suse 12 升级 OpenSSH-7.2p2 到 OpenSSH-8.4p1

linux-oz6w:~ # openssl version
OpenSSL 1.0.2j-fips  26 Sep 2016
linux-oz6w:~ # ssh -V
OpenSSH_7.2p2, OpenSSL 1.0.2j-fips  26 Sep 2016

linux-oz6w:~ # cat /etc/os-release
NAME="SLES"
VERSION="12-SP3"
VERSION_ID="12.3"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp3"

linux-oz6w:~ # ll /etc/xinetd.d/telnet
-rw-r--r-- 1 root root 408 Sep 21  2014 /etc/xinetd.d/telnet
linux-oz6w:~ # vim /etc/xinetd.d/telnet
# default: off
# description: Telnet is the old login server which is INSECURE and should \
#       therefore not be used. Use secure shell (openssh).
#       If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
#       uplink), add "-n".  See 'man telnetd' for more details.
service telnet
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
}
"去掉telnet文件里面的disable=yes，这样telnet就会随着xinetd的启动而启动"

linux-oz6w:~ # cat >> /etc/securetty <<EOF
pts/0
pts/1
pts/2
pts/3
EOF

linux-oz6w:~ # systemctl enable xinetd.service
linux-oz6w:~ # systemctl restart xinetd.service
linux-oz6w:~ # ss -nltp | grep 23
LISTEN     0      64           *:23                       *:*                   users:(("xinetd",pid=2597,fd=5))

linux-oz6w:~ # zypper in gcc gcc-c++ glibc make autoconf openssl openssl-devel
linux-oz6w:~ # wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz
linux-oz6w:~ # wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
linux-oz6w:~ # tar xf openssl-1.1.1i.tar.gz
linux-oz6w:~ # tar xf openssh-8.4p1.tar.gz

"备份老版本的openssl"
linux-oz6w:~ # mv /usr/bin/openssl{,-1.0.2j-fips}
linux-oz6w:~ # mv /usr/include/openssl{,-1.0.2j-fips}

linux-oz6w:~ # cd openssl-1.1.1i/
linux-oz6w:~/openssl-1.1.1i # ./config shared && make && make install

"编译完成后，建立软连接，更新openssl版本"
linux-oz6w:~ # ln -s /usr/local/bin/openssl /usr/bin/openssl
linux-oz6w:~ # ln -s /usr/local/include/openssl/ /usr/include/openssl
linux-oz6w:~ # echo "/usr/local/lib64" >> /etc/ld.so.conf
linux-oz6w:~ # /sbin/ldconfig
linux-oz6w:~ # openssl version
OpenSSL 1.1.1i  8 Dec 2020

"备份老版本ssh"
linux-oz6w:~ # mv /etc/ssh{,-7.2p2}

linux-oz6w:~ # cd openssh-8.4p1/
linux-oz6w:~/openssh-8.4p1 # ./configure --prefix=/usr/local/openssh \
--sysconfdir=/etc/ssh \
--with-openssl-includes=/usr/local/include \
--with-ssl-dir=/usr/local/lib64 \
--with-zlib \
--with-md5-passwords && \
make && \
make install

linux-oz6w:~ # sed -i 's/^#UseDNS.*/UseDNS no/' /etc/ssh/sshd_config
linux-oz6w:~ # sed -i 's/^#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
linux-oz6w:~ # sed -i 's/^#PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
linux-oz6w:~ # sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config

"如果是图形化界面，需要x11，需要修改如下配置"
linux-oz6w:~ # sed -i 's/^#X11Forwarding.*/X11Forwarding yes/' /etc/ssh/sshd_config
linux-oz6w:~ # sed -i 's/^#X11UseLocalhost.*/X11UseLocalhost no/' /etc/ssh/sshd_config
linux-oz6w:~ # sed -i 's%^#XAuthLocation.*%XAuthLocation /usr/bin/xauth%' /etc/ssh/sshd_config

"建立软连接，更新ssh版本"
linux-oz6w:~ # mv /usr/sbin/sshd{,-7.2p2}
linux-oz6w:~ # mv /usr/bin/ssh{,-7.2p2}
linux-oz6w:~ # mv /usr/bin/ssh-keygen{,-7.2p2}
linux-oz6w:~ # ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
linux-oz6w:~ # ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
linux-oz6w:~ # ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

linux-oz6w:~ # mv /usr/lib/systemd/system/sshd.service{,-7.2p2}
linux-oz6w:~ # cp -a openssh-8.4p1/contrib/suse/rc.sshd /etc/init.d/sshd
linux-oz6w:~ # chmod +x /etc/init.d/sshd
linux-oz6w:~ # chkconfig --add sshd
linux-oz6w:~ # systemctl enable sshd --now

linux-oz6w:~ # ssh root@192.168.145.133
linux-oz6w:~ # ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1i  8 Dec 2020
linux-oz6w:~ # systemctl disable xinetd.service --now