Upgrade opsenssh to 8.8p1

One 、 Before downloading

1、 Check the specific version

https://www.openssh.com/openbsd.html
https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

2、 Download the latest version

[[email protected] ~]# wget --no-check-certificate https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
wget https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz  # This is not loaded 

3、 install telnet spare （ Optional ）

Install the new ssh after , As long as the configuration is ready to start , You can switch seamlessly , But you can't connect if you disconnect , To prevent this , We can install telnet As a backup , If you can make sure you don't disconnect in the middle , This step can be ignored

1. install

[[email protected] ~]# yum install telnet telnet-server -y

2. start-up

[[email protected] ~]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
[[email protected] ~]# systemctl start telnet.socket

3. Connect

# telnet  It's forbidden by default root User connection , Our husband became an ordinary user  
[[email protected] ~]# useradd testuser
[[email protected] ~]# passwd testuser
 Change user  testuser  Password  .
 new   password ：
 Reenter the new   password ：
passwd： All authentication tokens have been successfully updated .

#  Find another machine to connect and test 
[[email protected] ~]# telnet 192.168.180.47
Trying 192.168.180.47...
Connected to 192.168.180.47.
Escape character is '^]'.

Kernel 5.4.6-1.el7.elrepo.x86_64 on an x86_64
test2 login: testuser
Password:
[[email protected] ~]$ su - root

Two 、 upgrade openssh

1、 Dependencies required for installation

[[email protected] ~]# yum install zlib-devel openssl-devel pam-devel -y

2、 Backup

[[email protected] ~]# mkdir /etc/ssh_old
[[email protected] ~]# mv /etc/ssh/* /etc/ssh_old/

3、 decompression 、 Compilation and installation

[[email protected] ~]# tar xzvf openssh-8.8p1.tar.gz
[[email protected] ~]# cd openssh-8.8p1/
[[email protected] openssh-8.8p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-pam --with-md5-password --with-ssl-engine --with-selinux

4、 install

[[email protected] openssh-8.8p1]# make && make install

5、 verification

[[email protected] openssh-8.8p1]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[[email protected] openssh-8.8p1]# ls /etc/ssh
moduli      sshd_config       ssh_host_dsa_key.pub  ssh_host_ecdsa_key.pub  ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub
ssh_config  ssh_host_dsa_key  ssh_host_ecdsa_key    ssh_host_ed25519_key    ssh_host_rsa_key

6、 To configure

1、 modify sshd_config

[[email protected] openssh-8.8p1]# vim /etc/ssh/sshd_config
#  Example ： To configure root Sign in ,  According to your previous configuration 
PermitRootLogin yes

2. start-up

#  Remove the old ssh service ,  Prevent new conflicts 
[[email protected] openssh-8.8p1]# mv /usr/lib/systemd/system/sshd.service /etc/ssh_old/sshd.service
[[email protected] openssh-8.8p1]# mv /usr/lib/systemd/system/sshd.socket /etc/ssh_old/sshd.socket
#  Copy some files in the unzip package 
[[email protected] openssh-8.8p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd

#  Restart 
[[email protected] openssh-8.8p1]# systemctl daemon-reload
[[email protected] openssh-8.8p1]# systemctl restart sshd
#  Add self start 
[[email protected] openssh-8.8p1]# chkconfig --add sshd
[[email protected] openssh-8.8p1]# chkconfig sshd on

3、 ... and 、 Possible problems ：

We are using Putty The following error messages will appear when connecting to the server ：

Putty Fatal Error: Can’t agree a key change algorithm (available: xxx……

So let's take this picture ：

Literally , The error message is Putty Unable to interact with the server for key algorithm .
actually , With Linux Version update , The encryption algorithms supported by the server are also constantly updated , The old version Putty I won't support it SSH The new encryption algorithm of the server , There will be such problems .
therefore , We just need to update the Putty Program , You can solve this problem ！ You can download the latest version here Putty Program ：https://www.putty.org/

Four 、 upgrade openssl（ I didn't upgrade ）

1、 Backup

$ mv /usr/bin/openssl /usr/bin/openssl_old

2、 install

$ tar xzvf openssl-1.1.1g.tar.gz
$ cd openssl-1.1.1g/
$ ./config shared && make && make install

3、 Configure soft connection

$ ln -s /usr/local/bin/openssl /usr/bin/openssl
 If you execute openssl version Report the following mistakes 
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
 Then execute the following command to solve ：
$ ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
$ ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

 The old version :
$ openssl_old version
OpenSSL 1.0.2k-fips  26 Jan 2017