centos7 rpm 包升级openssh至10.0版本

systemctl stop firewalld
setenforce 0
#上传安装包
cd /opt
mkdir openssh
unzip -o  openssh-10.0p2.el7.zip
#安装启动telnet(没网络的话采用无网络安装方式)
yum install xinetd telnet-server -y
systemctl start xinetd
systemctl status xinetd
systemctl start telnet.socket
systemctl status telnet.socket
#从另一台服务器尝试使用root或者其它普通用户（提前创建）连接升级服务器，确认可以正常连接再进行后续操作

#备份配置文件
mkdir -p /opt/deploy /root/ssh_bak
cp -rf /etc/security/ /root/ssh_bak/security.bak0313

cp -r /etc/ssh /root/ssh_bak/etc_ssh.bak0313
cp -a /usr/sbin/sshd /root/ssh_bak/sbin_sshd.bak0313
cp -a /usr/bin/ssh /root/ssh_bak/bin_ssh.bak0313
cp -r /etc/pam.d/sshd  /root/ssh_bak/pam.d_sshd.bak0313

cd /etc/ssh/
cp sshd_config sshd_config_bak2024312

#rpm升级openssh
cd /opt/openssh
rpm -Uvh --nodeps openssh-10.0p2-1.el7.x86_64.rpm openssh-clients-10.0p2-1.el7.x86_64.rpm openssh-server-10.0p2-1.el7.x86_64.rpm

#查看升级后的版本信息
ssh -V

#恢复配置文件
cd /etc/ssh
mv sshd_config sshd_config_new_20243121
cp sshd_config_bak2024312 sshd_config
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
 

#编辑配置文件
vim /etc/ssh/sshd_config
################################
PermitRootLogin yes

PasswordAuthentication yes

ChallengeResponseAuthentication no

UsePAM yes         # 配置为 yes

X11Forwarding yes

UseDNS no

GSSAPIAuthentication no
###############################
#测试ssh配置是否正确
sshd -t

#注释不支持配置
vim /etc/ssh/sshd_config
注释不支持配置
#测试ssh配置是否正确
sshd -t
#再次关闭selinux
setenforce 0
#重启ssh
systemctl restart sshd
systemctl status sshd
#设置开机自启ssh
systemctl enable sshd

#通过ssh连接服务器测试是否正常，成功后关闭telnet

systemctl stop xinetd
systemctl status xinetd

systemctl stop telnet.socket
systemctl status telnet.socket