#下载安装包到指定目录
wget -P /tmp https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz
wget -P /tmp https://www.openssl.org/source/openssl-1.1.1t.tar.gz
wget -P /tmp http://www.zlib.net/zlib-1.2.13.tar.gz

#安装zlib/openssl/openssh
cd /tmp
tar -zxvf zlib-1.2.13.tar.gz      
tar -zxvf openssl-1.1.1t.tar.gz 
tar -zxvf openssh-9.3p1.tar.gz 
#安装telnet
yum install telnet telnet-server xinetd wget -y
rpm -ivh telnet-0.17-47.el6_3.1.x86_64.rpm telnet-server-0.17-47.el6_3.1.x86_64.rpm xinetd-2.3.14-39.el6_4.x86_64.rpm
sed -i '/disable/{s/yes/no/g;}' /etc/xinetd.d/telnet
echo pts/0 >> /etc/securetty
echo pts/1 >> /etc/securetty
echo pts/2 >> /etc/securetty
echo pts/3 >> /etc/securetty
echo pts/4 >> /etc/securetty
echo pts/5 >> /etc/securetty
echo pts/6 >> /etc/securetty
service xinetd start
chkconfig xinetd on

#检查是否有依赖包，有输出对应包名字则有安装
rpm -qa | grep gcc
rpm -qa | grep pam-devel
rpm -qa | grep zlib-devel

#在线环境安装依赖包
yum install gcc pam-devel zlib-devel -y



#升级zlib
cd /tmp/zlib-1.2.13/
./configure --prefix=/usr
make
rpm -e --nodeps zlib
make install
echo '/usr/lib' >> /etc/ld.so.conf
ldconfig
yum list

#升级openssl
cd /tmp/openssl-1.1.1t/
cp -r /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old  
cp -r /usr/bin/openssl /usr/bin/openssl.old
cp -r /usr/lib64/openssl /usr/lib64/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
./config --prefix=/usr -d shared
make

rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}

make install
openssl version

#升级openssh
cd /tmp/openssh-9.3p1/

cp -a /etc/ssh/sshd_config /etc/sshd_config.bak
cp -a /etc/pam.d/sshd /etc/pam.d/sshd.bak

install  -v -m700 -d /var/lib/sshd &&
chown    -v root:sys /var/lib/sshd &&
groupadd -g 50 sshd        &&
useradd  -c 'sshd PrivSep' \
         -d /var/lib/sshd  \
         -g sshd           \
         -s /bin/false     \
         -u 50 sshd

./configure --prefix=/usr                     \
            --sysconfdir=/etc/ssh             \
            --with-md5-passwords              \
            --with-privsep-path=/var/lib/sshd &&
make

rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

make install &&
install -v -m755    contrib/ssh-copy-id /usr/bin     &&
install -v -m644    contrib/ssh-copy-id.1 \
                    /usr/share/man/man1              &&
install -v -m755 -d /usr/share/doc/openssh-9.3p1     &&
install -v -m644    INSTALL LICENCE OVERVIEW README* \
                    /usr/share/doc/openssh-9.3p1

#若ssh端口有修改的需要修改ssh配置文件端口再执行下面命令

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo 'KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org' >> /etc/ssh/sshd_config
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig  --add  sshd
chkconfig  sshd  on
chkconfig  --list  sshd
systemctl start sshd
service sshd start
systemctl restart sshd
service sshd restart
systemctl enable sshd

#关闭telnet
sed -i '/disable/{s/no/yes/g;}' /etc/xinetd.d/telnet
service xinetd stop
chkconfig xinetd off

# 开机自启
/usr/sbin/sshd # 无法通过systemctl控制则手动启动，/usr/sbin/sshd restart重启
vim /etc/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
After=network.target

[Service]
ExecStart=/usr/sbin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target