1）查看现有版本和算法

ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

sshd -T | grep ciphers

ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

2）配置telnet服务，防止ssh升级失败无法连接

yum install xinetd telnet-server -y

配置telnet登录的终端类型，在/etc/securetty文件末尾增加一些pts终端，如下

pts/0

pts/1

pts/2

pts/3

3）启动服务

systemctl start xinetd

systemctl start telnet.socket

4）测试telnet连接

5）安装依赖包

yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam* zlib*

6）下载安装包

openssl

https://ftp.openssl.org/source/

openssh

https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

mkdir /data/tools

cd /data/tools/

wget https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2r.tar.gz

wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

7）升级OpenSSL

备份下面2个文件或目录（如果存在的话就执行）

mv /usr/bin/openssl /usr/bin/openssl_bak

mv /usr/include/openssl /usr/include/openssl_bak

tar xf openssl-1.0.2r.tar.gz

cd openssl-1.0.2r

./config shared && make && make install

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/include/openssl /usr/include/openssl

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

/sbin/ldconfig

openssl version

8）升级openssh

mkdir /tmp/ssh

mv /etc/ssh/* /tmp/ssh/

tar xf openssh-8.0p1.tar.gz

cd openssh-8.0p1

./configure--prefix=/usr/--sysconfdir=/etc/ssh--with-openssl-includes=/usr/local/ssl/include\

 --with-ssl-dir=/usr/local/ssl--with-zlib   --with-md5-passwords   --with-pam  && make&& makeinstall

修改配置文件最终为如下内容，其他的不要动

[root@linux-node3 ~]# grep "^PermitRootLogin"  /etc/ssh/sshd_config

PermitRootLogin yes

[root@linux-node3 ~]# grep  "UseDNS"  /etc/ssh/sshd_config

UseDNS no

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd

chkconfig --add sshd

systemctl enable sshd

chkconfig sshd on

mv /usr/lib/systemd/system/sshd.service /tmp/

/etc/init.d/sshd restart

9）关闭telnet

systemctl stop xinetd.service

systemctl stop telnet.socket

10）查看加密算法

sshd -T | grep ciphers

ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com