1、离线安装telnet（用telnet登录升级ssh，因为ssh升级时，ssh会话会断开）
（1）下载telnet、telnet-server、xinetd，并传到服务器上

http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/telnet-0.17-66.el7.x86_64.rpm
http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/telnet-server-0.17-66.el7.x86_64.rpm
http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/xinetd-2.3.15-14.el7.x86_64.rpm

（2）安装telnet：在安装包所在目录执行

rpm -ivh telnet-0.17-66.el7.x86_64.rpm 
rpm -ivh telnet-server-0.17-66.el7.x86_64.rpm 
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm 

（3）配置并启动Telnet，xinetd和telnet必须设置开机启动，否则无法启动Telnet服务

systemctl enable xinetd.service
systemctl enable telnet.socket

（4）接下来启动服务

systemctl start telnet.socket
systemctl start xinetd

（5）开启root登录权限
将服务端/etc/securetty文件备份重命名

mv /etc/securetty /etc/securetty.bak

（6）关闭防火墙，并取消防火墙开机自启

systemctl stop firewalld
systemctl disable firewalld

或开启防火墙23端口

iptables -A INPUT -p tcp --dport 23
iptables -L -n

（7）telnet登录后台

2、离线安装make、gcc、zlib、pam等编译需要的包（http://rpmfind.net/linux/RPM/index.html）
make-3.82-24.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/make-3.82-24.el7.x86_64.rpm

mpfr-3.1.1-4.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/mpfr-3.1.1-4.el7.x86_64.rpm

libmpc-1.0.1-3.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/libmpc-1.0.1-3.el7.x86_64.rpm

glibc-headers-2.17-222.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/glibc-headers-2.17-324.el7_9.x86_64.rpm

glibc-devel-2.17-222.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/glibc-devel-2.17-317.el7.x86_64.rpm

cpp-4.8.5-28.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/cpp-4.8.5-44.el7.x86_64.rpm

gcc-4.8.5-28.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/gcc-4.8.5-44.el7.x86_64.rpm

pam-devel-1.1.8-23.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/pam-1.1.8-23.el7.x86_64.rpm

zlib-1.2.7-18.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/zlib-1.2.7-18.el7.x86_64.rpm

（1）新建一个目录gcc，将所有安装包上传到该目录

mkdir gcc
cd gcc

（2）强制安装以上rpm包

rpm  -ivh  *.rpm --nodeps --force

3、下载openssl和openssh
（1）下载openssh-9.1p1.tar.gz

https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz?spm=a2c6h.25603864.0.0.686840adx4Vfgj

（2）下载openssl-1.1.1s.tar.gz

https://www.openssl.org/source/openssl-1.1.1s.tar.gz

4、升级openssl
（1）备份原来的openssl

mv /usr/bin/openssl{,.bak}
mv /usr/include/openssl{,.bak}

（2）编译安装新的opensslc

tar -zxvf openssl-1.1.1s.tar.gz
cd openssl-1.1.1s/
./config shared && make && make install

（3）建立软连接

ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl

（4）重新加载配置，验证openssl版本

echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

（5）可能会有以下报错，这是因为libssl.so.1.1文件找不到，执行find / -name ‘libssl.so.1.1’，将/etc/ld.so.conf里面的lib64改成find出来的路径即可"

[root@localhost ~]# openssl version openssl: error while loading
shared libraries: libssl.so.1.1: cannot open shared object file: No
such file or directory"

5、升级openssh
（1）备份原来的openssh

mv /etc/ssh{,.bak}
mkdir /usr/local/openssh

（2）编译安装新的openssh

tar -zxvf openssh-9.1p1.tar.gz
cd openssh-9.1p1/
./configure --prefix=/usr/local/openssh \--sysconfdir=/etc/ssh \--with-openssl-includes=/usr/local/include \--with-ssl-dir=/usr/local/lib64 \--with-zlib \--with-md5-passwords \--with-pam && \make && \make install

（3）配置sshd_config

echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

（4）创建软连接

mv /usr/sbin/sshd{,.bak}
mv /usr/bin/ssh{,.bak}
mv /usr/bin/ssh-keygen{,.bak}
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

（5）重启sshd服务（#注意：/root/openssh-9.1p1/contrib/redhat/ 这个目录是openssh-9.1p1.tar.gz解压后的目录，根据实际情况修改）

systemctl disable sshd --now
mv /usr/lib/systemd/system/sshd.service{,.bak}
systemctl daemon-reload
cp -a /root/openssh-9.1p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /root/openssh-9.1p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
systemctl enable sshd --now
systemctl restart sshd

（6）查看ssh版本

ssh -V

（7）使用ssh客户端测试连接，连接成功，即表示升级完成，此时可以关闭telnet服务

systemctl disable xinetd.service --now
systemctl disable telnet.socket --now
systemctl stop xinetd.service --now
systemctl stop telnet.socket --now