OpenSSH通过RPM升级到9.6

首先ssh -V 查看系统当前版本

ssh -V

1、配置openssh目录，备份原配置文件

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
mkdir -p /data/soft/openssh
cd /data/soft/openssh

rz rpm文件

rpm -Uvh /data/soft/openssh/*.rpm --force --nodeps --nosignature

#如果出现报错，是rpm数据库损坏，重新重构就可以了。

# cd /var/lib/rpm
# clear
# ls | grep 'db.'
__db.001
__db.002
__db.003
# for i in $(ls | grep 'db.');do mv $i $i.bak;done
# ls | grep 'db.'
__db.001.bak
__db.002.bak
__db.003.bak

# rpm -qa | grep telnet
# yum clean all

===========================

4、修改ssh目录文件权限

chmod 600 /etc/ssh/ssh_host_rsa_key

chmod 600 /etc/ssh/ssh_host_ecdsa_key

chmod 600 /etc/ssh/ssh_host_ed25519_key

5、移除sshd_config配置，恢复原先的ssh配置

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak1

mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config

6、修改sshd_config参数，否则root无法登录

sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication yes/g" /etc/ssh/sshd_config

sed -i -e "s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g" /etc/ssh/sshd_config

sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config

sed -i -e "s/#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

7、修改/etc/pam.d/sshd的配置

cat > /etc/pam.d/sshd <<EOF
#%PAM-1.0

auth required pam_sepermit.so

auth include password-auth

account required pam_nologin.so

account include password-auth

password include password-auth

# pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session required pam_loginuid.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open env_params

session optional pam_keyinit.so force revoke

session include password-auth

EOF

8、重启ssh服务

systemctl restart sshd

9、验证升级后ssh版本 ，再开一个窗口尝试SSH链接服务器

ssh -V

10、升级成功，删除rpm文件

rm -rf /data/soft/openssh