Article Title: OpenSSH source code compilation and upgrade on Linux servers. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
I. AS4 upgrade steps
1. We recommend that you use the source code Installation Method to download the installation package.
Cd/root
Wget-c "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz"
Tar zxvf openssh-5.0p1.tar.gz
Cd openssh-5.0p1
2. Confirm the Zlib and OpenSSL versions for the upgrade:
Openssh-5.0p1 requires Zlib version above 1.2.1.2 and OpenSSL version above 0.9.6. The official addresses of Zlib and OpenSSL are as follows:
Http://www.gzip.org/zlib/
Http://www.openssl.org/
Note: OpenSSL 0.9.5a is an acceptable version, but some encryption functions may be faulty when using SSH protocol 1 (for security reasons, we recommend using SSH protocol 2 ). For details, see the INSTALL document.
3. compile common parameters -- prefix = and -- sysconfdir =. If the preceding parameters are omitted, the default ssh will be installed under/usr/local/bin, and sshd will be installed in/usr/local/sbin, sftp-server is installed in/usr/local/libexec/sftp-server, and the configuration file is in/usr/locale/etc.
. /Configure -- sysconfdir =/etc/ssh
Make
Make install
4. Compare and install the default and current configuration files. Make sure to modify some important parameters.
Diff sshd_config/etc/ssh. bak/sshd_config
5. Recommended Configuration File Settings
Check whether the/usr/local/libexec/sftp-server path is correct.
6. Check the correctness of the configuration file
Grep-v ^ #/etc/ssh/sshd_config | awk '{print $1}' | sort | uniq-d
Duplicate rows?
/Usr/local/sbin/sshd-t
The parameter is correct
7. Add the/etc/init. d script and service
Back up the original script cp/etc/init. d/sshd/etc/init. d/sshd. bak
Modify the ssh-keygen and sshd paths. The PID file is also modified to avoid conflicts with the previous sshd, so that the new sshd service can be configured without affecting the original sshd. Modify the following three items:
Originally:
KEYGEN =/usr/bin/ssh-keygen
SSHD =/usr/sbin/sshd
PID_FILE =/var/run/sshd. pid
Changed:
KEYGEN =/usr/local/bin/ssh-keygen
SSHD =/usr/local/sbin/sshd
PID_FILE =/var/run/sshd2.pid
Add service:
/Sbin/chkconfig -- add sshd
8. Restart the sshd service
Note: Before starting the new sshd service, temporarily modify the port in sshd_config to avoid conflict with the original ssh port.
/Sbin/service sshd start
>/Root/. ssh/known_hosts
Use ssh to log on to the test. If you can log on normally, you can switch back to the ssh port used by the Administrator (you must replace the port occupied by the old version of ssh before switching ).
Note: any major changes made to ssh remotely must be ensured that you can log on to the server in another way.
After completing all the work, close the original sshd service.
/Etc/init. d/sshd. bak stop
The ssh upgrade is complete. The new version/usr/local/sbin/sshd will replace the old version/usr/sbin/sshd.
If you cannot log on, check.
[1] [2] Next page