#!/bin/sh

cd /etc/yum.repos.d

mkdir backup

mv Cent* backup

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

yum -y clean all

yum -y makecache

cd /tmp

mkdir update

cd update

wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz

wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz

wget --no-check-certificate https://www.cpan.org/src/5.0/perl-5.28.0.tar.gz  

tar xf openssl-1.1.1q.tar.gz

tar xf openssh-9.1p1.tar.gz

tar -zxvf perl-5.28.0.tar.gz    

yum -y install zlib zlib-devel

yum -y install gcc  

cd perl-5.28.0

./Configure -des -Dprefix=$HOME/localperl

make

make test

make install

cd /tmp/update/openssl-1.1.1q

./config shared && make && make install

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -s /usr/local/include/openssl/ /usr/include/openssl

echo "/usr/local/lib64" >> /etc/ld.so.conf

/sbin/ldconfig

openssl version

mv /etc/ssh /etc/ssh.bak

cd /tmp/update/openssh-9.1p1

mkdir /usr/local/openssh

./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords

make

make install

echo "UseDNS no" >> /etc/ssh/sshd_config

echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config

echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

echo "X11Forwarding yes" >> /etc/ssh/sshd_config

echo "X11UseLocalhost no" >> /etc/ssh/sshd_config  

echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config

mv /usr/sbin/sshd /usr/sbin/sshd0909

mv /usr/bin/ssh /usr/bin/ssh0909

mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen0909

ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh

ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

ssh -V

mv /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service.bak

cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd

cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chkconfig --add sshd

systemctl enable sshd --now

systemctl restart sshd

如ssh启动不了，如下：

#关闭selinux     vi /etc/selinux/config  手工

#修改SELINUX=enforce为SELINUX=disable  重启服务器后

restorecon -r -v /root/.ssh

#开启selinux    vi /etc/linux/config  手工

#修改为SELINUX=enforcing

systemctl start sshd

ssh9.3  修复Diffie-Hellman Key Agreement Protocol 资源管理错误漏洞（CVE-2002-20001）

echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521" >> /etc/ssh/sshd_config