当前位置：首页 > news >正文

centos6.5升级openssh10.2p1

news 2026/3/26 19:12:43

#背景 CentOS release 6.5系统版本比较老，openssh 有漏洞需要升级
# 1. 安装依赖
```
下载源码
https://github.com/openssl/openssl/releases/download/openssl-3.0.18/openssl-3.0.18.tar.gz
https://www.cpan.org/authors/id/B/BI/BINGOS/IPC-Cmd-1.04.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.2p1.tar.gz-------------------------------------------------------------yum -y install gcc make perl    #zlib zlib-devel
yum install -y  gcc openssl-devel pam-devel rpm-build
yum install   telnet-server telnet xinetd -y
yum install -y perl-CPAN perl-ExtUtils-MakeMaker# 安装 Perl 核心开发工具
yum install -y perl-CPAN perl-Module-Build perl-ExtUtils-CBuilder
# 方案一：通过 yum 直接安装（推荐）
yum install -y perl-Params-Check#执行如下提示即可
perl -MModule::Load::Conditional -e 'print "Module ready\n"'
# 成功输出：Module ready#### 离线下载rpm安装 yum -y install 安装包 --downloadonly --downloaddir=./yum -y localinstall *.rpm```# 2. 安装telnet
```
# 修改 telnet 配置文件
vi /etc/xinetd.d/telnet
service telnet
{flags           = REUSEsocket_type     = streamwait            = nouser            = rootserver          = /usr/sbin/in.telnetdlog_on_failure  += USERIDdisable         = no  # 关键配置项
}# 重新加载 xinetd 配置
service xinetd reload
# 或完整重启
service xinetd restart# 检查 23 端口监听
netstat -antp | grep :23
# 预期输出示例：
# tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1234/xinetd如果登录失败添加查看允许的终端类型# 查看允许的终端类型(如果不能登录查看/var/log/secure 日志少pts什么类型)
cat /etc/securetty
# 典型问题：缺少 pts 设备（Telnet 使用虚拟终端）echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty 
echo "pts/2" >> /etc/securetty ```# 3. 安装openssl  3.0.18```
安装IPC-Cmd，否则会提示少IPC等tar xf IPC-Cmd-1.04.tar.gz cd IPC-Cmd-1.04lsperl Makefile.PLmake && make installtar xf openssl-3.0.18.tar.gz
cd    openssl-3.0.18
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl/ssl shared zlibmake && make installecho "/usr/local/openssl/lib64/" >> /etc/ld.so.confldconfigmv /usr/bin/openssl /usr/bin/openssl.old  # 备份旧版本
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl````# 4. 安装openssh 10.2
```
卸载 ssh
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps;donemv /etc/ssh /etc/ssh.oldtar xf openssh-10.2p1.tar.g./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr --with-ssl-dir=/usr/local/openssl --with-zlib --with-pam --with-md5-passwordsmake && make installcp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list|grep sshd
sed -i "32a PermitRootLogin yes" /etc/ssh/sshd_config重启/etc/init.d/sshd stop  &&  /etc/init.d/sshd start#检查是否升级成功
[root@localhost ~]# ssh -V
OpenSSH_10.2p1, OpenSSL 3.0.18 30 Sep 2025```

查看全文

http://www.jsqmd.com/news/39330/