📅 发布时间：2026/6/20 0:54:02

麒麟V10升级openssh到10.2

2025-12-30 11:45 WilliamZheng 阅读(0) 评论(0) 收藏举报

一、升级准备

1.1 升级前的环境

[root@k8s-node1 ~]# ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
[root@k8s-node1 ~]# cat /etc/os-release 
NAME="Kylin Linux Advanced Server"
VERSION="V10 (Tercel)"
ID="kylin"
VERSION_ID="V10"
PRETTY_NAME="Kylin Linux Advanced Server V10 (Tercel)"
ANSI_COLOR="0;31"[root@k8s-node1 ~]# uname -a
Linux k8s-node1 4.19.90-23.8.v2101.ky10.x86_64 #1 SMP Mon May 17 17:08:34 CST 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@k8s-node1 ~]# ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
[root@k8s-node1 ~]# openssl version
OpenSSL 1.1.1f  31 Mar 2020

1.2 需要准备的环境

需准备安装包如下
openssh-10.2p1.tar.gz
下载地址：https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.2p1.tar.gz

openssl-3.5.4.tar.gz
下载地址：https://github.com/openssl/openssl/releases/download/openssl-3.5.4/openssl-3.5.4.tar.gz

服务器需有外网地址或者配置离线yum源

二、升级openssl

# 解压，源码编译
[root@k8s-node1 openssh]# tar -zxvf openssl-3.5.4.tar.gz
[root@k8s-node1 openssh]# cd openssl-3.5.4
[root@k8s-node1 openssl-3.5.4]# ./config --prefix=/usr/local/openssl3 --openssldir=/usr/local/openssl3 shared zlib
[root@k8s-node1 openssl-3.5.4]# make -j$(nproc)
[root@k8s-node1 openssl-3.5.4]# make install# 将库路径加入系统配置
[root@k8s-node1 openssl-3.5.4]# echo '/usr/local/openssl3/lib64' > /etc/ld.so.conf.d/openssl3.conf
ldconfig -v# 备份旧版本（可选）
[root@k8s-node1 openssl-3.5.4]# mv /usr/bin/openssl /usr/bin/openssl.bak# 创建新链接
[root@k8s-node1 openssl-3.5.4]# ln -sf /usr/local/openssl3/bin/openssl /usr/bin/openssl
[root@k8s-node1 openssl-3.5.4]# ln -sf /usr/local/openssl3/lib64/libssl.so.3 /usr/lib64/libssl.so.3
[root@k8s-node1 openssl-3.5.4]# ln -sf /usr/local/openssl3/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3# 确认升级成功
[root@k8s-node1 openssl-3.5.4]# openssl -v
OpenSSL 3.5.4 30 Sep 2025 (Library: OpenSSL 3.5.4 30 Sep 2025)

三、升级openssh

3.1 开启telnet

升级openssh有风险，万一升级失败或升级过程中断开了连接，就无法再ssh连上服务器了，因此生产环境我们要开启telnet，以防万一

[root@k8s-node1 openssh]# rpm -qa | grep telnet
[root@k8s-node1 openssh]# dnf -y install telnet
[root@k8s-node1 openssh]# systemctl start telnet.socket
[root@k8s-node1 openssh]# systemctl status telnet.socket
# 检查防火墙是否启用，未启用不用管，如果启用放行23端口
[root@k8s-node1 openssh]# systemctl status firewalld

3.2升级openssh

# 源码编译
[root@k8s-node1 openssh]# tar -zxvf openssh-10.2p1.tar.gz
[root@k8s-node1 openssh]# cd openssh-10.2p1/
[root@k8s-node1 openssh-10.2p1]# ./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl3 --with-zlib
[root@k8s-node1 openssh-10.2p1]# make -j$(nproc) && make install[root@k8s-node1 openssh-10.2p1]# ls /usr/lib/systemd/system/ssh*
[root@k8s-node1 openssh-10.2p1]# rm -f /usr/lib/systemd/system/ssh*
[root@k8s-node1 openssh-10.2p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd[root@k8s-node1 openssh-10.2p1]# mkdir /etc/ssh[root@k8s-node1 openssh-10.2p1]# vim /usr/local/openssh/etc/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/sbin/sshd /usr/local/sbin/sshd
[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@k8s-node1 openssh-10.2p1]# cp -rf /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub#配置开机自启动
[root@k8s-node1 openssh-10.2p1]# cat > /usr/lib/systemd/system/sshd.service << 'EOF'
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s[Install]
WantedBy=multi-user.target
EOF[root@geoenterprise openssh-10.2p1]# systemctl daemon-reload
[root@geoenterprise openssh-10.2p1]# systemctl start sshd && systemctl enable sshd  
[root@geoenterprise openssh-10.2p1]# /usr/lib/systemd/systemd-sysv-install enable sshd# 确认升级成功
[root@geoenterprise openssh-10.2p1]# ssh -V
OpenSSH_10.2p1, OpenSSL 3.5.4 30 Sep 2025