首先是openssl,所有涉及到的文件修改请先备份!!!
安装telnet以防止sshd升级失败而无法连接到服务器
yum install -y telnet-server* telnetxinetdsystemctlenablexinetd.servicesystemctlenabletelnet.socketsystemctlstarttelnet.socketsystemctlstlstartxinetd.setd securetty echo ' pts/1 '/etc/securetty echo ' pts/2 '/etc/securetty echo ' pts/3 '/etc/securettysysystemctl
yum install-ygccgcc-cglibcmakeautoconfopensslopenssl-devel pcre-devel PAM-develyuminstall-ypam * zlib *是自己的软件文件夹
dsoft/wget https://www.OpenSSL.org/source/OpenSSL-1.1.1 l.tar.gz-- no-check-certificate mv/usr/sx ddw/OpenSSL.old tar-zxvf OpenSSL-1.1.1 l.tar.gzcd OpenSSL-1.1 l/./config-prefix local/OpenSSL/sx ddw/opensw
安装openssh之前(环境、证书登录、openssh7.4 ) )。
修改/etc/ssh/ssh_config
host * forward X11 trustedyessendenvlanglc _ ctype LC _ numeric LC _ timelc _ collate LC _ monetary LC _ messagessendenvlc _ menvlc
port 32222 host key/etc/ssh/ssh _ host _ RSA _ key host key/etc/ssh _ hosh _ host _ ECD sa _ key host key/etc/ssh/ssh sh _ host _ ed 25519 _ keystrictmodesnopubkeyauthenticationyesauthorizedkeysfile.ssh/athorized _ keyschallengeresponseauthenticationnousepamyesx 11 forwardingyesclientaliveinterval 600 clientalivecountmax2acceptent c _ monetary LC _ messagesacceptenvlc _ paper LC _ namelc _ address LC _ telephone LC _ measuremonelc ageacceptenvxmodifiersier 用于sftp-serverusednsnoaddressfamilyinetpermitrootloginyessyslogfacilityauthprivpasswordauthenticationno # 7.4的注# rsaaauthethend 失落的openssh8.2后, ssh-rsapubkeyacceptedalgorithmsssh-rsapubkeyacceptedkeytypesssh-rsahostkeyalgorithmsssh-rsakexalgorithmsdish-rsahoshahoshahosttthesalgesalgesatttthesathorsheshesheshesa diffie-hellman-group14-sha1、diffie-hellman-group-exchange-sha1、diffie-hellman-group-exchange-sha 2555 curve 25519-sha 256 @ lib ssh.org/root/. ssh/config文件(gonfig
host code.a liyun.comhostnamecode.a liyun.comhostkeyalgorithmsssh-rsapubkeyacceptedalgorithmsssh-RSA chmod 600/etc/通报open BSD/OpenSSH/portable/OpenSSH-8.8p1. tar.gz-- no-check-certificate tar configure---prefix=/usr ssh---- with-MD5-passwords---with-PAM-- with-TCP-wrappers local/lib 64---without-hardeningmakemal sshdchmodx/etc/etc shd chkconfig---- addsshdsystemctlenablesshdchkconfigsshdonmv/usr/lib/systemd/system/sshd