鲲鹏 ARM EulerOS 离线升级 OpenSSH10.3p1+OpenSSL3.0.19 极简教程
说明
- OpenSSL3.4.0 在鲲鹏 ARM 架构编译异常、库缺失、漏洞多,改用稳定 LTS 版 3.0.19;
- 分为 云机在线编译打包 、内网离线一键部署两部分;
- ARM 平台默认库目录 lib,不再使用 lib64,彻底解决 libssl.so.3 找不到报错。
一、华为云鲲鹏在线编译(外网可联网)
1. 安装依赖
bash
运行
dnf groupinstall -y "Development Tools"
dnf install -y zlib-devel pam-devel krb5-devel perl-devel libtool gcc gcc-c++ make wget
2. 清理旧文件
bash
运行
rm -rf /usr/local/openssl30 /usr/local/openssh103
cd /usr/local/src
rm -rf openssl-3.0.19* openssh-10.3p1*
mkdir -p /usr/local/src && cd /usr/local/src
3. 下载源码
bash
运行
wget -c --no-check-certificate https://mirror.ustc.edu.cn/openssl/source/old/3.0/openssl-3.0.19.tar.gz
wget -c --no-check-certificate https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.3p1.tar.gz
4. 编译 OpenSSL3.0.19
bash
运行
tar -zxvf openssl-3.0.19.tar.gz
cd openssl-3.0.19
./Configure linux-aarch64 shared zlib -fPIC --prefix=/usr/local/openssl30
make -j$(nproc)
make install_sw install_ssldirs
echo "/usr/local/openssl30/lib" > /etc/ld.so.conf.d/openssl30.conf
ldconfig
ln -sf /usr/local/openssl30/bin/openssl /usr/local/bin/openssl
openssl version
5. 编译 OpenSSH10.3p1
bash
运行
cd /usr/local/src
tar -zxvf openssh-10.3p1.tar.gz
cd openssh-10.3p1
./configure \
--prefix=/usr/local/openssh103 \
--sysconfdir=/etc/ssh \
--with-pam \
--with-ssl-dir=/usr/local/openssl30 \
--with-zlib
make -j$(nproc)
make install
6. 打包离线包
bash
运行
tar -zcvf ssh_ssl_10.3p1_3.0.19_aarch64.tar.gz /usr/local/openssl30 /usr/local/openssh103 /etc/ld.so.conf.d/openssl30.conf
二、内网离线服务器部署
上传离线包 ssh_ssl_10.3p1_3.0.19_aarch64.tar.gz 到服务器,执行:
bash
运行
# 1. 解压到根目录
tar -zxvf ssh_ssl_10.3p1_3.0.19_aarch64.tar.gz -C /
# 2. 刷新动态库
ldconfig
ln -sf /usr/local/openssl30/bin/openssl /usr/local/bin/openssl
# 3. 替换ssh并备份旧程序
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
ln -sf /usr/local/openssh103/bin/ssh /usr/bin/ssh
ln -sf /usr/local/openssh103/sbin/sshd /usr/sbin/sshd
# 4. 修复配置、重启ssh
cp -r /etc/ssh /etc/ssh.bak.$(date +%Y%m%d)
sed -i 's/^GSSAPIKexAlgorithms/#GSSAPIKexAlgorithms/' /etc/ssh/sshd_config
systemctl daemon-reload
systemctl restart sshd
三、验证是否升级成功
bash
运行
# 查看openssl版本
openssl version
# 查看ssh版本(附带绑定的openssl)
sshd -V
# 测试登录
ssh 127.0.0.1
四、完整脚本文件
1. 云编译打包脚本 build_compile.sh
bash
运行
#!/bin/bash
# set -e
# 统一目录定义
OPENSSL_DIR="/usr/local/openssl30"
OPENSSH_DIR="/usr/local/openssh103"
# 库目录改为lib,适配aarch64默认安装路径
OPENSSL_LIB="${OPENSSL_DIR}/lib"
LD_CONF="/etc/ld.so.conf.d/openssl30.conf"
SRC_PATH="/usr/local/src"
PACKAGE="ssh_ssl_10.3p1_3.0.19_aarch64.tar.gz"
# 全局预加载库路径
export LD_LIBRARY_PATH=${OPENSSL_LIB}:$LD_LIBRARY_PATH
echo "==================== 3. 编译安装 OpenSSL 3.0.19 ===================="
cd ${SRC_PATH}
rm -rf openssl-3.0.19
tar -zxvf openssl-3.0.19.tar.gz
cd openssl-3.0.19
# aarch64编译,不强制lib64,使用默认lib
./Configure linux-aarch64 shared zlib -fPIC --prefix=${OPENSSL_DIR}
make -j$(nproc)
make install_sw install_ssldirs
# 校验动态库
if [ ! -f "${OPENSSL_LIB}/libssl.so.3" ];then
echo "【严重错误】未找到 libssl.so.3,编译失败!"
exit 1
fi
echo "动态库校验通过:${OPENSSL_LIB}/libssl.so.3"
# 写入动态库配置
echo "${OPENSSL_LIB}" > ${LD_CONF}
ldconfig
# 全局软链接openssl命令
ln -sf ${OPENSSL_DIR}/bin/openssl /usr/local/bin/openssl
echo "OpenSSL编译完成,版本信息:"
openssl version
echo "==================== 4. 编译安装 OpenSSH 10.3p1 ===================="
cd ${SRC_PATH}
rm -rf openssh-10.3p1
tar -zxvf openssh-10.3p1.tar.gz
cd openssh-10.3p1
./configure \
--prefix=${OPENSSH_DIR} \
--sysconfdir=/etc/ssh \
--with-pam \
--with-ssl-dir=${OPENSSL_DIR} \
--with-zlib
make -j$(nproc)
make install
echo "==================== 5. 打包离线迁移包 ===================="
tar -zcvf /root/${PACKAGE} ${OPENSSL_DIR} ${OPENSSH_DIR} ${LD_CONF}
echo "打包完成,离线包路径:/root/${PACKAGE}"
2. 内网离线安装脚本 install_offline.sh
bash
运行
#!/bin/bash
set -e
OPENSSL_DIR="/usr/local/openssl30"
OPENSSH_DIR="/usr/local/openssh103"
OPENSSL_LIB="${OPENSSL_DIR}/lib"
PACKAGE="ssh_ssl_10.3p1_3.0.19_aarch64.tar.gz"
echo "===== 1. 解压离线包到根目录 ====="
tar -zxvf ${PACKAGE} -C /
echo "===== 2. 刷新动态链接库缓存 ====="
ldconfig
ln -sf ${OPENSSL_DIR}/bin/openssl /usr/local/bin/openssl
echo "OpenSSL 版本:"
openssl version
echo "===== 3. 替换系统ssh二进制,备份原有文件 ====="
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
ln -sf ${OPENSSH_DIR}/bin/ssh /usr/bin/ssh
ln -sf ${OPENSSH_DIR}/sbin/sshd /usr/sbin/sshd
echo "===== 4. 修复sshd废弃配置参数 ====="
cp -r /etc/ssh /etc/ssh.bak.$(date +%Y%m%d)
sed -i 's/^GSSAPIKexAlgorithms/#GSSAPIKexAlgorithms/' /etc/ssh/sshd_config
echo "===== 5. 重载并重启sshd服务 ====="
systemctl daemon-reload
systemctl restart sshd
echo "===== 最终版本校验 ===="
openssl version
sshd -V
标题:鲲鹏 ARM EulerOS 离线升级 OpenSSH10.3p1+OpenSSL3.0.19 极简教程
作者:zytops
地址:https://zytops.com/articles/2026/06/23/1782228665696.html