centos远程升级sshd到5.9p1并删除老版本ssh

 升级sshd可以增加安全性,当然要做到绝对安全是不可能的.下文只是简单的升级了下sshd.
1.升级sshd前准备



yum -y install gcc* make openssl openssl-devel perl pam pam-devel
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz 备份ssh
mv /etc/ssh/ /etc/ssh.bak
当然最好再装个dropbear,大家可以去看我这篇文章centos安装dropbear代替openssh,避免升级失败,连不上服务器就杯具了.

2.安装sshd
openssl version -a
tar zxf openssh-5.9p1.tar.gz && cd openssh-5.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-zlib --with-md5-passwords
make
rpm -e --nodeps openssh-server-4.3p2-41.el5
rpm -e --nodeps openssh-4.3p2-41.el5



make install
service sshd restart
这时候不要先忙断开ssh连接,重新开个ssh来试试可否连接,如果可以,这时候会出现证书错误,这是很正常.



重启sshd后会出现ssh-keygen: generating new host keys: ECDSA unknown key type错误提示.
touch /etc/ssh/ssh_host_ecdsa_key
touch /etc/ssh/ssh_host_ecdsa_key.pub



然后再重启sshd.
service sshd restart



好了,远程升级成功.