openssh下载链接：

1.备份原来的pam.d下的sshd文件

mv /etc/pam.d/sshd /etc/pam.d/sshd-bak && ls -l /etc/pam.d/sshd* && cp -r /etc/ssh /etc/ssh-bak

当备份pam.d下的sshd文件时，发现该路径下没有此文件，可以从其他服务器拷贝一个过来，或是执行vi /etc/pam.d/sshd，输入如下内容

cat <<EOF>  /etc/pam.d/sshd#%PAM-1.0auth       substack     password-authauth       include      postloginaccount    required     pam_sepermit.soaccount    required     pam_nologin.soaccount    include      password-authpassword   include      password-auth# pam_selinux.so close should be the first session rulesession    required     pam_selinux.so closesession    required     pam_loginuid.so# pam_selinux.so open should only be followed by sessions to be executed in the user contextsession    required     pam_selinux.so open env_paramssession    required     pam_namespace.sosession    optional     pam_keyinit.so force revokesession    optional     pam_motd.sosession    include      password-authsession    include      postloginEOF

2.解决依赖关系

Linux7.x

yum -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server xinetd make cmake 

Linux8.x

dnf -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server xinetd make cmake 

Linux9.x

dnf -y install wget gcc zlib-devel openssl-devel pam-devel libselinux-devel tar net-tools telnet \telnet-server make cmake 

3.设置telnet开机启动,是为了防止在卸载旧版ssh的时候出现中断后无法连接服务器

Linux9.x系统，需要下载一个Linux7.0或Linux8.x的xinetd文件安装

wget  && \dnf -y localinstall xinetd-2.3.15-25.el8.x86_64.rpm

修改xientd配置文件

touch /etc/xinetd.d/telnet && \cat <<EOF> /etc/xinetd.d/telnetservice telnet{        flags = REUSE        socket_type = stream        wait = no        user = root        server = /usr/sbin/in.telnetd        log_on_failure += USERID        disable = no}EOF

加入开机自启并启动telnet服务

systemctl daemon-reload && systemctl enable xinetd && systemctl start xinetd

4.卸载原来的openssh

rpm -e --nodeps `rpm -qa | grep openssh`

5.解决在编译的时候提示权限过高

chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key

6.下载并解压最新的openssh

cd /tmp && wget  && \tar xf openssh-9.7p1.tar.gz && \cd openssh-9.7p1 && \./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam \--with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib \--without-hardening && make && make install

7.复制配置文件并设置允许root用户远程登录

Linux7.x 或 Linux8.x添加如下内容

#Linux7.x 或 Linux8.x添加如下内容cd /tmp/openssh-9.7p1 && \cp -a contrib/redhat/sshd.init /etc/init.d/sshd && \cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam && \chown -R root.root /etc/init.d/sshd && \chmod u+x /etc/init.d/sshd

Linux9.x系统添加如下内容

cat <<EOF>/usr/lib/systemd/system/sshd.service[Unit]Description=OpenSSH server daemonAfter=network.target[Service]Type=forckingEnvironmentFile=-/etc/sysconfig/sshdExecStart=/usr/sbin/sshd -D $OPTIONSExecStop=/bin/kill-s QUIT $MAINPIDExecReload=/usr/bin/kill -HUP $MAINPIDKillMode=processRestart=on-failureRestartSec=42s[Install]WantedBy=multi-user.targetEOF

8.修改配置文件/etc/ssh/sshd_config

#1.修改#PermitRootLogin prohibit-password项，去掉注释#并把prohibit-password改为yes，修改后即为PermitRootLogin yes#2.去掉注释#PasswordAuthentication yes变为PasswordAuthentication yessed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config && \sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/g" /etc/ssh/sshd_config

9.添加添加自启服务ssh到开机启动项

Linux7.x或Linux8.x

chkconfig --add sshd && chkconfig sshd on

Linux9.x

systemctl daemon-reload && systemctl enable sshd && systemctl restart sshd

10.验证结果

ssh -V

如果重启发现sshd无法启动，如下图所示

解决：

是因为selinux开启的原因，只要将selinux关闭，重启下即可

#临时关闭setenforce 0#永久关闭需要修改/etc/selinux/config文件，将SELINUX=enforcing或者SELINUX=permissive修改为如下SELINUX=disabledsystemctl restart sshd

在linux9.x环境下，记得一定要把selinux关闭，不然，输入用户名后会被一直提示密码错误

11.重启服务器

reboot

12.卸载telnet

dnf -y remove telnet telnet-server xinetd