ps:使用openssl 源码编译的时候,必须使用动态库

# rpm -qa | grep openssh openssh
# rpm -qa | grep openssh openssl

卸载用rpm -e  如果出现依赖包导致无法卸载,在最后面加上–nodeps即可
# rpm -e openssl –nodeps

具体安装过程如下:   (本例服务器为CentOS 5.11)

1. 下载最新软件包源码
2. 使用YUM安装必要的软件开发包

# yum install -y zlib-devel pam-devel tcp_wrappers-devel

3. 安装openssl-fips,具体说明见  http://www.openssl.org/docs/fips ;
# tar zxpf openssl-fips-2.0.5.tar.gz
# cd openssl-fips
# ./config
# make && make install
4. 安装OpenSSL
# tar zxpf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config fips –shared
# make && make install 
5. 将新编译的openssl library 加入系统动态库链接中
# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
# ldconfig
6. 安装OpenSSH
# tar zxpf openssh-6.6p1.tar.gz
# cd openssh-6.6p1
# ./configure \
  –prefix=/usr \
  –sysconfdir=/etc/ssh \
  –with-md5-passwords \
  –with-pam \
  –with-tcp-wrappers \
# make && make install

# ssh -V

# cp -p contrib/redhat/sshd.init /etc/init.d/sshd    (此处的contrib路径为解压后的OpenSSH包路径)
# chmod u+x /etc/init.d/sshd                             (加执行权限)
# chkconfig –add sshd                                      (增加sshd服务)
# chkconfig sshd on                                          (把sshd加入启动项)
# yum install openssh                                          (安装OpenSSH客户端)
# vim /etc/ssh/sshd_config
PermitRootLogin yes                #允许root账户登录,单root账户必须加上,其他的参数请自行修改

# /etc/init.d/sshd start
ssh-keygen: illegal option — A

Usage: ssh-keygen [options]


-a trials   Number of trials for screening DH-GEX moduli.

-B          Show bubblebabble digest of key file.

-b bits     Number of bits in the key to create.

-C comment  Provide new comment.

-c          Change comment in private and public key files.

-e          Convert OpenSSH to IETF SECSH key file.

-F hostname Find hostname in known hosts file.

-f filename Filename of the key file.

-G file     Generate candidates for DH-GEX moduli.

-g          Use generic DNS resource record format.

-H          Hash names in known_hosts file.

-i          Convert IETF SECSH to OpenSSH key file.

-l          Show fingerprint of key file.

-M memory   Amount of memory (MB) to use for generating DH-GEX moduli.

-N phrase   Provide new passphrase.

-P phrase   Provide old passphrase.

-p          Change passphrase of private key file.

-q          Quiet.

-R hostname Remove host from known_hosts file.

-r hostname Print DNS resource record.

-S start    Start point (hex) for generating DH-GEX moduli.

-T file     Screen candidates for DH-GEX moduli.

-t type     Specify type of key to create.

-v          Verbose.

-W gen      Generator to use for generating DH-GEX moduli.

-y          Read private key file and print public key.

Starting sshd:                                             [  OK  ]

❤ 喜欢 0


  1. Thank you for every other fantastic post. The place else could anybody get that type of
    info in such a perfect method of writing? I’ve a presentation subsequent week,
    and I am on the search for such info.



归档于 Cent OS