ssh7.5 升級ssh

1、準備：
安裝必須的包：yum install zlib zlib-devel openssl-devel pam-devel pam-krb5 krb5-devel krb5-libs pam-devel
下載：wget https://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz

2、安裝：
tar zxf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so（防止出現Unsupported option GSSAPIAuthentication 和 Unsupported option GSSAPICleanupCredentials）

會出現以下提示：

PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail.Example PAM control files can be found in the contrib/ subdirectory

cp /etc/init.d/sshd /etc/init.d/sshd_old
cp /etc/pam.d/sshd /etc/pam.d/sshd_old
cd openssh-7.5p1/contrib/redhat

cp sshd.init /etc/init.d/sshd
cp sshd.pam /etc/pam.d/sshd
修改/etc/ssh/sshd_config中 UsePAM yes

make && make install
3、重啟sshd服務

service sshd restart
ssh -V

4、註：ssh升級後，默認關閉root遠程登錄，如果需要，請打開

5、如果無法登錄，請修改/etc/pam.d/sshd
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

本文出自 “sky” 博客，轉載請與作者聯系！

centos 6.5 升級安裝openssh7.5