Redhat/CentOS 7.6升级OpenSSH8.3

举报
坚古运维 发表于 2020/11/17 09:28:20 2020/11/17
【摘要】 yum install gcc gcc-c++ openssl-devel autoconf automake zlib zlib-devel pcre-devel pam-devel rpm-build pam-devel telnet -yrpm -e --nodeps $(rpm -qa | grep openssh)cp -r /etc/ssh/ /tmp/sshcd /etc/ss...

红帽需先配置好yum源


yum install gcc gcc-c++ openssl-devel autoconf automake zlib zlib-devel pcre-devel pam-devel rpm-build pam-devel telnet -y

rpm -e --nodeps $(rpm -qa | grep openssh)

cp -r /etc/ssh/ /tmp/ssh

cd /etc/ssh/

rm /etc/ssh/* -rf

mkdir ~/openssh

cd ~/openssh

wget https://plug-mirror.rcac.purdue.edu/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz

tar xvf openssh-8.3p1.tar.gz

cd openssh-8.3p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl

make -j 4

make install

echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config

echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

cp -a /root/openssh/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd

chmod +x /etc/init.d/sshd

chkconfig sshd on

systemctl restart sshd

ssh -V


touch /etc/pam.d/sshd

vi /etc/pam.d/sshd(加入以下内容)

----------------------

#%PAM-1.0

auth       required     pam_sepermit.so

auth       substack     password-auth

auth       include      postlogin

# Used with polkit to reauthorize users in remote sessions

-auth      optional     pam_reauthorize.so prepare

account    required     pam_nologin.so

account    include      password-auth

password   include      password-auth

# pam_selinux.so close should be the first session rule

session    required     pam_selinux.so close

session    required     pam_loginuid.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session    required     pam_selinux.so open env_params

session    required     pam_namespace.so

session    optional     pam_keyinit.so force revoke

session    include      password-auth

session    include      postlogin

# Used with polkit to reauthorize users in remote sessions

-session   optional     pam_reauthorize.so prepare

-------------------------------------------------------

重启服务

systemctl restart sshd

重启服务器

reboot



如果还不行,关掉selinux的相关策略

[root@oa-app11 ~]# getsebool -a | grep ssh

fenced_can_ssh --> off

selinuxuser_use_ssh_chroot --> off

ssh_chroot_rw_homedirs --> off

ssh_keysign --> off

ssh_sysadm_login --> off

[root@oa-app11 ~]# setsebool -P ssh_keysign on

[root@oa-app11 ~]# reboot





【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
其他
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

确认 取消

加入云驻计划,成为创作者

  • 华为云周边好礼
  • 免费体验产品
  • 特殊身份标识
  • 线下官方门票
  • 内部专家零距离
  • 与10000+优质创作者共同成长
立即加入