Article catalog π
-
-
- 1, Reference link π
- 2, Introduction to OpenSSH π
- 3, OpenSSH installation operation π
-
- 1. Clear cache and update YUM source π₯
- 2. View the original SSH version information and uninstall π
- 3. Download the OpenSSH image package locally and upload it to the Linux system πΊ
- 4. Use the wget command to download the OpenSSH installation package π
- 5. Use the source code for installation π
- 6. Modify relevant parameters π
- 7. Start and view SSH service π π§°
- 8. View SSH service version information. πΆπ§
-
1, Reference link π
Alibaba open source mirror - OPSX mirror - Alibaba cloud developer community (aliyun.com)
openssh8.6 installation tutorial_ wqww_1 blog - CSDN blog_ openssh8.6 installation package
2, Introduction to OpenSSH π
OpenSSH (OpenBSD Secure Shell) is the implementation of encrypting communication through computer network using SSH. It is an open source solution to replace the commercial version provided by SSH Communications Security. At present, OpenSSH is a sub project of OpenBSD.
OpenSSH is often mistaken for being related to OpenSSL, but in fact, the two projects have different purposes, different development teams and similar names, just because they have the same software development goal - to provide open source encrypted communication software.
Source: Wikipedia
3, OpenSSH installation operation π
1. Clear cache and update YUM source π₯
[root@centos ~]# yum clean all Loaded plugins: fastestmirror Cleaning repos: base extras updates Cleaning up list of fastest mirrors [root@centos ~]# yum repolist Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com repo id repo name status base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,072 extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 500 updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 3,190 repolist: 13,762
2. View the original SSH version information and uninstall π
[root@centos ~]# rpm -qa | grep ssh openssh-clients-7.4p1-21.el7.x86_64 openssh-7.4p1-21.el7.x86_64 openssh-server-7.4p1-21.el7.x86_64 libssh2-1.8.0-4.el7.x86_64 [root@centos ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 [root@centos ~]# rpm -qa | grep openssh | xargs rpm -e --nodeps [root@centos ~]# rpm -qa | grep openssh [root@centos ~]#
3. Download the OpenSSH image package locally and upload it to the Linux system πΊ
(or take step 4, one of the two)
β Download link: Alicloud open source mirror resource directory (aliyun.com)
4. Use the wget command to download the OpenSSH installation package π
π₯ Copy link address. π₯
https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
Use the wget command to download. π
[root@centos ~]# wget https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz --2021-12-15 12:43:53-- https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 27.221.120.242, 61.162.46.209, 27.221.120.240, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|27.221.120.242|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1815060 (1.7M) [application/octet-stream] Saving to: 'openssh-8.8p1.tar.gz' 100%[==============================================================================>] 1,815,060 3.36MB/s in 0.5s 2021-12-15 12:43:54 (3.36 MB/s) - 'openssh-8.8p1.tar.gz' saved [1815060/1815060] [root@centos ~]#
5. Use the source code for installation π
#πππ View openssh installation package πππ
[root@centos ~]# ll
total 1780
-rw-------. 1 root root 1531 Nov 28 17:50 anaconda-ks.cfg
-rw-r--r-- 1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
[root@centos ~]#
[root@centos ~]# tar -zxvf openssh-8.8p1.tar.gz
[root@centos ~]# ll
total 1796
-rw-------. 1 root root 1531 Nov 28 17:50 anaconda-ks.cfg
drwxr-xr-x 7 1000 1000 12288 Sep 26 22:07 openssh-8.8p1
-rw-r--r-- 1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
#πππ Install dependent packages πππ
[root@centos ~]# cd openssh-8.8p1
[root@centos openssh-8.8p1]# ls
Β·Β·Β·Β·Β·Β·ellipsis
[root@centos openssh-8.8p1]# yum install -y lrzsz zlib-devel perl gcc pam-devel openssl-devel
Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·
The installation process is omitted
Β·Β·Β·Β·Β·Β·Β·Β·Β·Β·
Installed:
gcc.x86_64 0:4.8.5-44.el7 lrzsz.x86_64 0:0.12.20-36.el7 openssl-devel.x86_64 1:1.0.2k-22.el7_9
pam-devel.x86_64 0:1.1.8-23.el7 perl.x86_64 4:5.16.3-299.el7_9 zlib-devel.x86_64 0:1.2.7-19.el7_9
Dependency Installed:
keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-51.el7_9
libcom_err-devel.x86_64 0:1.42.9-19.el7 libkadm5.x86_64 0:1.15.1-51.el7_9
libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7
libverto-devel.x86_64 0:0.2.5-4.el7 pcre-devel.x86_64 0:8.32-17.el7
perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7
perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7
perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7
perl-PathTools.x86_64 0:3.40-5.el7 perl-Pod-Escapes.noarch 1:1.04-299.el7_9
perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7
perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
perl-Socket.x86_64 0:2.010-5.el7 perl-Storable.x86_64 0:2.45-3.el7
perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7
perl-libs.x86_64 4:5.16.3-299.el7_9 perl-macros.x86_64 4:5.16.3-299.el7_9
perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7
Dependency Updated:
krb5-libs.x86_64 0:1.15.1-51.el7_9 openssl.x86_64 1:1.0.2k-22.el7_9 openssl-libs.x86_64 1:1.0.2k-22.el7_9
Complete!
[root@centos openssh-8.8p1]#
# πππ Install OpenSSH πππ
[root@centos openssh-8.8p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam
OpenSSH has been configured with the following options:
User binaries: /usr/local/ssh/bin
System binaries: /usr/local/ssh/sbin
Configuration files: /etc/ssh
Askpass program: /usr/local/ssh/libexec/ssh-askpass
Manual pages: /usr/local/ssh/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: no
SELinux support: no
MD5 password support: no
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
PKCS#11 support: yes
U2F/FIDO support: yes
Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -g -O2 -pipe -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
Libraries: -lcrypto -ldl -lutil -lz -lcrypt -lresolv
+for sshd: -lpam
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
[root@centos openssh-8.8p1]#
# πππ Start compilation and installation πππ
[root@centos openssh-8.8p1]# make
Β·Β·Β·Β·Β·Β·
The compilation process is omitted
Β·Β·Β·Β·Β·Β·
[root@centos openssh-8.8p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/root/openssh-8.8p1/openbsd-compat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/openssh-8.8p1/openbsd-compat'
/usr/bin/mkdir -p /usr/local/ssh/bin
/usr/bin/mkdir -p /usr/local/ssh/sbin
/usr/bin/mkdir -p /usr/local/ssh/share/man/man1
/usr/bin/mkdir -p /usr/local/ssh/share/man/man5
/usr/bin/mkdir -p /usr/local/ssh/share/man/man8
/usr/bin/mkdir -p /usr/local/ssh/libexec
/usr/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/local/ssh/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/local/ssh/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/local/ssh/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/local/ssh/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/local/ssh/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/local/ssh/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/local/ssh/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/local/ssh/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/local/ssh/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/local/ssh/libexec/ssh-sk-helper
/usr/bin/install -c -m 0755 -s sftp /usr/local/ssh/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/local/ssh/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/local/ssh/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/local/ssh/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/local/ssh/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/local/ssh/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/local/ssh/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/local/ssh/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/local/ssh/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/local/ssh/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/local/ssh/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/local/ssh/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/local/ssh/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/local/ssh/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/ssh/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/ssh/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/ssh/share/man/man8/ssh-sk-helper.8
/usr/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: DSA
/usr/local/ssh/sbin/sshd -t -f /etc/ssh/sshd_config
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
[root@centos openssh-8.8p1]#Unzip openssh-8.8p1 tar. GZ compressed package, the result is shown in the figure below. π
Install lrzsz zlib devel Perl GCC PAM devel and other service components through the YUM Source command. The results are shown in the following figure. ππ
Run/ Configure -- prefix = / usr / local / SSH -- sysconfidir = / etc / SSH -- with PAM after this command, the results are shown in the following figure. πππ
After running the make command, the result is shown in the following figure. π¦π¦π¦
After running the make install command, the result is shown in the following figure. πππ
6. Modify relevant parameters π
[root@centos openssh-8.8p1]# cd /etc/init.d/ [root@centos init.d]# cp /root/openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd [root@centos init.d]# ll total 44 -rw-r--r--. 1 root root 18281 May 22 2020 functions -rwxr-xr-x. 1 root root 4569 May 22 2020 netconsole -rwxr-xr-x. 1 root root 7928 May 22 2020 network -rw-r--r--. 1 root root 1160 Oct 2 2020 README -rwxr-xr-x 1 root root 1721 Dec 15 13:20 sshd [root@centos init.d]# chmod u+x /etc/init.d/sshd [root@centos init.d]# chkconfig --add sshd [root@centos init.d]# cp /root/openssh-8.8p1/sshd_config /etc/ssh/ssh_config cp: overwrite '/etc/ssh/ssh_config'? y [root@centos init.d]# cp -r /usr/local/ssh/bin/* /usr/bin/ [root@centos init.d]# cp -r /usr/local/ssh/sbin/* /usr/sbin/ [root@centos init.d]# vi /etc/ssh/sshd_config Add the following #PasswordAuthentication yes PermitRootLogin yes [root@centos init.d]#chmod 600 /etc/ssh/*
7. Start and view SSH service π π§°
[root@centos ~]# systemctl start sshd
[root@centos ~]# systemctl restart sshd
[root@centos ~]# systemctl status sshd
β sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Wed 2021-12-15 13:24:56 CST; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 19403 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 19409 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 19417 (sshd)
CGroup: /system.slice/sshd.service
ββ19417 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Dec 15 13:24:56 centos systemd[1]: Stopped SYSV: OpenSSH server daemon.
Dec 15 13:24:56 centos systemd[1]: Starting SYSV: OpenSSH server daemon...
Dec 15 13:24:56 centos sshd[19409]: Starting sshd:[ OK ]
Dec 15 13:24:56 centos systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
Dec 15 13:24:56 centos sshd[19417]: Server listening on 0.0.0.0 port 22.
Dec 15 13:24:56 centos sshd[19417]: Server listening on :: port 22.
Dec 15 13:24:56 centos systemd[1]: Started SYSV: OpenSSH server daemon.8. View SSH service version information. πΆπ§
[root@centos ~]# ssh -V OpenSSH_8.8p1, OpenSSL 1.0.2k-fips 26 Jan 2017
ππππππππππππππππππππππππππππ
Original text [Alibaba cloud image] use Alibaba cloud openssh image to install and configure the blog of SSH service _xyb - CSDN blog