Upgrade OpenSSH to 9.0 on CentOS #
Install the software packages required for compilation:
yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel/Users/kiga/WorkSpace/backend/README.md
download openssh install pakage
cd /usr/local/src
wget -O openssh.tar.gz https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
Backup configuration files. Generally, when uninstalling, the configuration files will be saved as sshd_config.rpmsave. However, the /etc/pam.d/sshd configuration file is not saved separately, so it is recommended to backup all
cp /etc/ssh/sshd_config sshd_config.backup
cp /etc/pam.d/sshd sshd.backup
Remove the lower version OpenSSH rpm package, not necessary
rpm -e --nodeps `rpm -qa | grep openssh`
Install openssh #
decompress
tar -zxvf openssh.tar.gz
cd openssh-9.0p1
configure
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
compile and install
make && make install
permissions #
adjust file permissions
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
copy configuration files
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
restore configuration files
mv ../sshd.backup /etc/pam.d/sshd
mv ../sshd_config.backup /etc/ssh/sshd_config
add the ssh service to the start up items for automatics startup
chkconfig --add sshd
chkconfig sshd on
restart ssh service
systemctl restart sshd
Verify the results #
# ssh -V
OpenSSH_9.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Centos can ping but cannot ssh #
sudo systemctl restart sshd
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --reload
sudo setenforce 0