1、查看操作系统、OpenSSH版本信息:
[root@test-OpenSSH ~]# cat /etc/redhat-release
Rocky Linux release 8.8 (Green Obsidian)
[root@test-OpenSSH ~]# telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.0
^]
telnet> quit
Connection closed.
[root@test-OpenSSH ~]#
2、安装相关依赖包:
2.1、配置本地源:Rocky_Linux_8.7
echo "# Rocky-Media.repo
#
# You can use this repo to install items directly off the installation media.
# Verify your mount point matches one of the below file:// paths.
[media-baseos]
name=Rocky Linux $releasever - Media - BaseOS
baseurl=file:///run/media/root/Rocky-8-7-x86_64-dvd/BaseOS
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
[media-appstream]
name=Rocky Linux $releasever - Media - AppStream
baseurl=file:///run/media/root/Rocky-8-7-x86_64-dvd/AppStream
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial" > /etc/yum.repos.d/Rocky-Media.repo
2.2、配置本地源:CentOS 8.2
echo "# CentOS-Media.repo
#
# This repo can be used with mounted DVD media, verify the mount point for
# CentOS-8. You can use this repo and yum to install items directly off the
# DVD ISO that we release.
#
# To use this repo, put in your DVD and use it with the other repos too:
# yum --enablerepo=c8-media [command]
#
# or for ONLY the media repo, do this:
#
# yum --disablerepo=\* --enablerepo=c8-media [command]
[c8-media-BaseOS]
name=CentOS-BaseOS-$releasever - Media
baseurl=file:///media/BaseOS
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[c8-media-AppStream]
name=CentOS-AppStream-$releasever - Media
baseurl=file:///media/AppStream
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
" > /etc/yum.repos.d/CentOS-Media.repo
2.3、安装依赖包:
yum -y groupinstall "Development Tools"
yum -y install zlib-devel openssl-devel pam-devel libselinux-devel
3、备份配置文件:
mkdir /etc/ssh_old
mv /etc/ssh/* /etc/ssh_old/
4、下载安装包(可以提前在外网下载,上传到服务器上),开始编译安装:
https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz?spm=a2c6h.25603864.0.0.686840adoiO9Tt -O openssh-9.3p2.tar.gz
tar zxf openssh-9.3p2.tar.gz
cd openssh-9.3p2/
./configure --prefix=/usr/ --sysconfdir=/etc/ssh -with-pam=enable --with-selinux
make && make install
ssh -V
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
5、配置 sshd 服务:
rm -rf /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /etc/ssh_old/sshd.service
mv /usr/lib/systemd/system/sshd.socket /etc/ssh_old/sshd.socket
\cp -p contrib/redhat/sshd.init /etc/init.d/sshd
\cp -p contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
chkconfig --add sshd
systemctl enable sshd.service
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
service sshd restart
systemctl daemon-reload
systemctl list-unit-files --type=service | grep sshd
touch /etc/ssh/ssh_host_dsa_key.pub
systemctl restart sshd
systemctl status sshd
6、远程telnet,验证 sshd 服务的版本:
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.3
^]
telnet> quit
Connection closed.
6、添加测试端口1022,配置防火墙【本步骤,可忽略】:
nohup /usr/sbin/sshd -D -p 1022 &
firewall-cmd --zone=public --add-port=1022/tcp --permanent
firewall-cmd --reload
7、其他报错问题解决:
7.1、error: PAM: Authentication failure for root from
tail -f /var/log/message
sshd[482236]: error: PAM: Authentication failure for root from
echo "
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
" > /etc/pam.d/sshd
systemctl restart sshd
7.2、启用操作系统防火墙:
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --list-all
文章评论