開發的系統準備上線，甲方對歐拉服務器進行了掃描，發現openssh版本為8.2p1，存在漏洞，因此需要升級openssh至9.7p1。歐拉系統版本為20.03 SP3。

1、下載openssh 9.7p1

https://www.openssh.com/releasenotes.html，
將下載的包放在/opt目錄下

2、安裝telnet

yum -y install telnet
yum -y install telnet-server
systemctl enable telnet.socket
systemctl start telnet.socket
mv /etc/security /etc/security.bak

3、安裝依賴

yum -y install gcc keyutils-libs rpm-build krb5-devel libcom_err-devel libselinux-devel pam-* openssl-devel pkgconfig vsftpd zlib*

4、備份文件

mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak

5、清除openssh rpm包

rpm -e rpm -qa | grep openssh --nodeps

6、編譯安裝openssh

cd /opt
tar zxvf openssh-9.7p1.tar.gz
cd /opt/openssh-9.7p1/
./configure --sysconfdir=/etc/ssh
make
make install

7、查看sshd

which sshd

8、修改文件

cp /opt/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
sed -i ‘25cSSHD=/usr/local/sbin/sshd’ /etc/init.d/sshd
sed -i ‘41c/usr/local/bin/ssh-keygen -A’ /etc/init.d/sshd
下面這個是一行
sed -i “/#PermitRootLogin prohibit-password/c\PermitRootLogin yes” /etc/ssh/sshd_config
cp /opt/openssh-9.7p1/contrib/ssh-copy-id /usr/local/bin/
chmod +x /opt/openssh-9.7p1/contrib/ssh-copy-id

9、驗證

systemctl daemon-reload
service sshd start
/usr/local/bin/ssh -V

10、開啟安全文件

mv /etc/security.bak /etc/security