yzbtdiy

yzbtdiy

github
bilibili
HomeArchives

Upgrade OpenSSH 9.9 on CentOS 7.9

#openssh#centos735
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document outlines the process for upgrading OpenSSH on a CentOS 7.9 system. It begins by preparing the environment, including downloading necessary Telnet RPM packages for offline installation. The Telnet service is set up by installing the `telnet-server` and `xinetd` packages, and the necessary configurations are made to allow root login via Telnet. Next, the document details the steps to upgrade OpenSSH using RPM packages, which simplifies the process compared to source compilation. It instructs users to uninstall the existing OpenSSH packages, back up the current SSH configuration, and then install the new OpenSSH RPM packages. After installation, the SSH daemon (sshd) is restarted, and a configuration adjustment is made to disable DSA keys, resolving any related error messages. The upgrade process concludes with a confirmation that OpenSSH has been successfully upgraded.

Upgrade Environment

The system is CentOS 7.9, and the OpenSSH version is the default 7.4 version.

image

Package Preparation

Prepare a CentOS 7.9 virtual machine that can access the internet, and download the telnet-related rpm packages for offline use.

yum install --downloadonly --downloaddir=. xinetd telnet telnet-server

The rpm package for the new version of OpenSSH can be packaged using an open-source script on GitHub.

https://github.com/boypt/openssh-rpms

Enable Telnet Before Upgrading OpenSSH (Optional)#

Install the telnet service offline, using the rpm command to install telnet.

The telnet service requires the installation of both the telnet-server and xinetd packages; telnet is the client tool.

image

Start the xinetd.service and telnet.socket services.

systemctl restart xinetd.service telnet.socket

image

To log in as root, you need to add pts terminals to the end of the /etc/securetty file.

[root@localhost ~]# echo pts/0 >> /etc/securetty
[root@localhost ~]# echo pts/1 >> /etc/securetty

If the server has a firewall enabled, you need to allow telnet.

[root@localhost ~]# firewall-cmd --add-service=telnet

image

At this point, you can use telnet to log in to the server.

image

Upgrade OpenSSH#

Since it has been packaged into an rpm package, it is much simpler than compiling from source; you can use the rpm command to upgrade.

Use the yum command to uninstall openssh.

[root@localhost ~]# yum remove openssh openssh-clients openssh-server

image

Extract and install the rpm package; it is best to back up the original ssh configuration before installation.

[root@localhost ~]# tar xf openssh-9.9p1-1.el7.tar.gz
[root@localhost ~]# mv /etc/ssh /etc/ssh.bak
[root@localhost ~]# rpm -ivh openssh*.rpm

image

image

After installing the new version of openssh, restart sshd and set it to start on boot.

image

The sshd service starts normally, but there is an error message; OpenSSH version 9.9 disables DSA by default.

/sbin/restorecon: lstat(/etc/ssh/ssh_host_dsa_key.pub) failed: No such...

image

Modify the configuration file to disable loading dsa_key.

image

After modification, reload the configuration and restart the sshd service; the error message disappears.

image

The OpenSSH upgrade is complete.

image

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.