【阿里云镜像】使用阿里云openssh镜像安装配置SSH服务

一、参考链接??

二、OpenSSH简介?

OpenSSH（OpenBSD Secure Shell）是使用SSH透过计算机网络加密通信的实现。它是取代由SSH Communications Security所提供的商用版本的开放源代码方案。目前OpenSSH是OpenBSD的子项目。
OpenSSH常常被误认以为与OpenSSL有关系，但实际上这两个项目有不同的目的，不同的发展团队，名称相近只是因为两者有同样的软件发展目标──提供开放源代码的加密通信软件。
来源：维基百科

三、OpenSSH安装操作?

1、清除缓存并更新YUM源?

[root@centos ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
[root@centos ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
repo id                                      repo name                                                            status
base/7/x86_64                                CentOS-7 - Base - mirrors.aliyun.com                                 10,072
extras/7/x86_64                              CentOS-7 - Extras - mirrors.aliyun.com                                  500
updates/7/x86_64                             CentOS-7 - Updates - mirrors.aliyun.com                               3,190
repolist: 13,762

2、查看原来SSH版本信息并卸载?

[root@centos ~]# rpm -qa | grep ssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
libssh2-1.8.0-4.el7.x86_64
[root@centos ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@centos ~]# rpm -qa | grep openssh | xargs rpm -e --nodeps
[root@centos ~]# rpm -qa | grep openssh
[root@centos ~]#

3、本地下载OpenSSH镜像包并上传至Linux系统?

（或者采用步骤4，二者取其一即可）

下载链接：阿里云开源镜像站资源目录 (aliyun.com)

4、使用wget命令下载OpenSSH安装包?

复制链接地址。

https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz

使用wget命令下载。?

[root@centos ~]# wget https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
--2021-12-15 12:43:53--  https://mirrors.aliyun.com/openssh/portable/openssh-8.8p1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 27.221.120.242, 61.162.46.209, 27.221.120.240, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|27.221.120.242|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1815060 (1.7M) [application/octet-stream]
Saving to: ‘openssh-8.8p1.tar.gz’
100%[==============================================================================>] 1,815,060   3.36MB/s   in 0.5s
2021-12-15 12:43:54 (3.36 MB/s) - ‘openssh-8.8p1.tar.gz’ saved [1815060/1815060]
[root@centos ~]#

5、采用源码进行安装?

#查看openssh安装包
[root@centos ~]# ll
total 1780
-rw-------. 1 root root    1531 Nov 28 17:50 anaconda-ks.cfg
-rw-r--r--  1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
[root@centos ~]#
[root@centos ~]# tar -zxvf openssh-8.8p1.tar.gz
[root@centos ~]# ll
total 1796
-rw-------. 1 root root    1531 Nov 28 17:50 anaconda-ks.cfg
drwxr-xr-x  7 1000 1000   12288 Sep 26 22:07 openssh-8.8p1
-rw-r--r--  1 root root 1815060 Sep 26 22:39 openssh-8.8p1.tar.gz
#安装依赖包
[root@centos ~]# cd openssh-8.8p1
[root@centos openssh-8.8p1]# ls
······省略
[root@centos openssh-8.8p1]# yum install -y lrzsz zlib-devel perl gcc pam-devel openssl-devel
··········
安装过程省略
··········
Installed:
  gcc.x86_64 0:4.8.5-44.el7            lrzsz.x86_64 0:0.12.20-36.el7       openssl-devel.x86_64 1:1.0.2k-22.el7_9
  pam-devel.x86_64 0:1.1.8-23.el7      perl.x86_64 4:5.16.3-299.el7_9      zlib-devel.x86_64 0:1.2.7-19.el7_9
Dependency Installed:
  keyutils-libs-devel.x86_64 0:1.5.8-3.el7                 krb5-devel.x86_64 0:1.15.1-51.el7_9
  libcom_err-devel.x86_64 0:1.42.9-19.el7                  libkadm5.x86_64 0:1.15.1-51.el7_9
  libselinux-devel.x86_64 0:2.5-15.el7                     libsepol-devel.x86_64 0:2.5-10.el7
  libverto-devel.x86_64 0:0.2.5-4.el7                      pcre-devel.x86_64 0:8.32-17.el7
  perl-Carp.noarch 0:1.26-244.el7                          perl-Encode.x86_64 0:2.51-7.el7
  perl-Exporter.noarch 0:5.68-3.el7                        perl-File-Path.noarch 0:2.09-2.el7
  perl-File-Temp.noarch 0:0.23.01-3.el7                    perl-Filter.x86_64 0:1.49-3.el7
  perl-Getopt-Long.noarch 0:2.40-3.el7                     perl-HTTP-Tiny.noarch 0:0.033-3.el7
  perl-PathTools.x86_64 0:3.40-5.el7                       perl-Pod-Escapes.noarch 1:1.04-299.el7_9
  perl-Pod-Perldoc.noarch 0:3.20-4.el7                     perl-Pod-Simple.noarch 1:3.28-4.el7
  perl-Pod-Usage.noarch 0:1.63-3.el7                       perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
  perl-Socket.x86_64 0:2.010-5.el7                         perl-Storable.x86_64 0:2.45-3.el7
  perl-Text-ParseWords.noarch 0:3.29-4.el7                 perl-Time-HiRes.x86_64 4:1.9725-3.el7
  perl-Time-Local.noarch 0:1.2300-2.el7                    perl-constant.noarch 0:1.27-2.el7
  perl-libs.x86_64 4:5.16.3-299.el7_9                      perl-macros.x86_64 4:5.16.3-299.el7_9
  perl-parent.noarch 1:0.225-244.el7                       perl-podlators.noarch 0:2.5.1-3.el7
  perl-threads.x86_64 0:1.87-4.el7                         perl-threads-shared.x86_64 0:1.43-6.el7
Dependency Updated:
  krb5-libs.x86_64 0:1.15.1-51.el7_9     openssl.x86_64 1:1.0.2k-22.el7_9     openssl-libs.x86_64 1:1.0.2k-22.el7_9
Complete!
[root@centos openssh-8.8p1]#
# 安装OpenSSH
[root@centos openssh-8.8p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam
OpenSSH has been configured with the following options:
                     User binaries: /usr/local/ssh/bin
                   System binaries: /usr/local/ssh/sbin
               Configuration files: /etc/ssh
                   Askpass program: /usr/local/ssh/libexec/ssh-askpass
                      Manual pages: /usr/local/ssh/share/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
                    Manpage format: doc
                       PAM support: yes
                   OSF SIA support: no
                 KerberosV support: no
                   SELinux support: no
              MD5 password support: no
                   libedit support: no
                   libldns support: no
  Solaris process contract support: no
           Solaris project support: no
         Solaris privilege support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY
             Privsep sandbox style: seccomp_filter
                   PKCS#11 support: yes
                  U2F/FIDO support: yes
              Host: x86_64-pc-linux-gnu
          Compiler: cc
    Compiler flags: -g -O2 -pipe -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
      Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
         Libraries: -lcrypto -ldl -lutil -lz  -lcrypt -lresolv
         +for sshd:  -lpam
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
[root@centos openssh-8.8p1]#
# 开始编译安装
[root@centos openssh-8.8p1]# make
······
编译过程省略
······
[root@centos openssh-8.8p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/root/openssh-8.8p1/openbsd-compat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/openssh-8.8p1/openbsd-compat'
/usr/bin/mkdir -p /usr/local/ssh/bin
/usr/bin/mkdir -p /usr/local/ssh/sbin
/usr/bin/mkdir -p /usr/local/ssh/share/man/man1
/usr/bin/mkdir -p /usr/local/ssh/share/man/man5
/usr/bin/mkdir -p /usr/local/ssh/share/man/man8
/usr/bin/mkdir -p /usr/local/ssh/libexec
/usr/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/local/ssh/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/local/ssh/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/local/ssh/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/local/ssh/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/local/ssh/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/local/ssh/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/local/ssh/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/local/ssh/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/local/ssh/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/local/ssh/libexec/ssh-sk-helper
/usr/bin/install -c -m 0755 -s sftp /usr/local/ssh/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/local/ssh/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/local/ssh/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/local/ssh/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/local/ssh/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/local/ssh/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/local/ssh/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/local/ssh/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/local/ssh/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/local/ssh/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/local/ssh/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/local/ssh/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/local/ssh/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/local/ssh/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/local/ssh/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/ssh/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/ssh/share/man/man8/ssh-sk-helper.8
/usr/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: DSA
/usr/local/ssh/sbin/sshd -t -f /etc/ssh/sshd_config
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
[root@centos openssh-8.8p1]#

解压openssh-8.8p1.tar.gz压缩包，结果如下图所示。?

通过YUM源命令安装lrzsz zlib-devel perl gcc pam-devel等服务组件，结果如下图所示了。??

运行./configure —prefix=/usr/local/ssh —sysconfdir=/etc/ssh —with-pam此命令后，结果如下图所示。

运行完make命令后，结果如下图所示。

运行完make install命令后，结果如下图所示。

6、修改相关参数?

[root@centos openssh-8.8p1]# cd /etc/init.d/
[root@centos init.d]# cp /root/openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
[root@centos init.d]# ll
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 Oct  2  2020 README
-rwxr-xr-x  1 root root  1721 Dec 15 13:20 sshd
[root@centos init.d]# chmod u+x /etc/init.d/sshd
[root@centos init.d]# chkconfig --add sshd
[root@centos init.d]# cp /root/openssh-8.8p1/sshd_config /etc/ssh/ssh_config
cp: overwrite ‘/etc/ssh/ssh_config’? y
[root@centos init.d]# cp -r /usr/local/ssh/bin/* /usr/bin/
[root@centos init.d]# cp -r /usr/local/ssh/sbin/* /usr/sbin/
[root@centos init.d]# vi /etc/ssh/sshd_config
添加如下内容
#PasswordAuthentication yes
PermitRootLogin yes
[root@centos init.d]#chmod 600 /etc/ssh/*

7、启动并查看SSH服务??

[root@centos ~]# systemctl start sshd
[root@centos ~]# systemctl restart sshd
[root@centos ~]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: active (running) since Wed 2021-12-15 13:24:56 CST; 5s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 19403 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 19409 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
 Main PID: 19417 (sshd)
   CGroup: /system.slice/sshd.service
           └─19417 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Dec 15 13:24:56 centos systemd[1]: Stopped SYSV: OpenSSH server daemon.
Dec 15 13:24:56 centos systemd[1]: Starting SYSV: OpenSSH server daemon...
Dec 15 13:24:56 centos sshd[19409]: Starting sshd:[  OK  ]
Dec 15 13:24:56 centos systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
Dec 15 13:24:56 centos sshd[19417]: Server listening on 0.0.0.0 port 22.
Dec 15 13:24:56 centos sshd[19417]: Server listening on :: port 22.
Dec 15 13:24:56 centos systemd[1]: Started SYSV: OpenSSH server daemon.

8、查看SSH服务版本信息。??

[root@centos ~]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017