安装openssl-1.1.1k
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz --no-check-certificate
yum -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel make perl-core gcc-c++ pcre-devel
rpm -e `rpm -qa | grep openssl | grep -v libs` --nodeps
cp /etc/ld.so.conf /etc/ld.so.conf.bak
openssl version
tar -xf openssl-1.1.1k.tar.gz
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
make install
sh -c 'echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl-1.1.1k.conf'
ldconfig
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
/usr/local/openssl/bin/openssl version
卸载旧的openssh
yum remove openssh –y
rm -rf /etc/ssh/*
安装openssh-8.9p1
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
tar -xf openssh-8.9p1.tar.gz
cd openssh-8.9p1
./configure --with-openssl=/usr/local/openssl --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-zlib --with-md5-passwords --with-pam --with-ssl-dir=/usr/local/openssl
make
make install
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
service sshd restart
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
vim /etc/ssh/sshd_config
##配置
PermitRootLogin yes
PasswordAuthentication yes
##重启ssh
systemctl restart sshd