适用系统:CentOS 7 / 8 / Alibaba Cloud Linux / 火山引擎 Linux / RHEL

一、安装依赖(必须执行)

yum install -y gcc gcc-c++ make zlib-devel openssl-devel pam-devel

二、下载并解压 OpenSSH 10.3p1

cd /usr/local/src
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
tar -zxvf openssh-10.3p1.tar.gz
cd openssh-10.3p1

三、编译配置

./configure --prefix=/usr/local/openssh103 \
--sysconfdir=/etc/ssh \
--with-pam \
--with-ssl-dir=/usr/include/openssl \
--with-zlib \
--with-md5-passwords

四、编译安装

make -j4
make install

五、覆盖旧版本(关键)

\cp -f /usr/local/openssh103/bin/ssh /usr/bin/ssh
\cp -f /usr/local/openssh103/sbin/sshd /usr/sbin/sshd
\cp -f /usr/local/openssh103/bin/ssh-keygen /usr/bin/ssh-keygen

六、修复权限

chmod 600 /etc/ssh/ssh_host_*key
chmod 755 /usr/sbin/sshd

七、重启 SSH 服务(不中断当前连接)

systemctl restart sshd

八、验证升级结果

ssh -V

成功显示:

OpenSSH_10.3p1, OpenSSL 1.1.1w  16 Nov 2023

九、SSH 安全加固(可选)

sed -i 's/#PermitRootLogin yes/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sed -i 's/#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
systemctl restart sshd