56

细述CentOS使用OpenSSL编译安装OpenSSH

 5 years ago
source link: https://www.linuxprobe.com/centos-openssl-openssh.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

检测已安装的包
# rpm -qa | grep openssh openssh
# rpm -qa | grep openssh openssl

卸载用rpm -e 如果出现依赖包导致无法卸载,在最后面加上--nodeps即可,例:

# rpm -e openssl --nodeps

具体安装过程如下:

下载最新软件包源码
http://ftp5.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz
http://www.openssl.org/source/openssl-1.0.2j.tar.gz
http://www.openssl.org/source/openssl-fips-2.0.13.tar.gz
使用YUM安装必要的软件开发包
# yum install -y zlib-devel pam-devel tcp_wrappers-devel
安装openssl-fips

具体说明见 http://www.openssl.org/docs/fips ;

# tar zxpf openssl-fips-2.0.5.tar.gz
# cd openssl-fips
# ./config
# make && make install
安装OpenSSL
# tar zxpf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config fips --shared
# make && make install
将新编译的openssl library 加入系统动态库链接中
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# ldconfig
安装OpenSSH
# tar zxpf openssh-6.6p1.tar.gz
# cd openssh-6.6p1
# ./configure \
  --prefix=/usr \
  --sysconfdir=/etc/ssh \
  --with-md5-passwords \
  --with-pam \
  --with-tcp-wrappers \
  --with-ssl-dir=/usr/local/ssl
# make && make install
# ssh -V
修改相关配置
# cp -p contrib/redhat/sshd.init /etc/init.d/sshd    (此处的contrib路径为解压后的OpenSSH包路径)
# chmod u+x /etc/init.d/sshd                             (加执行权限)
# chkconfig --add sshd                                      (增加sshd服务)
# chkconfig sshd on                                          (把sshd加入启动项)
# yum install openssh                                          (安装OpenSSH客户端)
# vim /etc/ssh/sshd_config
PermitRootLogin yes                #允许root账户登录,单root账户必须加上,其他的参数请自行修改
测试登录
# /etc/init.d/sshd start
ssh-keygen: illegal option -- A

Usage: ssh-keygen [options]

Options:

-a trials   Number of trials for screening DH-GEX moduli.

-B          Show bubblebabble digest of key file.

-b bits     Number of bits in the key to create.

-C comment  Provide new comment.

-c          Change comment in private and public key files.

-e          Convert OpenSSH to IETF SECSH key file.

-F hostname Find hostname in known hosts file.

-f filename Filename of the key file.

-G file     Generate candidates for DH-GEX moduli.

-g          Use generic DNS resource record format.

-H          Hash names in known_hosts file.

-i          Convert IETF SECSH to OpenSSH key file.

-l          Show fingerprint of key file.

-M memory   Amount of memory (MB) to use for generating DH-GEX moduli.

-N phrase   Provide new passphrase.

-P phrase   Provide old passphrase.

-p          Change passphrase of private key file.

-q          Quiet.

-R hostname Remove host from known_hosts file.

-r hostname Print DNS resource record.

-S start    Start point (hex) for generating DH-GEX moduli.

-T file     Screen candidates for DH-GEX moduli.

-t type     Specify type of key to create.

-v          Verbose.

-W gen      Generator to use for generating DH-GEX moduli.

-y          Read private key file and print public key.

Starting sshd:                                             [  OK  ]

sshd文件的ssh-keygen参数有问题,暂时不知道怎么解决,但是不影响使用。


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK