wget http://down.iydnet.cn/openssh/openssh98.tar


一，openssh相关漏洞修复
1.编译安装zlib
 tar -zxvf zlib-1.3.1.tar.gz
 cd zlib-1.3.1
 ./configure --prefix=/usr/local/zlib
make && make install
 2.编译安装openssl
tar -zxvf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/ssl -d shared
 make && make install
 which openssl 查看是否升级成功
 mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.old
 ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
 ln -s /usr/local/ssl/include/openssl /usr/include/openssl
 ln -s /usr/local/ssl/lib/libssl.so /usr/lib64/libssl.so
 echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
 ldconfig -v
openssl version -a

ssh -V
3、编译安装openssh
tar -zxvf openssh-9.8p1.tar.gz
 cd openssh-9.8p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
 make && make install
4、配置文件备份和修改

# sshd_config文件修改
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
5、备份
cp -r /etc/ssh/ /etc/sshbak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
6、拷贝文件
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
7、启动
systemctl restart sshd
systemctl enable sshd
升级后sshd起不来一直重启解决方案：
禁用原先的SSH服务
systemctl disable sshd
mv /usr/lib/systemd/system/sshd.service /home/sshd.service.bak
cp contrib/redhat/sshd.init /etc/init.d/sshd
cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
systemctl daemon-reload
systemctl restart sshd
systemctl enable sshd
8、查看版本升级成功

ubuntu22.02、centos7、centos8，欧拉sp10 麒麟 也适用于如上，直接用systemctl restart sshd