标签:ssh7.5 升级ssh
1、准备:
安装必须的包:yum install zlib zlib-devel openssl-devel pam-devel pam-krb5 krb5-devel krb5-libs pam-devel
下载:wget https://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
2、安装:
tar zxf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so(防止出现Unsupported option GSSAPIAuthentication 和 Unsupported option GSSAPICleanupCredentials)
会出现以下提示:
PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail.Example PAM control files can be found in the contrib/ subdirectory
cp /etc/init.d/sshd /etc/init.d/sshd_old
cp /etc/pam.d/sshd /etc/pam.d/sshd_old
cd openssh-7.5p1/contrib/redhat
cp sshd.init /etc/init.d/sshd
cp sshd.pam /etc/pam.d/sshd
修改/etc/ssh/sshd_config中 UsePAM yes
make && make install
3、重启sshd服务
service sshd restart
ssh -V
4、注:ssh升级后,默认关闭root远程登录,如果需要,请打开
5、如果无法登录,请修改/etc/pam.d/sshd
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
本文出自 “sky” 博客,转载请与作者联系!
标签:ssh7.5 升级ssh
原文地址:http://songky.blog.51cto.com/164603/1966494