升級openssh

1、安裝依賴包

apt  install   libzip-dev  libssl-dev autoconf  gcc  libxml2   make

2、下載原始碼檔案包

cd /usr/local/src
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz --no-check-certificate
wget http://www.zlib.net/zlib-1.2.11.tar.gz
tar -zxvf openssh-7.9p1.tar.gz
tar -zxvf openssl-1.1.1.tar.gz
tar -zxvf zlib-1.2.11.tar.gz

3、編譯安裝zlib

上傳zlib原始碼到伺服器的任意目錄，並解壓
tar xf zlib-1.2.11.tar.gz
./configure    --prefix=/usr/local/zlib
make && make  install

更新動態連結資料庫
echo "/usr/local/zlib/lib" >> /etc/ld.so.conf
ldconfig -v

4、編譯安裝openssl

apt purge openssl
cd ../openssl-1.1.1
./config shared --prefix=/usr/local/ssl
make test
make install
ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
 

echo"/usr/local/ssl/lib">/etc/ld.so.conf.d/openssl.conf
ldconfig -v
ln -s /usr/local/ssl/bin/openssl /usr/bin/

查詢openssl版本號
openssl version -a

5、編譯安裝openssh

service sshd stop
apt purge ssh
cd ../openssh-7.9p1
./configure --prefix=/usr/local/sshd --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl
make 
make install

執行ssh -V驗證是否升級成功
 
ssh -V

6、設定相關配置檔案

mv /usr/bin/scp /tmp/;mv /usr/bin/ssh* /tmp/
ln -s /usr/local/bin/ssh /usr/bin/ssh
ln -s /usr/local/bin/scp /usr/bin/scp
ln -s /usr/local/bin/ssh-add /usr/bin/ssh-add
ln -s /usr/local/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/bin/ssh-keygen  /usr/bin/ssh-keygen
ln -s /usr/local/bin/ssh-keyscan /usr/bin/ssh-keyscan
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/sbin/sshd /usr/bin/sshd

7、重啟ssh服務

service sshd  restart

8、檢視當前版本

ssh  -V
sshd -V
openssl version -a