openssh源码包安装

1、下载源码包

1
2
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz?spm=a2c6h.25603864.0.0.686840ad2Awo5a
mv openssh-9.0p1.tar.gz\?spm\=a2c6h.25603864.0.0.686840ad2Awo5a openssh-9.0p1.tar.gz

2、源码包安装

1、安装编译源码所需要的软件(编译软件)

1
yum group install "Development Tools" -y

2、解压源码tar包

1
2
tar -xf  openssh-9.0p1.tar.gz
cd openssh-9.0p1/

3、阅读INSTALL文档

1
cat INSTALL

4、安装依赖包

1
yum install openssl-devel -y

5、尝试编译安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
make
make install


/usr/bin/mkdir -p /usr/local/bin
/usr/bin/mkdir -p /usr/local/sbin
/usr/bin/mkdir -p /usr/local/share/man/man1
/usr/bin/mkdir -p /usr/local/share/man/man5
/usr/bin/mkdir -p /usr/local/share/man/man8
/usr/bin/mkdir -p /usr/local/libexec
/usr/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/local/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/local/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/local/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/local/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/local/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/local/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/local/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/local/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/local/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/local/libexec/ssh-sk-helper
/usr/bin/install -c -m 0755 -s sftp /usr/local/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/local/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/local/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/local/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/local/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/local/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/local/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/local/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/local/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/local/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/local/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/local/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/local/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/local/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/share/man/man8/ssh-sk-helper.8

6、Systemd unit文件写法

1、Unit部分

1
2
3
4
5
6
7
8
9
10
11
[Unit]通常是配置文件的第一个section,用来定义Unit的元数据,以及配置与其他Unit的关系
Description:简短描述
Documentation:文档地址
Requires:当前 Unit 依赖的其他 Unit,如果它们没有运行,当前 Unit 会启动失败
Wants:与当前 Unit 配合的其他 Unit,如果它们没有运行,当前 Unit 不会启动失败
BindsTo:与Requires类似,它指定的 Unit 如果退出,会导致当前 Unit 停止运行
Before:如果该字段指定的 Unit 也要启动,那么必须在当前 Unit 之后启动
After:如果该字段指定的 Unit 也要启动,那么必须在当前 Unit 之前启动
Conflicts:这里指定的 Unit 不能与当前 Unit 同时运行
Condition...:当前 Unit 运行必须满足的条件,否则不会运行
Assert...:当前 Unit 运行必须满足的条件,否则会报启动失败

2、Install部分

1
2
3
4
5
6
7
[Install]通常是配置文件的最后一个区块,用来定义如何启动,以及是否开机启动。
WantedBy:它的值是一个或多个 Target,当前 Unit 激活时(enable)符号链接会放
入/etc/systemd/system目录下面以 Target 名 + .wants后缀构成的子目录中
RequiredBy:它的值是一个或多个 Target,当前 Unit 激活时,符号链接会放入/etc/systemd/system目录下
面以 Target 名 + .required后缀构成的子目录中
Alias:当前 Unit 可用于启动的别名
Also:当前 Unit 激活(enable)时,会被同时激活的其他 Unit

3、Service部分

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[Service]区块用来Service的配置,只有Service类型的Unit才有这个区块
Type:定义启动时的进程行为。它有以下几种值。
Type=simple:默认值,执行ExecStart指定的命令,启动主进程
Type=forking:以 fork 方式从父进程创建子进程,创建后父进程会立即退出
Type=oneshot:一次性进程,Systemd 会等当前服务退出,再继续往下执行
Type=dbus:当前服务通过D-Bus启动
Type=notify:当前服务启动完毕,会通知Systemd,再继续往下执行
Type=idle:若有其他任务执行完毕,当前服务才会运行
ExecStart:启动当前服务的命令
ExecStartPre:启动当前服务之前执行的命令
ExecStartPost:启动当前服务之后执行的命令
ExecReload:重启当前服务时执行的命令
ExecStop:停止当前服务时执行的命令
ExecStopPost:停止当其服务之后执行的命令
RestartSec:自动重启当前服务间隔的秒数
Restart:定义何种情况 Systemd 会自动重启当前服务,可能的值包括always(总是重启)、on-success、on-failure、on-abnormal、on-abort、on-watchdog
TimeoutSec:定义 Systemd 停止当前服务之前等待的秒数
Environment:指定环境变量

7、编写sshd的service文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
systemctl disable sshd --now
sed -i "s/^#PermitRoot.*/PermitRootLogin yes/" /usr/local/etc/sshd_config 

cat > /usr/lib/systemd/system/sshd90.service<<END
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target
Wants=sshd-keygen.target

[Service]
Type=simple
ExecStart=/usr/local/sbin/sshd 
#ExecReload=/bin/kill 
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
END

systemctl enable sshd90 --now

8、编写自动升级openssh脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
[root@control ~]# cat openssh9_0.sh 
#!/bin/bash
echo -e "\x1b[32;1m######## openssh update to openssh9.0 #######\x1b[0m"

function check () 
{
  if [ $? == 0 ]
    then 
      echo -e "\x1b[32;1m $1====> SUCCESS \x1b[0m"
    else
      echo -e "\x1b[31;1m $1====> FAILE \x1b[0m"
      exit 1
  fi
}

wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz?spm=a2c6h.25603864.0.0.686840ad2Awo5a &>>/dev/null
check "Download openssh9.0"

mv openssh-9.0p1.tar.gz\?spm\=a2c6h.25603864.0.0.686840ad2Awo5a openssh-9.0p1.tar.gz
check "rename openssh file"

yum group install "Development Tools" -y &>>/dev/null
check "install Development Tools"

yum install openssl-devel -y &>>/dev/null
check "install openssl-devel"

tar -xf  openssh-9.0p1.tar.gz
check "tar file"

cd openssh-9.0p1/
check "cd openssh file"

./configure &>>/dev/null
check "check install"

make  &>>/dev/null
check "make"

make install &>>/dev/null
check "make install"

systemctl disable sshd --now &>>/dev/null
check "stop sshd"

sed -i "s/^#PermitRoot.*/PermitRootLogin yes/" /usr/local/etc/sshd_config &>>/dev/null
check "modify sshd config file"

cat > /usr/lib/systemd/system/sshd90.service<<END
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target
Wants=sshd-keygen.target

[Service]
Type=simple
ExecStart=/usr/local/sbin/sshd 
#ExecReload=/bin/kill 
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
END
check "touch sshd90.service"

systemctl enable sshd90 --now &>>/dev/null
check "start sshd90"

9、批量安装脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
root@eve-ng:~/script/openssh-update# cat batch_openssh9_0_update.sh 
#!/bin/bash
echo -e "\x1b[32;1m######## openssh update to openssh9.0 #######\x1b[0m"

function check () 
{
  if [ $? == 0 ]
    then 
      echo -e "\x1b[32;1m $1====> SUCCESS \x1b[0m"
    else
      echo -e "\x1b[31;1m $1====> FAILE \x1b[0m"
      exit 1
  fi
}

for i in 14 15 
do 
sshpass -p1 ssh-copy-id [email protected].$i &>>/dev/null
check "check no pass login"

scp openssh9_0.sh [email protected].$i:~
check "check file is true"
done

for i in 14 15 
do 
ssh [email protected].$i "bash /root/openssh9_0.sh" &
done
wait
troubleshooting
云计算 openssh升级

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!