ssh 7.4升级9.1 centos 7.9版本（升级后没有rsa密钥类型

一、版本查询

1.1

[root@k8snode ~]# uname -a
Linux k8snode 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@k8snode ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

二、操作

2.1、备份

cp -rf /etc/ssh /etc/ssh.bak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /etc/pam.d /etc/pam.d.bak
cp -rf /usr/lib/systemd/system /system.bak

2.2、安装工具包和下载升级工具

 yum install -y vim gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers libedit-devel perl-IPC-Cmd wget tar lrzsz nano

cd /usr/local/src/
#阿里源
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz --no-check-certificate
#官网
wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1q.tar.gz --no-check-certificate
wget https://www.zlib.net/zlib-1.3.1.tar.gz  --no-check-certificate 
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz --no-check-certificate 

解压安装包

cd /usr/local/src/
tar -zxvf zlib-1.3.1.tar.gz
tar -zxvf openssl-1.1.1q.tar.gz
tar -zxvf openssh-9.7p1.tar.gz

zlib编译

#1.进入zlib-1.3.1目录
cd /usr/local/src/zlib-1.3.1
#2.配置
./configure --prefix=/usr/local/src/zlib
#3.编译及安装（编译时间预计几分钟，视机器而定）
make -j 8 && make test && make install

2.3、卸载ssl

whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
mv /usr/bin/openssl  /usr/bin/openssl.old
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/include/openssl  /usr/include/openssl.old

2.4、安装openssl

cd openssl-1.1.1w/
./config --prefix=/usr
 make && make install


验证
whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz /usr/share/man/man1/openssl.1
openssl  version
OpenSSL 1.1.1w  11 Sep 2023

2.5、开启 Telnet 可以直连服务器不需要

systemctl start telnet.socket
systemctl start xinetd
systemctl status telnet.socket
systemctl status xinetd

注释掉这行
vim /etc/pam.d/remote
# auth required pam_securetty.so


重启telnet等工具
systemctl restart xinetd
systemctl restart telnet.socket

2.6、卸载openssh

# rpm -qa | grep openssh
openssh-clients-7.4p1-23.el7_9.x86_64
openssh-server-7.4p1-23.el7_9.x86_64
openssh-7.4p1-23.el7_9.x86_64


 rpm -e --nodeps openssh-clients-7.4p1-23.el7_9.x86_64
 rpm -e --nodeps openssh-server-7.4p1-23.el7_9.x86_64
 rpm -e --nodeps openssh-7.4p1-23.el7_9.x86_64

2.7、修改文件权限

chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

2.8、编译ssh

tar -xf openssh-9.7p1.tar.gz
cd openssh-9.7p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssldir=/usr/ssl --without-hardening
make && make install

2.9修改配置文件

cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
vim /etc/ssh/sshd_config

PermitRootLogin yes
PubkeyAuthentication yes

2.10、开机启动

chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd

# ssh -V
OpenSSH_9.7p1, OpenSSL 1.1.1w  11 Sep 2023

2.11 创建密码 默认只有ed25519 ,没有rsa类型

 ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
 ssh-keygen -t rsa 显示未知类型
 
 解决办法
 [root@k8snode .ssh]# ll -a
total 24
drwx------.  2 root root   92 Aug  1 17:45 .
dr-xr-x---. 10 root root 4096 Aug  1 17:45 ..
-rw-r--r--   1 root root   75 Aug  1 17:45 config
-rw-------   1 root root  399 Aug  1 10:38 id_ed25519
-rw-r--r--   1 root root   94 Aug  1 10:38 id_ed25519.pub
-rw-------   1 root root 1679 Aug  1 10:37 id_rsa
-rw-r--r--   1 root root  394 Aug  1 10:37 id_rsa.pub
[root@k8snode .ssh]# pwd
/root/.ssh

 vim config
 #新增
Host *
    PubkeyAcceptedKeyTypes +ssh-rsa
    HostKeyAlgorithms +ssh-rsa

2.12 解决root不能直接登录问题

vim /etc/ssh/sshd_config

#PermitRootLogin prohibit-password
PermitRootLogin yes