源码包

不带 openssl

编译 openssh

  • 下载 openssh 源码包,解压

    1
    2
    3
    4
    
    curl -LO https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
    tar zxf openssh-9.8p1.tar.gz
    cd openssh-9.8p1/
    # 版本信息在 version.h
    
  • 编译安装 openssl

    1
    2
    3
    4
    
    mkdir /opt/openssh
    ./configure --prefix=/opt/openssh --without-openssl
    make
    make install
    
  • 编辑 /opt/openssh/etc/sshd_config,修改常用配置

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    # 避免与系统自带的 sshd 端口冲突
    Port 22222
    
    # 允许 root 用户登录,允许私钥认证,允许密码认证
    PermitRootLogin yes
    PubkeyAuthentication yes
    PasswordAuthentication yes
    
    # 开启 ssh 转发
    AllowTcpForwarding yes
    GatewayPorts yes
    
    # ssh 保活
    TCPKeepAlive yes
    ClientAliveInterval 60
    ClientAliveCountMax 3
    
    # 禁用 dns 解析
    UseDNS no
    
    # 避免与系统自带的 sshd pid 文件冲突
    PidFile /var/run/openssh.pid
    

启动 openssh

  • 创建 /etc/systemd/system/openssh.service,内容如下

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    
    [Unit]
    Description=OpenSSH server daemon
    After=network.target sshd-keygen.service
    Wants=sshd-keygen.service
    
    [Service]
    Type=simple
    ExecStart=/opt/openssh/sbin/sshd -D
    KillMode=process
    Restart=on-failure
    RestartSec=42s
    
    [Install]
    WantedBy=multi-user.target
    
  • 启动 openssh,并设置开机自动启动

    1
    2
    3
    
    systemctl daemon-reload
    systemctl start openssh
    systemctl enable openssh
    

带 openssl

编译 openssl

  • 下载 openssl 源码包,解压

    1
    2
    3
    
    curl -LO https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
    tar zxf openssl-1.1.1w.tar.gz
    cd openssl-1.1.1w
    
  • 编译安装 openssl

    1
    2
    3
    4
    
    mkdir /opt/openssl
    ./configure --prefix=/opt/openssl 
    make
    make install
    

编译 openssh

  • 下载 openssh 源码包,解压,同上

  • 编译安装 openssh

    1
    2
    3
    4
    5
    6
    
    mkdir /opt/openssh
    export PATH=/opt/openssl/bin:$PATH
    export LD_LIBRARY_PATH=/opt/openssl/lib
    ./configure --prefix=/opt/openssh --with-ssl-dir=/opt/openssl
    make
    make install
    
  • 编辑 /opt/openssh/etc/sshd_config,修改常用配置

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    # 避免与系统自带的 sshd 端口冲突
    Port 22222
    
    # 允许 root 用户登录,允许私钥认证,允许密码认证
    PermitRootLogin yes
    PubkeyAuthentication yes
    PasswordAuthentication yes
    
    # 开启 ssh 转发
    AllowTcpForwarding yes
    GatewayPorts yes
    
    # ssh 保活
    TCPKeepAlive yes
    ClientAliveInterval 60
    ClientAliveCountMax 3
    
    # 禁用 dns 解析
    UseDNS no
    
    # 避免与系统自带的 sshd pid 文件冲突
    PidFile /var/run/openssh.pid
    

启动 openssh

  • 创建 /etc/systemd/system/openssh.service,内容如下

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    
    [Unit]
    Description=OpenSSH server daemon
    After=network.target sshd-keygen.service
    Wants=sshd-keygen.service
    
    [Service]
    Type=simple
    Environment=LD_LIBRARY_PATH=/opt/openssl/lib
    ExecStart=/opt/openssh/sbin/sshd -D
    KillMode=process
    Restart=on-failure
    RestartSec=42s
    
    [Install]
    WantedBy=multi-user.target
    
  • 启动 openssh,并设置开机自动启动

    1
    2
    3
    
    systemctl daemon-reload
    systemctl start openssh
    systemctl enable openssh