※ 설치환경

- OS : Rocky Linux release 8.10 (Green Obsidian)

- Kernel : 4.18.0-553.el8_10.x86_64

[OpenSSL 3.0.11 설치]

1. 설치된 openssl 삭제

[root@localhost ~]# openssl version

OpenSSL 1.1.1k  FIPS 25 Mar 2021

[root@localhost ~]# dnf -y remove openssl

[root@localhost ~]# openssl version

-bash: /usr/bin/openssl: No such file or directory

2. 컴파일 패키지 및 의존성 설치 

[root@localhost ~]# dnf -y install gcc gcc-c++ perl-IPC-Cmd  perl-Pod-Html

# Version 3.1.x

wget https://www.openssl.org/source/openssl-3.1.3.tar.gz

# Version 3.0.x

wget https://www.openssl.org/source/openssl-3.0.11.tar.gz

3. openssl 컴파일

[root@localhost ~]# cd /opt

[root@localhost ~]# wget https://www.openssl.org/source/openssl-3.0.11.tar.gz

[root@localhost ~]# tar xzf openssl-3.0.11.tar.gz

[root@localhost ~]# cd openssl-3.0.11

[root@localhost ~]# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl

[root@localhost ~]# make -j $(nproc)

[root@localhost ~]# make install

[root@localhost ~]# ldconfig 

[root@localhost ~]# sudo tee /etc/profile.d/openssl.sh<<EOF

export PATH=/usr/local/openssl/bin:\$PATH

export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH

EOF

[root@localhost ~]# source /etc/profile.d/openssl.sh

[root@localhost ~]# openssl version

- OpenSSL에 의존하는 패키지 설치 테스트

[root@localhost ~]# dnf install policycoreutils-python-utils

[root@localhost ~]# cp /usr/local/openssl/lib64/libcrypto.so.3 /lib64/

[OpenSSH 9.3.p2 설치]

1. 의존성 설치 

[root@localhost ~]# dnf -y install zlib-devel pam-devel

[root@localhost ~]# cd /opt

[root@localhost ~]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz

[root@localhost ~]# tar xzf openssh-9.3p2.tar.gz

[root@localhost ~]# cd openssh-9.3p2

2. openssh 컴파일

[root@localhost ~]# ./configure \

--prefix=/usr/local/openssh \

--with-ssl-dir=/usr/local/openssl \

--with-privsep-user=sshd \

--with-zlib \

--with-pam \

--with-md5-passwords

[root@localhost ~]# make && make install 

3. 버전 확인

[root@localhost ~]# /usr/local/openssh/bin/ssh -V

4. 설정 디렉토리 심볼릭 링크 설정

◎ 심볼릭 링크 설정 전 /usr/bin 아래 ssh 관련 파일들 파일명 변경 후 적용 필요

    /usr/sbin/sshd

    /usr/bin/ssh

    /usr/bin/ssh-add

    /usr/bin/ssh-agent

    /usr/bin/ssh-keygen

    /usr/bin/ssh-keyscan

    /usr/bin/scp

    /usr/bin/sftp

[root@localhost ~]# ln -s /usr/local/openssh/bin/* /usr/bin

[root@localhost ~]# ln -s /usr/local/openssh/libexec/* /usr/sbin

[root@localhost ~]# ln -s /usr/local/openssh/sbin/* /usr/sbin

※ 기존 /etc/ssh/sshd_config등 ssh 관련 설정 파일들은 백업 권장  sshd 설정파일 경로는 /usr/local/openssh/etc/  

5. systemd 등록 및 자동시작 설정

[root@localhost ~]# vi /etc/systemd/system/sshd.service 

# 아래 내용 복사 후 저장 

[Unit]

Description=OpenSSH server daemon fix

#Documentation=man:sshd(8) man:sshd_config(5)

#After=network.target sshd-keygen.service

Wants=sshd-keygen.service

[Service]

#Type=notify

#EnvironmentFile=/etc/sysconfig/sshd

#ExecStart=/usr/sbin/sshd -D

ExecStart=/usr/local/openssh/sbin/sshd

#ExecReload=/bin/kill -HUP

#KillMode=process

Restart=on-failure

RestartSec=10s

[Install]

WantedBy=multi-user.target

[root@localhost ~]# systemctl daemon-reload

[root@localhost ~]# systemctl enable sshd

[root@localhost ~]# systemctl start sshd

6. 기존 SSH 제거

[root@localhost ~]# rpm -qa | grep openssh

[root@localhost ~]# rpm -e --nodeps openssh openssh-clients openssh-server