CentOS7 升级OpenSSH9.0全过程和坑

[root@host-testsvc openssh-9.0p1]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

[root@host-testsvc data]# mkdir openssh

[root@host-testsvc data]# yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel

如果有时候没有联网的话，可以本地安装依赖：
去国内阿里镜像里找到对应的rpm包下载上传到服务器即可：阿里镜像https://developer.aliyun.com/packageSearch

[root@host-testsvc openssh]# rpm -qa pam-1.1.8-23.el7.x86_64
[root@host-testsvc openssh]# rpm -qa pam-devel
[root@host-testsvc openssh]# ls
pam-1.1.8-23.el7.x86_64.rpm        pam-devel-1.1.8-23.el7.x86_64.rpm  
[root@host-testsvc openssh]# rpm -ivh pam-1.1.8-23.el7.x86_64.rpm 
准备中...                          ################################# [100%]软件包 pam-1.1.8-23.el7.x86_64 已经安装
[root@host-testsvc openssh]# rpm -ivh pam-devel-1.1.8-23.el7.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...1:pam-devel-1.1.8-23.el7           ################################# [100%]
[root@host-testsvc openssh]# rpm -qa pam-devel
pam-devel-1.1.8-23.el7.x86_64
[root@host-testsvc openssh]# rpm -qa pam
pam-1.1.8-23.el7.x86_64

最后再检查一下依赖：

rpm -qa  wget gcc pam-devel libselinux-devel zlib-devel openssl-devel

[root@host-testsvc openssh]# rpm -qa  wget gcc pam-devel libselinux-devel zlib-devel openssl-devel
libselinux-devel-2.5-15.el7.x86_64
openssl-devel-1.0.2k-25.el7_9.x86_64
wget-1.14-18.el7_6.1.x86_64
pam-devel-1.1.8-23.el7.x86_64
zlib-devel-1.2.7-20.el7_9.x86_64
gcc-4.8.5-44.el7.x86_64

去openssh官网下载：pub-OpenBSD-OpenSSH-portable安装包下载_开源镜像站-阿里云

[root@host-testsvc data]# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
[root@host-testsvc openssh]# ls
openssh-9.0p1.tar.gz

[root@host-testsvc openssh]# tar -zxvf openssh-9.0p1.tar.gz 
openssh-9.0p1
openssh-9.0p1/.depend
openssh-9.0p1/.github
openssh-9.0p1/.github/ci-status.md
openssh-9.0p1/.github/configs
openssh-9.0p1/.github/configure.sh
openssh-9.0p1/.github/run_test.sh
openssh-9.0p1/.github/setup_ci.sh
openssh-9.0p1/.github/workflows
openssh-9.0p1/.github/workflows/c-cpp.yml
openssh-9.0p1/.github/workflows/selfhosted.yml
openssh-9.0p1/.github/workflows/upstream.yml
openssh-9.0p1/.gitignore
……中间省略一堆
openssh-9.0p1/ChangeLog
openssh-9.0p1/moduli.0
openssh-9.0p1/scp.0
openssh-9.0p1/ssh-add.0
openssh-9.0p1/ssh-agent.0
openssh-9.0p1/ssh-keygen.0
openssh-9.0p1/ssh-keyscan.0
openssh-9.0p1/ssh.0
openssh-9.0p1/sshd.0
openssh-9.0p1/sftp-server.0
openssh-9.0p1/sftp.0
openssh-9.0p1/ssh-keysign.0
openssh-9.0p1/ssh-pkcs11-helper.0
openssh-9.0p1/ssh-sk-helper.0
openssh-9.0p1/sshd_config.0
openssh-9.0p1/ssh_config.0
openssh-9.0p1/aclocal.m4
openssh-9.0p1/configure
openssh-9.0p1/config.h.in

[root@host-testsvc openssh]# cp /etc/ssh/sshd_config sshd_config.backup
[root@host-testsvc openssh]# cp /etc/pam.d/sshd sshd.backup
[root@host-testsvc openssh]# ls
openssh-9.0p1  openssh-9.0p1.tar.gz  pam-1.1.8-23.el7.x86_64.rpm  pam-devel-1.1.8-23.el7.x86_64.rpm  sshd.backup  sshd_config.backup

[root@host-testsvc openssh]# rpm -e --nodeps `rpm -qa | grep openssh`
警告：/etc/ssh/sshd_config 已另存为 /etc/ssh/sshd_config.rpmsave
[root@host-testsvc openssh]# rpm -qa  openssh
[root@host-testsvc openssh]# 

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening

OpenSSH as been configured with the following options:
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc/ssh
Askpass program: /usr/libexec/ssh-askpass
Manual pages: /usr/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: no
SELinux support: no
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number sou