ASCII码 ASCII码

【阿里云镜像】使用阿里云openssh镜像安装配置SSH服务

发布于:2021-12-19 10:05:48  栏目:技术文档

一、参考链接??

OpenSSH

阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区 (aliyun.com)

openssh镜像-openssh下载地址-openssh安装教程-阿里巴巴开源镜像站 (aliyun.com)

OpenSSH8.6安装教程_wqww_1的博客-CSDN博客_openssh8.6安装包

二、OpenSSH简介?

OpenSSH(OpenBSD Secure Shell)是使用SSH透过计算机网络加密通信的实现。它是取代由SSH Communications Security所提供的商用版本的开放源代码方案。目前OpenSSH是OpenBSD的子项目。

OpenSSH常常被误认以为与OpenSSL有关系,但实际上这两个项目有不同的目的,不同的发展团队,名称相近只是因为两者有同样的软件发展目标──提供开放源代码的加密通信软件。

来源:维基百科

三、OpenSSH安装操作?

1、清除缓存并更新YUM源?

  1. [root@centos ~]# yum clean all
  2. Loaded plugins: fastestmirror
  3. Cleaning repos: base extras updates
  4. Cleaning up list of fastest mirrors
  6. [root@centos ~]# yum repolist
  7. Loaded plugins: fastestmirror
  8. Loading mirror speeds from cached hostfile
  9.  * base: mirrors.aliyun.com
  10.  * extras: mirrors.aliyun.com
  11.  * updates: mirrors.aliyun.com
  12. repo id                                      repo name                                                            status
  13. base/7/x86_64                                CentOS-7 - Base - mirrors.aliyun.com                                 10,072
  14. extras/7/x86_64                              CentOS-7 - Extras - mirrors.aliyun.com                                  500
  15. updates/7/x86_64                             CentOS-7 - Updates - mirrors.aliyun.com                               3,190
  16. repolist: 13,762

2、查看原来SSH版本信息并卸载?

  1. [root@centos ~]# rpm -qa | grep ssh
  2. openssh-clients-7.4p1-21.el7.x86_64
  3. openssh-7.4p1-21.el7.x86_64
  4. openssh-server-7.4p1-21.el7.x86_64
  5. libssh2-1.8.0-4.el7.x86_64
  7. [root@centos ~]# ssh -V
  8. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
  10. [root@centos ~]# rpm -qa | grep openssh | xargs rpm -e --nodeps
  11. [root@centos ~]# rpm -qa | grep openssh
  12. [root@centos ~]#

3、本地下载OpenSSH镜像包并上传至Linux系统?

(或者采用步骤4,二者取其一即可)

下载链接:阿里云开源镜像站资源目录 (aliyun.com)

image-20211214124129534

image-20211214124003962

4、使用wget命令下载OpenSSH安装包?

复制链接地址。

https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz

image-20211214124322822

使用wget命令下载。?

  1. [root@centos ~]# wget https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
  2. --2021-12-15 12:43:53--  https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
  3. Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 27.221.120.242, 61.162.46.209, 27.221.120.240, ...
  4. Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|27.221.120.242|:443... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 1815060 (1.7M) [application/octet-stream]
  7. Saving to: ‘openssh-8.8p1.tar.gz’
  9. 100%[==============================================================================>] 1,815,060   3.36MB/s   in 0.5s
  11. 2021-12-15 12:43:54 (3.36 MB/s) - ‘openssh-8.8p1.tar.gz’ saved [1815060/1815060]
  13. [root@centos ~]#

5、采用源码进行安装?

  1. #查看openssh安装包
  2. [root@centos ~]# ll
  3. total 1780
  4. -rw-------. 1 root root    1531 Nov 28 17:50 anaconda-ks.cfg
  5. -rw-r--r--  1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
  6. [root@centos ~]#
  8. [root@centos ~]# tar -zxvf openssh-8.8p1.tar.gz
  9. [root@centos ~]# ll
  10. total 1796
  11. -rw-------. 1 root root    1531 Nov 28 17:50 anaconda-ks.cfg
  12. drwxr-xr-x  7 1000 1000   12288 Sep 26 22:07 openssh-8.8p1
  13. -rw-r--r--  1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
  16. #安装依赖包
  17. [root@centos ~]# cd openssh-8.8p1
  18. [root@centos openssh-8.8p1]# ls
  19. ······省略
  20. [root@centos openssh-8.8p1]# yum install -y lrzsz zlib-devel perl gcc pam-devel openssl-devel
  21. ··········
  22. 安装过程省略
  23. ··········
  24. Installed:
  25.   gcc.x86_64 0:4.8.5-44.el7            lrzsz.x86_64 0:0.12.20-36.el7       openssl-devel.x86_64 1:1.0.2k-22.el7_9
  26.   pam-devel.x86_64 0:1.1.8-23.el7      perl.x86_64 4:5.16.3-299.el7_9      zlib-devel.x86_64 0:1.2.7-19.el7_9
  28. Dependency Installed:
  29.   keyutils-libs-devel.x86_64 0:1.5.8-3.el7                 krb5-devel.x86_64 0:1.15.1-51.el7_9
  30.   libcom_err-devel.x86_64 0:1.42.9-19.el7                  libkadm5.x86_64 0:1.15.1-51.el7_9
  31.   libselinux-devel.x86_64 0:2.5-15.el7                     libsepol-devel.x86_64 0:2.5-10.el7
  32.   libverto-devel.x86_64 0:0.2.5-4.el7                      pcre-devel.x86_64 0:8.32-17.el7
  33.   perl-Carp.noarch 0:1.26-244.el7                          perl-Encode.x86_64 0:2.51-7.el7
  34.   perl-Exporter.noarch 0:5.68-3.el7                        perl-File-Path.noarch 0:2.09-2.el7
  35.   perl-File-Temp.noarch 0:0.23.01-3.el7                    perl-Filter.x86_64 0:1.49-3.el7
  36.   perl-Getopt-Long.noarch 0:2.40-3.el7                     perl-HTTP-Tiny.noarch 0:0.033-3.el7
  37.   perl-PathTools.x86_64 0:3.40-5.el7                       perl-Pod-Escapes.noarch 1:1.04-299.el7_9
  38.   perl-Pod-Perldoc.noarch 0:3.20-4.el7                     perl-Pod-Simple.noarch 1:3.28-4.el7
  39.   perl-Pod-Usage.noarch 0:1.63-3.el7                       perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
  40.   perl-Socket.x86_64 0:2.010-5.el7                         perl-Storable.x86_64 0:2.45-3.el7
  41.   perl-Text-ParseWords.noarch 0:3.29-4.el7                 perl-Time-HiRes.x86_64 4:1.9725-3.el7
  42.   perl-Time-Local.noarch 0:1.2300-2.el7                    perl-constant.noarch 0:1.27-2.el7
  43.   perl-libs.x86_64 4:5.16.3-299.el7_9                      perl-macros.x86_64 4:5.16.3-299.el7_9
  44.   perl-parent.noarch 1:0.225-244.el7                       perl-podlators.noarch 0:2.5.1-3.el7
  45.   perl-threads.x86_64 0:1.87-4.el7                         perl-threads-shared.x86_64 0:1.43-6.el7
  47. Dependency Updated:
  48.   krb5-libs.x86_64 0:1.15.1-51.el7_9     openssl.x86_64 1:1.0.2k-22.el7_9     openssl-libs.x86_64 1:1.0.2k-22.el7_9
  50. Complete!
  51. [root@centos openssh-8.8p1]#
  53. # 安装OpenSSH
  54. [root@centos openssh-8.8p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam
  55. OpenSSH has been configured with the following options:
  56.                      User binaries: /usr/local/ssh/bin
  57.                    System binaries: /usr/local/ssh/sbin
  58.                Configuration files: /etc/ssh
  59.                    Askpass program: /usr/local/ssh/libexec/ssh-askpass
  60.                       Manual pages: /usr/local/ssh/share/man/manX
  61.                           PID file: /var/run
  62.   Privilege separation chroot path: /var/empty
  63.             sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
  64.                     Manpage format: doc
  65.                        PAM support: yes
  66.                    OSF SIA support: no
  67.                  KerberosV support: no
  68.                    SELinux support: no
  69.               MD5 password support: no
  70.                    libedit support: no
  71.                    libldns support: no
  72.   Solaris process contract support: no
  73.            Solaris project support: no
  74.          Solaris privilege support: no
  75.        IP address in $DISPLAY hack: no
  76.            Translate v4 in v6 hack: yes
  77.                   BSD Auth support: no
  78.               Random number source: OpenSSL internal ONLY
  79.              Privsep sandbox style: seccomp_filter
  80.                    PKCS#11 support: yes
  81.                   U2F/FIDO support: yes
  83.               Host: x86_64-pc-linux-gnu
  84.           Compiler: cc
  85.     Compiler flags: -g -O2 -pipe -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
  86. Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
  87.       Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
  88.          Libraries: -lcrypto -ldl -lutil -lz  -lcrypt -lresolv
  89.          +for sshd:  -lpam
  91. PAM is enabled. You may need to install a PAM control file
  92. for sshd, otherwise password authentication may fail.
  93. Example PAM control files can be found in the contrib/
  94. subdirectory
  96. [root@centos openssh-8.8p1]#
  98. # 开始编译安装
  99. [root@centos openssh-8.8p1]# make
  100. ······
  101. 编译过程省略
  102. ······
  103. [root@centos openssh-8.8p1]# make install
  104. (cd openbsd-compat && make)
  105. make[1]: Entering directory `/root/openssh-8.8p1/openbsd-compat'
  106. make[1]: Nothing to be done for `all'.
  107. make[1]: Leaving directory `/root/openssh-8.8p1/openbsd-compat'
  108. /usr/bin/mkdir -p /usr/local/ssh/bin
  109. /usr/bin/mkdir -p /usr/local/ssh/sbin
  110. /usr/bin/mkdir -p /usr/local/ssh/share/man/man1
  111. /usr/bin/mkdir -p /usr/local/ssh/share/man/man5
  112. /usr/bin/mkdir -p /usr/local/ssh/share/man/man8
  113. /usr/bin/mkdir -p /usr/local/ssh/libexec
  114. /usr/bin/mkdir -p -m 0755 /var/empty
  115. /usr/bin/install -c -m 0755 -s ssh /usr/local/ssh/bin/ssh
  116. /usr/bin/install -c -m 0755 -s scp /usr/local/ssh/bin/scp
  117. /usr/bin/install -c -m 0755 -s ssh-add /usr/local/ssh/bin/ssh-add
  118. /usr/bin/install -c -m 0755 -s ssh-agent /usr/local/ssh/bin/ssh-agent
  119. /usr/bin/install -c -m 0755 -s ssh-keygen /usr/local/ssh/bin/ssh-keygen
  120. /usr/bin/install -c -m 0755 -s ssh-keyscan /usr/local/ssh/bin/ssh-keyscan
  121. /usr/bin/install -c -m 0755 -s sshd /usr/local/ssh/sbin/sshd
  122. /usr/bin/install -c -m 4711 -s ssh-keysign /usr/local/ssh/libexec/ssh-keysign
  123. /usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/local/ssh/libexec/ssh-pkcs11-helper
  124. /usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/local/ssh/libexec/ssh-sk-helper
  125. /usr/bin/install -c -m 0755 -s sftp /usr/local/ssh/bin/sftp
  126. /usr/bin/install -c -m 0755 -s sftp-server /usr/local/ssh/libexec/sftp-server
  127. /usr/bin/install -c -m 644 ssh.1.out /usr/local/ssh/share/man/man1/ssh.1
  128. /usr/bin/install -c -m 644 scp.1.out /usr/local/ssh/share/man/man1/scp.1
  129. /usr/bin/install -c -m 644 ssh-add.1.out /usr/local/ssh/share/man/man1/ssh-add.1
  130. /usr/bin/install -c -m 644 ssh-agent.1.out /usr/local/ssh/share/man/man1/ssh-agent.1
  131. /usr/bin/install -c -m 644 ssh-keygen.1.out /usr/local/ssh/share/man/man1/ssh-keygen.1
  132. /usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/local/ssh/share/man/man1/ssh-keyscan.1
  133. /usr/bin/install -c -m 644 moduli.5.out /usr/local/ssh/share/man/man5/moduli.5
  134. /usr/bin/install -c -m 644 sshd_config.5.out /usr/local/ssh/share/man/man5/sshd_config.5
  135. /usr/bin/install -c -m 644 ssh_config.5.out /usr/local/ssh/share/man/man5/ssh_config.5
  136. /usr/bin/install -c -m 644 sshd.8.out /usr/local/ssh/share/man/man8/sshd.8
  137. /usr/bin/install -c -m 644 sftp.1.out /usr/local/ssh/share/man/man1/sftp.1
  138. /usr/bin/install -c -m 644 sftp-server.8.out /usr/local/ssh/share/man/man8/sftp-server.8
  139. /usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/ssh/share/man/man8/ssh-keysign.8
  140. /usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/ssh/share/man/man8/ssh-pkcs11-helper.8
  141. /usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/ssh/share/man/man8/ssh-sk-helper.8
  142. /usr/bin/mkdir -p /etc/ssh
  143. ssh-keygen: generating new host keys: DSA
  144. /usr/local/ssh/sbin/sshd -t -f /etc/ssh/sshd_config
  145. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  146. @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
  147. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  148. Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
  149. It is required that your private key files are NOT accessible by others.
  150. This private key will be ignored.
  151. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  152. @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
  153. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  154. Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
  155. It is required that your private key files are NOT accessible by others.
  156. This private key will be ignored.
  157. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  158. @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
  159. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  160. Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
  161. It is required that your private key files are NOT accessible by others.
  162. This private key will be ignored.
  163. sshd: no hostkeys available -- exiting.
  164. make: [check-config] Error 1 (ignored)
  165. [root@centos openssh-8.8p1]#

解压openssh-8.8p1.tar.gz压缩包,结果如下图所示。?

image-20211214125711172

通过YUM源命令安装lrzsz zlib-devel perl gcc pam-devel等服务组件,结果如下图所示了。??

image-20211214130657870

运行./configure —prefix=/usr/local/ssh —sysconfdir=/etc/ssh —with-pam此命令后,结果如下图所示。

image-20211214130940082

运行完make命令后,结果如下图所示。

image-20211214131219107

运行完make install命令后,结果如下图所示。

image-20211214131502219

6、修改相关参数?

  1. [root@centos openssh-8.8p1]# cd /etc/init.d/
  2. [root@centos init.d]# cp /root/openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
  3. [root@centos init.d]# ll
  4. total 44
  5. -rw-r--r--. 1 root root 18281 May 22  2020 functions
  6. -rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
  7. -rwxr-xr-x. 1 root root  7928 May 22  2020 network
  8. -rw-r--r--. 1 root root  1160 Oct  2  2020 README
  9. -rwxr-xr-x  1 root root  1721 Dec 15 13:20 sshd
  10. [root@centos init.d]# chmod u+x /etc/init.d/sshd
  11. [root@centos init.d]# chkconfig --add sshd
  12. [root@centos init.d]# cp /root/openssh-8.8p1/sshd_config /etc/ssh/ssh_config
  13. cp: overwrite ‘/etc/ssh/ssh_config’? y
  14. [root@centos init.d]# cp -r /usr/local/ssh/bin/* /usr/bin/
  15. [root@centos init.d]# cp -r /usr/local/ssh/sbin/* /usr/sbin/
  16. [root@centos init.d]# vi /etc/ssh/sshd_config
  17. 添加如下内容
  18. #PasswordAuthentication yes
  19. PermitRootLogin yes
  20. [root@centos init.d]#chmod 600 /etc/ssh/*

7、启动并查看SSH服务??

  1. [root@centos ~]# systemctl start sshd
  2. [root@centos ~]# systemctl restart sshd
  3. [root@centos ~]# systemctl status sshd
  4. ● sshd.service - SYSV: OpenSSH server daemon
  5.    Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
  6.    Active: active (running) since Wed 2021-12-15 13:24:56 CST; 5s ago
  7.      Docs: man:systemd-sysv-generator(8)
  8.   Process: 19403 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  9.   Process: 19409 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
  10.  Main PID: 19417 (sshd)
  11.    CGroup: /system.slice/sshd.service
  12.            └─19417 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
  14. Dec 15 13:24:56 centos systemd[1]: Stopped SYSV: OpenSSH server daemon.
  15. Dec 15 13:24:56 centos systemd[1]: Starting SYSV: OpenSSH server daemon...
  16. Dec 15 13:24:56 centos sshd[19409]: Starting sshd:[  OK  ]
  17. Dec 15 13:24:56 centos systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
  18. Dec 15 13:24:56 centos sshd[19417]: Server listening on 0.0.0.0 port 22.
  19. Dec 15 13:24:56 centos sshd[19417]: Server listening on :: port 22.
  20. Dec 15 13:24:56 centos systemd[1]: Started SYSV: OpenSSH server daemon.

8、查看SSH服务版本信息。??

  1. [root@centos ~]# ssh -V
  2. OpenSSH_8.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017

image-20211214132831394

相关推荐
阅读 +

© 2020 asciim码

人生就是一场修行