Openssh upgrade (from openssh_7.4p1 to openssh_8.4p1)
##--Status before upgrade
[[email protected]cs-e1d6-0001 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
##--Start upgrade
wget -c https://ftp.openssl.org/source/openssl-1.1.1h.tar.gz
wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
tar xfz openssl-1.1.1h.tar.gz
cd openssl-1.1.1h
./config shared
make -j4
make install
ln -s /usr/local/include/openssl /usr/include/openssl
ln -s /usr/local/bin/openssl /usr/bin/openssl
ll /usr/include/openssl -ld
echo "/usr/local/lib">>/etc/ld.so.conf
/sbin/ldconfig
cd ..
tar xf openssh-8.4p1.tar.gz
cd openssh-8.4p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/ --with-zlib --with-md5-passwords --with-pam
make -j4
make install
#--
grep -E "^PermitRootLogin|^UseDNS" /etc/ssh/sshd_config
#cho "PermitRootLogin yes" >> /etc/ssh/sshd_config
#ed -i 's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
echo -e "\nKexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /app/sshd.service
chkconfig sshd on
/etc/init.d/sshd restart
##Verification after upgrade
[[email protected] ~]# ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020This work adoptsCC agreement, reprint must indicate the author and the link to this article