gcc

mkdir /opt/rpm/gcc -p
yum install --downloadonly --downloaddir=/opt/rpm/gcc/ gcc    -y
只是下载包 不安装
cd /opt/rpm/gcc
rpm安装：rpm -ivh ./* --nodeps  --force

[root@localhost gcc]# pwd
/opt/rpm/gcc
[root@localhost gcc]# ls
cloog-ppl-0.15.7-1.2.el6.x86_64.rpm  libgomp-4.4.7-23.el6.x86_64.rpm
cpp-4.4.7-23.el6.x86_64.rpm          mpfr-2.4.1-6.el6.x86_64.rpm
gcc-4.4.7-23.el6.x86_64.rpm          ppl-0.10.2-11.el6.x86_64.rpm
libgcc-4.4.7-23.el6.x86_64.rpm
[root@localhost gcc]# rpm -ivh ./* --nodeps  --force
Preparing...                ########################################### [100%]
   1:libgcc                 ########################################### [ 14%]
   2:ppl                    ########################################### [ 29%]
   3:cloog-ppl              ########################################### [ 43%]
   4:mpfr                   ########################################### [ 57%]
   5:cpp                    ########################################### [ 71%]
   6:libgomp                ########################################### [ 86%]
   7:gcc                    ########################################### [100%]
[root@localhost gcc]#gcc -v
使用内建 specs。
目标：x86_64-redhat-linux
配置为：../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
线程模型：posix
gcc 版本 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)

7.继续编译openssh

./configure --prefix=/usr --sysconfdir=/etc/ssh
 
 checking zlib.h usability... no
checking zlib.h presence... no
checking for zlib.h... no
configure: error: *** zlib.h missing - please install first or check config.log ***
[root@localhost openssh-7.7p1]#

8.安装 zlib

#yum install -y zlib-devel
mkdir /opt/rpm/zlib-devel
yum install -y --downloadonly --downloaddir=/opt/rpm/zlib-devel zlib-devel

[root@localhost rpm]# ls
gcc  zlib-devel-1.2.3-29.el6.x86_64.rpm
[root@localhost rpm]# rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm
Preparing...                ########################################### [100%]
   1:zlib-devel             ########################################### [100%]
[root@localhost rpm]#

9.继续编译openssh

./configure --prefix=/usr --sysconfdir=/etc/ssh
 
 checking openssl/opensslv.h usability... no
checking openssl/opensslv.h presence... no
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***
[root@localhost openssh-7.7p1]#

10.安装openssl-devel

# yum -y install openssl-devel
mkdir /opt/rpm/openssl-devl
yum install -y --downloadonly --downloaddir=/opt/rpm/openssl-devel  openssl-devel

[root@localhost openssl-devel]# pwd
/opt/rpm/openssl-devel
[root@localhost openssl-devel]# ls
e2fsprogs-1.41.12-24.el6.x86_64.rpm       krb5-workstation-1.10.3-65.el6.x86_64.rpm   libselinux-utils-2.0.94-7.el6.x86_64.rpm
e2fsprogs-libs-1.41.12-24.el6.x86_64.rpm  libcom_err-1.41.12-24.el6.x86_64.rpm        libsepol-devel-2.0.41-4.el6.x86_64.rpm
keyutils-1.4-5.el6.x86_64.rpm             libcom_err-devel-1.41.12-24.el6.x86_64.rpm  libss-1.41.12-24.el6.x86_64.rpm
keyutils-libs-1.4-5.el6.x86_64.rpm        libkadm5-1.10.3-65.el6.x86_64.rpm           openssl-1.0.1e-58.el6_10.x86_64.rpm
keyutils-libs-devel-1.4-5.el6.x86_64.rpm  libselinux-2.0.94-7.el6.x86_64.rpm          openssl-devel-1.0.1e-58.el6_10.x86_64.rpm
krb5-devel-1.10.3-65.el6.x86_64.rpm       libselinux-devel-2.0.94-7.el6.x86_64.rpm
krb5-libs-1.10.3-65.el6.x86_64.rpm        libselinux-python-2.0.94-7.el6.x86_64.rpm
[root@localhost openssl-devel]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost openssl-devel]# rpm -ivh ./* --nodeps  --force
Preparing...                ########################################### [100%]
   1:libcom_err             ########################################### [  5%]
   2:libselinux             ########################################### [ 11%]
   3:keyutils-libs          ########################################### [ 16%]
   4:krb5-libs              ########################################### [ 21%]
   5:libkadm5               ########################################### [ 26%]
   6:libss                  ########################################### [ 32%]
   7:openssl                ########################################### [ 37%]
   8:keyutils-libs-devel    ########################################### [ 42%]
   9:e2fsprogs-libs         ########################################### [ 47%]
  10:libcom_err-devel       ########################################### [ 53%]
  11:libsepol-devel         ########################################### [ 58%]
  12:libselinux-devel       ########################################### [ 63%]
  13:krb5-devel             ########################################### [ 68%]
  14:openssl-devel          ########################################### [ 74%]
  15:e2fsprogs              ########################################### [ 79%]
  16:krb5-workstation       ########################################### [ 84%]
  17:keyutils               ########################################### [ 89%]
  18:libselinux-python      ########################################### [ 95%]
  19:libselinux-utils       ########################################### [100%]

11.继续编译openssh

[root@localhost openssh-7.7p1]# pwd
/opt/openssh-7.7p1
[root@localhost openssh-7.7p1]#  ./configure --prefix=/usr --sysconfdir=/etc/ssh

OpenSSH has been configured with the following options:
                     User binaries: /usr/bin
                   System binaries: /usr/sbin
               Configuration files: /etc/ssh
                   Askpass program: /usr/libexec/ssh-askpass
                      Manual pages: /usr/share/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
                    Manpage format: doc
                       PAM support: no
                   OSF SIA support: no
                 KerberosV support: no
                   SELinux support: no
                     S/KEY support: no
              MD5 password support: no
                   libedit support: no
                   libldns support: no
  Solaris process contract support: no
           Solaris project support: no
         Solaris privilege support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY
             Privsep sandbox style: rlimit

              Host: x86_64-pc-linux-gnu
          Compiler: gcc
    Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE
Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
      Linker flags:  -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie
         Libraries: -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

[root@localhost openssh-7.7p1]#make

12.需要测试：

make完成后先不要make install，先卸载旧版的openssh

rpm -e --nodeps `rpm -qa | grep openssh`

[root@localhost openssh-7.7p1]# rpm -e --nodeps `rpm -qa | grep openssh`
[root@localhost openssh-7.7p1]#

完成后执行make install:

# make install


[root@localhost openssh-7.7p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/opt/openssh-7.7p1/openbsd-compat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/opt/openssh-7.7p1/openbsd-compat'
/bin/mkdir -p /usr/bin
/bin/mkdir -p /usr/sbin
/bin/mkdir -p /usr/share/man/man1
/bin/mkdir -p /usr/share/man/man5
/bin/mkdir -p /usr/share/man/man8
/bin/mkdir -p /usr/libexec
/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8
/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
[root@localhost openssh-7.7p1]#


查看下安装结果：

# ssh -V
[root@localhost openssh-7.7p1]# ssh -V
OpenSSH_7.7p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost openssh-7.7p1]#

至此编译安装完成。

13.注意

重启会导致ssh链接断开，会连不上去，如果是远程的话，先安装一个telnet 或者去控制台执行重启sshd 防止连不上。执行两遍。

配置sshd服务
复制启动文件到/etc/init.d/下并命名为sshd，加入开机启动

# cp contrib/redhat/sshd.init /etc/init.d/sshd
# chkconfig --add sshd
允许root使用ssh：

openssh7.5默认root用户是不能用ssh远程登录的，需要修改配置文件：

# vim /etc/ssh/sshd_config
找到#PermitRootLogin prohibit-password项，去掉注释并把prohibit-password改为yes

PermitRootLogin yes
重启ssh服务：
# service sshd restart
至此升级/安装完成。

##########################################################################################
注意 重启会导致ssh链接断开，会连不上去，如果是远程的话，先安装一个telnet 或者去控制台 执行重启sshd 防止连不上。


centos6.5 ssh到centos stream 9 成功

[root@localhost ~]# ssh root@192.168.11.11
The authenticity of host '192.168.11.11 (192.168.11.11)' can't be established.
ECDSA key fingerprint is SHA256:a6qV5aaT+vW2/fsNOGXZE6wJfxn3fbrGMC4/ZdwTYls.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.11.11' (ECDSA) to the list of known hosts.
root@192.168.11.11's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu Jul 21 21:40:50 2022 from 192.168.11.1
[root@c9 ~]# cat /etc/redhat-release
CentOS Stream release 9
[root@c9 ~]# exit
注销
Connection to 192.168.11.11 closed.
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

14.参考操作：

2.测试离线升级

1.打包软件：

[root@localhost ~]# cd /opt/ && ls
openssh-7.7p1  openssh-7.7p1.tar.gz  resolv.conf  rpm
[root@localhost opt]# mv openssh-7.7p1.tar.gz rpm/
[root@localhost opt]# ls rpm/
gcc  openssh-7.7p1.tar.gz  openssl-devel  zlib-devel
[root@localhost opt]# tar -cvzf rpm.tar.gz rpm && ls
openssh-7.7p1  resolv.conf  rpm  rpm.tar.gz
[root@localhost opt]# scp rpm.tar.gz root@192.168.11.17:/tmp/

下面我登陆到 192.168.11.17这台centos6.5系统的机器

[root@c9 ~]# cat /etc/redhat-release
CentOS Stream release 9
[root@c9 ~]# hostname -I
192.168.11.11

[root@localhost ~]# ssh root@192.168.11.11
no hostkey alg


[root@localhost ~]# hostname -I && cat /etc/redhat-release && ssh -V  && ls /tmp/*.gz && mkdir /bak/ && mv /etc/ssh /bak/ssh.bak && tar -zxf /tmp/rpm.tar.gz -C /opt/ && cd /opt/rpm/ && ls
192.168.11.17
CentOS release 6.5 (Final)
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
/tmp/rpm.tar.gz
gcc  openssh-7.7p1.tar.gz  openssl-devel  zlib-devel

2.安装gcc zlib-devel openssl-devel

[root@localhost rpm]# rpm -ivh gcc/* zlib-devel/* openssl-devel/*  --nodeps  --force
Preparing...                ########################################### [100%]
   1:libcom_err             ########################################### [  4%]
   2:libselinux             ########################################### [  7%]
   3:keyutils-libs          ########################################### [ 11%]
   4:krb5-libs              ########################################### [ 15%]
   5:libkadm5               ########################################### [ 19%]
   6:libss                  ########################################### [ 22%]
   7:libgcc                 ########################################### [ 26%]
   8:ppl                    ########################################### [ 30%]
   9:cloog-ppl              ########################################### [ 33%]
  10:openssl                ########################################### [ 37%]
  11:keyutils-libs-devel    ########################################### [ 41%]
  12:e2fsprogs-libs         ########################################### [ 44%]
  13:libcom_err-devel       ########################################### [ 48%]
  14:libsepol-devel         ########################################### [ 52%]
  15:libselinux-devel       ########################################### [ 56%]
  16:krb5-devel             ########################################### [ 59%]
  17:zlib-devel             ########################################### [ 63%]
  18:mpfr                   ########################################### [ 67%]
  19:cpp                    ########################################### [ 70%]
  20:libgomp                ########################################### [ 74%]
  21:gcc                    ########################################### [ 78%]
  22:openssl-devel          ########################################### [ 81%]
  23:e2fsprogs              ########################################### [ 85%]
  24:krb5-workstation       ########################################### [ 89%]
  25:keyutils               ########################################### [ 93%]
  26:libselinux-python      ########################################### [ 96%]
  27:libselinux-utils       ########################################### [100%]
[root@localhost rpm]# gcc -v
使用内建 specs。
目标：x86_64-redhat-linux
配置为：../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
线程模型：posix
gcc 版本 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)
[root@localhost rpm]#

3.编译openssh7.7

[root@localhost rpm]# tar -zxf openssh-7.7p1.tar.gz && ls
gcc  openssh-7.7p1  openssh-7.7p1.tar.gz  openssl-devel  zlib-devel
[root@localhost rpm]# cd openssh-7.7p1
[root@localhost openssh-7.7p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh

config.status: creating survey.sh
config.status: creating config.h

OpenSSH has been configured with the following options:
                     User binaries: /usr/bin
                   System binaries: /usr/sbin
               Configuration files: /etc/ssh
                   Askpass program: /usr/libexec/ssh-askpass
                      Manual pages: /usr/share/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
                    Manpage format: doc
                       PAM support: no
                   OSF SIA support: no
                 KerberosV support: no
                   SELinux support: no
                     S/KEY support: no
              MD5 password support: no
                   libedit support: no
                   libldns support: no
  Solaris process contract support: no
           Solaris project support: no
         Solaris privilege support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY
             Privsep sandbox style: rlimit

              Host: x86_64-pc-linux-gnu
          Compiler: gcc
    Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE
Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
      Linker flags:  -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie
         Libraries: -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

[root@localhost openssh-7.7p1]#

4.make完成后先不要make install，先卸载旧版的openssh

[root@localhost openssh-7.7p1]# make

rpm -e --nodeps `rpm -qa | grep openssh`

完成后执行make install:

# make install
查看下安装结果：

# ssh -V
至此编译安装完成。

[root@localhost openssh-7.7p1]# rpm -e --nodeps `rpm -qa | grep openssh`
[root@localhost openssh-7.7p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/opt/rpm/openssh-7.7p1/openbsd-compat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/opt/rpm/openssh-7.7p1/openbsd-compat'
/bin/mkdir -p /usr/bin
/bin/mkdir -p /usr/sbin
/bin/mkdir -p /usr/share/man/man1
/bin/mkdir -p /usr/share/man/man5
/bin/mkdir -p /usr/share/man/man8
/bin/mkdir -p /usr/libexec
/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8
/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
[root@localhost openssh-7.7p1]# ssh -V
OpenSSH_7.7p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost openssh-7.7p1]#
l

5.注意

重启会导致ssh链接断开，会连不上去，如果是远程的话，先安装一个telnet 或者去控制台执行重启sshd 防止连不上。

配置sshd服务
复制启动文件到/etc/init.d/下并命名为sshd，加入开机启动

# cp contrib/redhat/sshd.init /etc/init.d/sshd
# chkconfig --add sshd
允许root使用ssh：

openssh7.5默认root用户是不能用ssh远程登录的，需要修改配置文件：

# vim /etc/ssh/sshd_config
找到#PermitRootLogin prohibit-password项，去掉注释并把prohibit-password改为yes

PermitRootLogin yes
重启ssh服务：
# service sshd restart
至此升级/安装完成。

##########################################################################################
注意 重启会导致ssh链接断开，会连不上去，如果是远程的话，先安装一个telnet 或者去控制台 执行重启sshd 防止连不上。


centos6.5 ssh到centos stream 9 成功

[root@localhost ~]# ssh root@192.168.11.11
The authenticity of host '192.168.11.11 (192.168.11.11)' can't be established.
ECDSA key fingerprint is SHA256:a6qV5aaT+vW2/fsNOGXZE6wJfxn3fbrGMC4/ZdwTYls.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.11.11' (ECDSA) to the list of known hosts.
root@192.168.11.11's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu Jul 21 21:40:50 2022 from 192.168.11.1
[root@c9 ~]# cat /etc/redhat-release
CentOS Stream release 9
[root@c9 ~]# exit
注销
Connection to 192.168.11.11 closed.
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

3.离线步骤

首先要有包 确定操作系统版本 是i386还是X86的避免下错rpm包

1.查看内核版本
uname -a
2.查看操作系统版本号]
lsb_release -a
cat /etc/redhat-release

1.
[root@localhost ~]# hostname -I && cat /etc/redhat-release && ssh -V  && ls /tmp/*.gz && mkdir /bak/ && mv /etc/ssh /bak/ssh.bak && tar -zxf /tmp/rpm.tar.gz -C /opt/ && cd /opt/rpm/ && ls
 
命令详解：查看本机IP && 查看发行版名称和版本号 && 查看ssh版本 && 查看/tmp目录传过来的.gz包 && 创建备份文件夹 && 移动/etc/ssh 到/bak/并命名为ssh.bak && 解压包到/opt/目录下 && 切换到 /opt/rpm目录下 && 查看目录下文件

  2.安装gcc  zlib-devel openssl-deve
[root@localhost rpm]# rpm -ivh gcc/* zlib-devel/* openssl-devel/*  --nodeps  --force
 
 3.检查gcc信息
 root@localhost rpm]# gcc -v
 
 4.解压openssh-7.7p1.tar.gz
 [root@localhost rpm]# tar -zxf openssh-7.7p1.tar.gz && ls
gcc    openssh-7.7p1.tar.gz  openssl-devel  zlib-devel

5.编译
[root@localhost rpm]# cd openssh-7.7p1
[root@localhost openssh-7.7p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh

6.make
[root@localhost openssh-7.7p1]# make

7.卸载旧版openssh
[root@localhost openssh-7.7p1]# rpm -e --nodeps `rpm -qa | grep openssh`

8.mkae install
[root@localhost openssh-7.7p1]# make install

9.查看ssh版本
[root@localhost openssh-7.7p1]# ssh -V
OpenSSH_7.7p1, OpenSSL 1.0.1e-fips 11 Feb 2013

10.配置sshd服务 复制启动文件到/etc/init.d/下并命名为sshd，加入开机启动
[root@localhost openssh-7.7p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-7.7p1]# chkconfig --add sshd

11.允许root使用ssh
[root@localhost openssh-7.7p1]# vim /etc/ssh/sshd_config
PermitRootLogin yes

12.重启ssh服务 
注意 重启会导致ssh链接断开，会连不上去，如果是远程的话，先安装一个telnet 或者去控制台 执行重启sshd 防止连不上。执行两遍。
[root@localhost openssh-7.7p1]# service sshd restart

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。