1)备份旧 SSH 相关目录
[root@k8s-master02 ~]# mv /etc/ssh /etc/ssh-$(date +%F) [root@k8s-master02 ~]# cp /etc/pam.d/system-auth /etc/pam.d/system-auth-$(date +%F) [root@k8s-master02 ~]# cp /etc/pam.d/sshd /etc/pam.d/sshd-$(date +%F)
2)删除旧 SSH 软件包
[root@k8s-master02 ~]# rpm -qa | grep openssh > openssh.txt [root@k8s-master02 ~]# for i in $(cat openssh.txt);do rpm -e $i --nodeps;done
3)下载 SSH 软件包,并进行安装
[root@k8s-master02 ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz [root@k8s-master02 ~]# tar xf openssh-9.0p1.tar.gz [root@k8s-master02 ~]# cd openssh-9.0p1/ [root@k8s-master02 openssh-9.0p1]# yum -y install gcc* cmake [root@k8s-master02 openssh-9.0p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh && make && make install [root@k8s-master02 openssh-9.0p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd [root@k8s-master02 openssh-9.0p1]# chkconfig --add sshd [root@k8s-master02 openssh-9.0p1]# chkconfig sshd on [root@k8s-master02 openssh-9.0p1]# systemctl restart sshd
4)验证
[root@k8s-master02 ~]# ssh -Version OpenSSH_9.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
可以看到,上面图中,我们在远程验证时,输出:WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 信息。原因是因为我这里使用过旧版本的 SSH 远程到目标主机过,当远程时,SSH 便会将远程主机的 public key 记录到 known_hosts 文件中。
当再进行远程时,SSH 将会根据 known_hosts 文件来验证远程主机的公钥。如若不匹配,SSH 便会输出警告信息。而我们上面刚好在远程主机上升级过 SSH,所以便导致 public key 发生改变。不过,我们只需要将 known_hosts 文件,重新远程即可。
[root@k8s-master01 ~]# rm -rf ~/.ssh/known_hosts
