ps:使用openssl 源码编译的时候,必须使用动态库

# rpm -qa | grep openssh openssh
# rpm -qa | grep openssh openssl

卸载用rpm -e  如果出现依赖包导致无法卸载,在最后面加上–nodeps即可
# rpm -e openssl –nodeps

具体安装过程如下:   (本例服务器为CentOS 5.11)

1. 下载最新软件包源码
2. 使用YUM安装必要的软件开发包

# yum install -y zlib-devel pam-devel tcp_wrappers-devel

3. 安装openssl-fips,具体说明见  http://www.openssl.org/docs/fips ;
# tar zxpf openssl-fips-2.0.5.tar.gz
# cd openssl-fips
# ./config
# make && make install
4. 安装OpenSSL
# tar zxpf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config fips –shared
# make && make install 
5. 将新编译的openssl library 加入系统动态库链接中
# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
# ldconfig
6. 安装OpenSSH
# tar zxpf openssh-6.6p1.tar.gz
# cd openssh-6.6p1
# ./configure \
  –prefix=/usr \
  –sysconfdir=/etc/ssh \
  –with-md5-passwords \
  –with-pam \
  –with-tcp-wrappers \
# make && make install

# ssh -V

# cp -p contrib/redhat/sshd.init /etc/init.d/sshd    (此处的contrib路径为解压后的OpenSSH包路径)
# chmod u+x /etc/init.d/sshd                             (加执行权限)
# chkconfig –add sshd                                      (增加sshd服务)
# chkconfig sshd on                                          (把sshd加入启动项)
# yum install openssh                                          (安装OpenSSH客户端)
# vim /etc/ssh/sshd_config
PermitRootLogin yes                #允许root账户登录,单root账户必须加上,其他的参数请自行修改

# /etc/init.d/sshd start
ssh-keygen: illegal option — A

Usage: ssh-keygen [options]


-a trials   Number of trials for screening DH-GEX moduli.

-B          Show bubblebabble digest of key file.

-b bits     Number of bits in the key to create.

-C comment  Provide new comment.

-c          Change comment in private and public key files.

-e          Convert OpenSSH to IETF SECSH key file.

-F hostname Find hostname in known hosts file.

-f filename Filename of the key file.

-G file     Generate candidates for DH-GEX moduli.

-g          Use generic DNS resource record format.

-H          Hash names in known_hosts file.

-i          Convert IETF SECSH to OpenSSH key file.

-l          Show fingerprint of key file.

-M memory   Amount of memory (MB) to use for generating DH-GEX moduli.

-N phrase   Provide new passphrase.

-P phrase   Provide old passphrase.

-p          Change passphrase of private key file.

-q          Quiet.

-R hostname Remove host from known_hosts file.

-r hostname Print DNS resource record.

-S start    Start point (hex) for generating DH-GEX moduli.

-T file     Screen candidates for DH-GEX moduli.

-t type     Specify type of key to create.

-v          Verbose.

-W gen      Generator to use for generating DH-GEX moduli.

-y          Read private key file and print public key.

Starting sshd:                                             [  OK  ]

❤ 喜欢 0


  1. What’s up, just wanted to say, I enjoyed this post. It was
    helpful. Keep on posting!

  2. I really like what you guys are up too. This sort of clever work and exposure!

    Keep up the awesome works guys I’ve added you guys to our blogroll.

  3. Thanks , I’ve recently been looking for info about this subject for
    ages and yours is the greatest I have found out so far. However,
    what concerning the conclusion? Are you positive about the source?

  4. Thank you for every other fantastic post. The place else could anybody get that type of
    info in such a perfect method of writing? I’ve a presentation subsequent week,
    and I am on the search for such info.



归档于 Cent OS