OS

2024.07.02 16:36

[Rocky8] OpenSSL 3.0.11 & OpenSSH 9.3p2

  • 비아웹 오래 전 2024.07.02 16:36 인기
  • 1,956
    0

※ 설치환경

- OS : Rocky Linux release 8.10 (Green Obsidian)

- Kernel : 4.18.0-553.el8_10.x86_64

 

[OpenSSL 3.0.11 설치]

1. 설치된 openssl 삭제

 

[root@localhost ~]# openssl version

OpenSSL 1.1.1k  FIPS 25 Mar 2021


[root@localhost ~]# dnf -y remove openssl


 

[root@localhost ~]# openssl version

-bash: /usr/bin/openssl: No such file or directory

 

2. 컴파일 패키지 및 의존성 설치 

[root@localhost ~]# dnf -y install gcc gcc-c++ perl-IPC-Cmd  perl-Pod-Html


 

 

# Version 3.1.x

wget https://www.openssl.org/source/openssl-3.1.3.tar.gz


# Version 3.0.x

wget https://www.openssl.org/source/openssl-3.0.11.tar.gz

 

3. openssl 컴파일

[root@localhost ~]# cd /opt


[root@localhost ~]# wget https://www.openssl.org/source/openssl-3.0.11.tar.gz


[root@localhost ~]# tar xzf openssl-3.0.11.tar.gz


[root@localhost ~]# cd openssl-3.0.11


[root@localhost ~]# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl

 

 

[root@localhost ~]# make -j $(nproc)


[root@localhost ~]# make install


[root@localhost ~]# ldconfig 


[root@localhost ~]# sudo tee /etc/profile.d/openssl.sh<<EOF

export PATH=/usr/local/openssl/bin:\$PATH

export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH

EOF


[root@localhost ~]# source /etc/profile.d/openssl.sh


[root@localhost ~]# openssl version

 

- OpenSSL에 의존하는 패키지 설치 테스트

[root@localhost ~]# dnf install policycoreutils-python-utils


[root@localhost ~]# cp /usr/local/openssl/lib64/libcrypto.so.3 /lib64/

 

[OpenSSH 9.3.p2 설치]

 

1. 의존성 설치 

 

[root@localhost ~]# dnf -y install zlib-devel pam-devel

[root@localhost ~]# cd /opt

[root@localhost ~]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz

[root@localhost ~]# tar xzf openssh-9.3p2.tar.gz

[root@localhost ~]# cd openssh-9.3p2

 

2. openssh 컴파일

[root@localhost ~]# ./configure \

--prefix=/usr/local/openssh \

--with-ssl-dir=/usr/local/openssl \

--with-privsep-user=sshd \

--with-zlib \

--with-pam \

--with-md5-passwords


[root@localhost ~]# make && make install 

 

3. 버전 확인

[root@localhost ~]# /usr/local/openssh/bin/ssh -V

 

 

4. 설정 디렉토리 심볼릭 링크 설정

 

◎ 심볼릭 링크 설정 전 /usr/bin 아래 ssh 관련 파일들 파일명 변경 후 적용 필요


    /usr/sbin/sshd

    /usr/bin/ssh

    /usr/bin/ssh-add

    /usr/bin/ssh-agent

    /usr/bin/ssh-keygen

    /usr/bin/ssh-keyscan

    /usr/bin/scp

    /usr/bin/sftp


[root@localhost ~]# ln -s /usr/local/openssh/bin/* /usr/bin

[root@localhost ~]# ln -s /usr/local/openssh/libexec/* /usr/sbin

[root@localhost ~]# ln -s /usr/local/openssh/sbin/* /usr/sbin

※ 기존 /etc/ssh/sshd_config등 ssh 관련 설정 파일들은 백업 권장  sshd 설정파일 경로는 /usr/local/openssh/etc/  

 

5. systemd 등록 및 자동시작 설정

[root@localhost ~]# vi /etc/systemd/system/sshd.service 

# 아래 내용 복사 후 저장 

 

[Unit]

Description=OpenSSH server daemon fix

#Documentation=man:sshd(8) man:sshd_config(5)

#After=network.target sshd-keygen.service

Wants=sshd-keygen.service

[Service]

#Type=notify

#EnvironmentFile=/etc/sysconfig/sshd

#ExecStart=/usr/sbin/sshd -D

ExecStart=/usr/local/openssh/sbin/sshd

#ExecReload=/bin/kill -HUP

#KillMode=process

Restart=on-failure

RestartSec=10s

[Install]

WantedBy=multi-user.target


[root@localhost ~]# systemctl daemon-reload

[root@localhost ~]# systemctl enable sshd

[root@localhost ~]# systemctl start sshd

 

6. 기존 SSH 제거

 

[root@localhost ~]# rpm -qa | grep openssh

 

[root@localhost ~]# rpm -e --nodeps openssh openssh-clients openssh-server



 

  • 공유링크 복사