#编译安装依赖性
yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel

cd /usr/local/src
wget -O openssh.tar.gz https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

#备份ssh配置文件
cp /etc/ssh/sshd_config sshd_config.backup
cp /etc/pam.d/sshd sshd.backup

#删除低版本ssh
rpm -e --nodeps `rpm -qa | grep openssh`

#install 
tar -zxvf openssh.tar.gz
cd openssh-9.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make && make install

#配置权限
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key

#cp 文件
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd

#还原
mv ../sshd.backup /etc/pam.d/sshd

chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
ssh -V

#clear 
rm -rf /usr/local/src/openssh*

#解决升级后jumpserver无法ssh
vim  /etc/ssh/sshd_config
PubkeyAcceptedKeyTypes  ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss

升级后ssh登陆不上去

 cat /etc/ssh/sshd_config ####UsePAM yes
vim  /etc/pam.d/sshd

#%PAM-1.0
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare