Openss*較低版本；隨時會帶來安全隱患；及時更新做好安全防護。

1. 下載Openssl軟體包

# wget https://ftp.openssl.org/source/openssl-1.1.1m.tar.gz

2. 提前安裝所需要的依賴包

# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel pam* zlib*

# mv /usr/bin/openssl /usr/bin/openssl.bak

# tar xf openssl-1.1.1m.tar.gz

# cd ./openssl-1.1.1m

# ./config --prefix=/usr/local/openssl && make && make install

# ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl

# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf

# ldconfig -v ##設定生效

# openssl version ##檢視版本是否生效 OpenSSL 1.1.1m 14 Dec 2021
 

# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz

# mv /etc/ssh /etc/ssh.20220308bak

3. 解壓、編譯、配置。

# tar xf openssh-8.6p1.tar.gz

# chown -R root.root openssh-8.6p1

# cd ./openssh-8.6p1

# vim version.h               ##可以隱藏Openssh版本號
/* $OpenBSD: version.h,v 1.90 2021/04/16 03:42:00 djm Exp $ */

#define SSH_VERSION     "Leave now"                         ##自定義

#define SSH_PORTABLE    "! ! !"                                  ##自定義
#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE 
 

# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh/ -with-openssl-includes=/usr/include/openssl --with-ssl-dir=/usr/local/openssl/ --with-zlib --with-md5-passwords --with-pam
# make && make install
# cp -a contrib/redhat/sshd.init  /etc/init.d/sshd

# vim /etc/ssh/sshd_config
PermitRootLogin yes ##使能root遠端登入
PasswordAuthentication yes ##使能密碼驗證

# cp -a contrib/redhat/sshd.pam   /etc/pam.d/sshd
# vim /etc/pam.d/sshd 

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

# chmod +x /etc/init.d/sshd
# chkconfig --add sshd
# chkconfig sshd   on
# systemctl enable sshd
# systemctl restart sshd

# ssh -V                                               ##檢視版本
Leave now! ! !, OpenSSL 1.1.1m  14 Dec 2021