OpenSSH source code compilation and upgrade on Linux Server

I. Steps for upgrading AS4

1. We recommend that you use the source code Installation Method to download the installation package.

Cd/root

Wget-c "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz"

Tar zxvf openssh-5.0p1.tar.gz

Cd openssh-5.0p1

2. Confirm the Zlib and OpenSSL versions for the upgrade:

Openssh-5.0p1 requires Zlib version above 1.2.1.2, OpenSSL version above 0.9.6. below is the official address of Zlib and OpenSSL:

Http://www.gzip.org/zlib/

Http://www.openssl.org/

Note: OpenSSL 0.9.5a is an acceptable version, but some encryption functions may be faulty when using SSH protocol 1 (for security reasons, we recommend using SSH protocol 2 ). For details, see the INSTALL document.

3. compile common parameters -- prefix = and -- sysconfdir =. If the preceding parameters are omitted, the default ssh will be installed under/usr/local/bin, and sshd will be installed in/usr/local/sbin, sftp-server is installed in/usr/local/libexec/sftp-server, and the configuration file is in/usr/locale/etc.

./Configure -- sysconfdir =/etc/ssh

Make

Make install

4. Compare and install the default and current configuration files. Make sure to modify some important parameters.

Diff sshd_config/etc/ssh. bak/sshd_config

5. Recommended Configuration File Settings

Check whether the/usr/local/libexec/sftp-server path is correct.

6. Check the correctness of the configuration file

Grep-v ^ #/etc/ssh/sshd_config | awk {print $1} | sort | uniq-d

Duplicate rows?

/Usr/local/sbin/sshd-t

The parameter is correct

7. Add the/etc/init. d script and service

Back up the original script cp/etc/init. d/sshd/etc/init. d/sshd. bak

Modify the ssh-keygen and sshd paths. The PID file is also modified to avoid conflicts with the previous sshd, so that the new sshd service can be configured without affecting the original sshd. Modify the following three items:

Originally:

KEYGEN =/usr/bin/ssh-keygen

SSHD =/usr/sbin/sshd

PID_FILE =/var/run/sshd. pid

Changed:

KEYGEN =/usr/local/bin/ssh-keygen

SSHD =/usr/local/sbin/sshd

PID_FILE =/var/run/sshd2.pid

Add service:

/Sbin/chkconfig -- add sshd

8. Restart the sshd service

Note: Before starting the new sshd service, temporarily modify the port in sshd_config to avoid conflict with the original ssh port.

/Sbin/service sshd start

>/Root/. ssh/known_hosts

Use ssh to log on to the test. If you can log on normally, you can switch back to the ssh port used by the Administrator (you must replace the port occupied by the old version of ssh before switching ).

Note: any major changes made to ssh remotely must be ensured that you can log on to the server in another way.

After completing all the work, close the original sshd service.

/Etc/init. d/sshd. bak stop

The ssh upgrade is complete. The new version/usr/local/sbin/sshd will replace the old version/usr/sbin/sshd.

If you cannot log on, check.

Ii. openSSH upgrade steps:

1. Start the telnet Service

Vi/etc/inetd. conf

Telnet stream tcp nowait root/usr/libexec/telnetd

Check whether inetd_enable = "YES,/etc/rc. d/inetd restart in/etc/rc. conf and start inetd.

Use telnet to log on to the server and perform the following operations:

2. Upgrade openssh

Cd/root/

Wget-c ftp://ftp.openbsd.org/pub/OpenBS... penssh-5.0p1.tar.gz

Tar zxvf openssh-5.0p1.tar.gz

Cd openssh-5.0p1

./Configure -- prefix =/usr -- sysconfdir =/etc/ssh -- libexecdir =/usr/libexec/openssh -- without-zlib-version-check

Make

Make install

Compare and install the default and current configuration files. Make sure to modify some important parameters.

Diff sshd_config/etc/ssh/sshd_config

Check Configuration File correctness

Grep-v ^ #/etc/ssh/sshd_config | awk {print $1} | sort | uniq-d

Duplicate rows?

/Usr/sbin/sshd-t

The parameter is correct

Restart sshd

Kill-HUP 'cat/var/run/sshd. Pi'

Use ssh to log in and check whether the openssh service is installed.

Disable the telnet service and exit telnet.

Killall inetd

Confirm that the telnet Service is Disabled

3. Upgrade openssl:

Latest openssl package, http://www.openssl.org/source/openssl-0.9.8g.tar.gz

The source code can be used for installation,

./Config -- prefix =/usr/local/openssl-0.9.8

Make

Make install

Then, Upgrade SSH and direct -- with-ssl-dir to the openssl installation directory.

Iii. FAQs

The error "Unsupported option UsePAM" is displayed when the sshd service is started?

A: The -- with-pam option is not enabled for the default configure. If the -- with-pam option is added to the sshd_config configuration file

UsePAM no will cause the above error prompt. UsePAM is related to ssh password authentication, but the company server prohibits password authentication. Therefore, the -- with-pam option is not recommended during compilation. UsePAM no is not used in the configuration file.

PasswordAuthentication no ChallengeResponseAuthentication no.