Centos7升级openssl到1.1.1版本和openssh到8.3版本

一、升级openssl操作方法
1.1安装telnet服务，避免升级openssl和openssh导致主机不能远程
1.2准备环境
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel pam* zlib*
1.3下载openssl源码包，我这里下载的版本是openssl-1.1.1g
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
1.4操作升级openssl
解压：tar xf openssl-1.1.1g.tar.gz
进入openssl目录：cd openssl-1.1.1g
编译安装：./config --prefix=/usr/local/openssl --openssldir=/etc/ssl --shared zlib
make -j4
make install
1.5备份当前的openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
1.6配置使用新版本
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
查看是否创建成功：ll /usr/bin/openssl;ll /usr/include/openssl
1.7更新动态链接库数据
echo “/usr/local/openssl/lib” >> /etc/ld.so.conf
1.8重新加载动态链接库
/sbin/ldconfig
1.9验证openssl版本
openssl version

二、升级openssh操作方法
2.1 备份当前的openssh
cp -R /etc/ssh /etc/ssh_bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak 备份启动脚本
2.2 下载最新版的源码openssh
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
2.3 编译安装
2.3.1 cd openssh-8.3p1
2.3.2 ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam
2.3.3 make -j4
2.3.4 make install
可能存在报错：
1、/etc/ssh/sshd_config line 79: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 80: Unsupported option GSSAPICleanupCredentials
解决办法：注释掉文件/etc/ssh/sshd_config的79行和80行
2、Permissions 0640 for ‘/etc/ssh/ssh_host_rsa_key’ are too open
Permissions 0640 for ‘/etc/ssh/ssh_host_ecdsa_key’ are too open
Permissions 0640 for ‘/etc/ssh/ssh_host_ed25519_key’ are too open
解决办法：chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
2.4 重新加载sshd服务
systemctl reload sshd
systemctl status sshd
2.5 验证ssh版本
telnet 127.0.0.1 22
2.6 关闭telnet服务