一、背景说明
Centos7.9 默认安装的openssh 版本为7.4p1,经绿盟扫描,存在高危漏洞,需要升级到最新。
官网只提供编译安装包,为了方便升级,先通过编译安装包,制作rpm包,并进行升级
如下为做好的rpm升级包,可直接下载使用:
openssh 9.3p2 for Centos7.9版本,及升级指引
1.1 系统版本查看 cat /etc/redhat-release
[root@mysql8test ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@mysql8test ~]#
二、rpm包制作
2.1、安装制作的工具
##配置yum源(省略)
##安装依赖包
[root@mysql8test ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
##安装imake
[root@mysql8test ~]# yum install -y imake
2.2 创建编译目录
mkdir -p /root/rpmbuild
cd /root/rpmbuild
mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@mysql8test ~]# mkdir -p /root/rpmbuild
[root@mysql8test ~]# cd /root/rpmbuild
[root@mysql8test rpmbuild]# mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@mysql8test rpmbuild]#
2.3 下载openssh9.3p2和x11-ssh-askpass-1.2.4.1.tar.gz
##将下载的文件放入SOURCES文件夹下
cd /root/rpmbuild/SOURCES/
##下载openssh9.3p2
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
[root@mysql8test SOURCES]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
--2023-08-06 20:12:24-- http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
Resolving ftp.openbsd.org (ftp.openbsd.org)... 199.185.178.81
Connecting to ftp.openbsd.org (ftp.openbsd.org)|199.185.178.81|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1835850 (1.8M) [text/plain]
Saving to: ‘openssh-9.3p2.tar.gz’
100%[=====================================================================================================>] 1,835,850 550KB/s in 3.3s
2023-08-06 20:12:28 (550 KB/s) - ‘openssh-9.3p2.tar.gz’ saved [1835850/1835850]
[root@mysql8test SOURCES]#
##下载x11-ssh-askpass-1.2.4.1.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
[root@mysql8test SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
--2023-08-06 20:13:56-- https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
Resolving src.fedoraproject.org (src.fedoraproject.org)... 38.145.60.20, 38.145.60.21
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:58-- http://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:59-- https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1223 (1.2K) [text/html]
Saving to: ‘x11-ssh-askpass-1.2.4.1.tar.gz’
100%[=====================================================================================================>] 1,223 --.-K/s in 0s
2023-08-06 20:14:00 (81.0 MB/s) - ‘x11-ssh-askpass-1.2.4.1.tar.gz’ saved [1223/1223]
[root@mysql8test SOURCES]#
2.4 修改openssh.spec配置
[root@mysql8test SOURCES]# cd /root/rpmbuild/SOURCES/
[root@mysql8test SOURCES]# tar -zxf openssh-9.3p2.tar.gz
##编辑编译配置文件
cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
cd /root/rpmbuild/SPECS/
##结果:
[root@mysql8test SOURCES]# cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@mysql8test SOURCES]# cd /root/rpmbuild/SPECS/
[root@mysql8test SPECS]# ls -l
total 32
-rw-r--r--. 1 root root 30082 Aug 6 20:19 openssh.spec
[root@mysql8test SPECS]#
##不生成askpass包
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec
cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpass
cat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpass
##修改openssl-devel的报错
sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec
##修改PreReq的报错
sed -i '/PreReq:/s/^/#/' openssh.spec
##.解决Obsoletes报错
sed -i '/Obsoletes:/s/^/#/' openssh.spec
cat /root/rpmbuild/SPECS/openssh.spec | grep Obsoletes
2.5 编译源码包,制作成rpm包
cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec
提示
...
Processing files: openssh-server-9.3p2-1.el7.x86_64
Provides: config(openssh-server) = 9.3p2-1.el7 openssh-server = 9.3p2-1.el7 openssh-server(x86-64) = 9.3p2-1.el7
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/bash libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.16)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.6)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit) libcrypto.so.10(OPENSSL_1.0.2)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
Processing files: openssh-debuginfo-9.3p2-1.el7.x86_64
Provides: openssh-debuginfo = 9.3p2-1.el7 openssh-debuginfo(x86-64) = 9.3p2-1.el7
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
Wrote: /root/rpmbuild/SRPMS/openssh-9.3p2-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.FtwsQ7
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p2
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
+ exit 0
[root@mysql8test SPECS]#
2.5 查看生成的rpm包,并打包
##编译完成后的软件在,debug的包不用下载安装
[root@mysql8test SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/
total 4.9M
-rw-r--r--. 1 root root 634K Aug 6 20:27 openssh-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 627K Aug 6 20:27 openssh-clients-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 462K Aug 6 20:27 openssh-server-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 3.2M Aug 6 20:27 openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
[root@mysql8test SPECS]#
##对rpm进行打包
[root@mysql8test x86_64]# tar -zcvf /root/openssh-9.3p2_rpm_for_centos7.9.tar.gz *.rpm
openssh-9.3p2-1.el7.x86_64.rpm
openssh-clients-9.3p2-1.el7.x86_64.rpm
openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
openssh-server-9.3p2-1.el7.x86_64.rpm
三、centos7.9 从openssh7.4p1升级到openssh9.3p2
##升级之前查看版本
[root@mysql8test x86_64]# rpm -qa|grep openssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
[root@mysql8test x86_64]#
[root@mysql8test x86_64]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@mysql8test x86_64]#
##升级前备份 /etc/pam.d/sshd
cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd
验证openssh是否升级成功
##升级openssh
yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
[root@mysql8test x86_64]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
Loaded plugins: fastestmirror
Examining openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64
Marking openssh-9.3p2-1.el7.x86_64.rpm as an update to openssh-7.4p1-21.el7.x86_64
Examining openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64
Marking openssh-clients-9.3p2-1.el7.x86_64.rpm as an update to openssh-clients-7.4p1-21.el7.x86_64
Examining openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64
Marking openssh-server-9.3p2-1.el7.x86_64.rpm as an update to openssh-server-7.4p1-21.el7.x86_64
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:9.3p2-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Updating:
openssh x86_64 9.3p2-1.el7 /openssh-9.3p2-1.el7.x86_64 2.9 M
openssh-clients x86_64 9.3p2-1.el7 /openssh-clients-9.3p2-1.el7.x86_64 2.4 M
openssh-server x86_64 9.3p2-1.el7 /openssh-server-9.3p2-1.el7.x86_64 1.1 M
Transaction Summary
===============================================================================================================================================
Upgrade 3 Packages
Total size: 6.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : openssh-9.3p2-1.el7.x86_64 1/6
Updating : openssh-server-9.3p2-1.el7.x86_64 2/6
Updating : openssh-clients-9.3p2-1.el7.x86_64 3/6
Cleanup : openssh-clients-7.4p1-21.el7.x86_64 4/6
Cleanup : openssh-server-7.4p1-21.el7.x86_64 5/6
Cleanup : openssh-7.4p1-21.el7.x86_64 6/6
Verifying : openssh-server-9.3p2-1.el7.x86_64 1/6
Verifying : openssh-9.3p2-1.el7.x86_64 2/6
Verifying : openssh-clients-9.3p2-1.el7.x86_64 3/6
Verifying : openssh-clients-7.4p1-21.el7.x86_64 4/6
Verifying : openssh-7.4p1-21.el7.x86_64 5/6
Verifying : openssh-server-7.4p1-21.el7.x86_64 6/6
Updated:
openssh.x86_64 0:9.3p2-1.el7 openssh-clients.x86_64 0:9.3p2-1.el7 openssh-server.x86_64 0:9.3p2-1.el7
Complete!
[root@mysql8test x86_64]#
[root@mysql8test x86_64]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@mysql8test x86_64]#
##重启sshd出现报错
[root@mysql8test x86_64]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@mysql8test x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2023-08-06 20:39:07 CST; 7s ago
Docs: man:systemd-sysv-generator(8)
Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 32668 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
Main PID: 1029 (code=exited, status=0/SUCCESS)
Aug 06 20:39:07 mysql8test sshd[32668]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Aug 06 20:39:07 mysql8test sshd[32668]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Aug 06 20:39:07 mysql8test sshd[32668]: It is required that your private key files are NOT accessible by others.
Aug 06 20:39:07 mysql8test sshd[32668]: This private key will be ignored.
Aug 06 20:39:07 mysql8test sshd[32668]: sshd: no hostkeys available -- exiting.
Aug 06 20:39:07 mysql8test sshd[32668]: [FAILED]
Aug 06 20:39:07 mysql8test systemd[1]: sshd.service: control process exited, code=exited status=1
Aug 06 20:39:07 mysql8test systemd[1]: Failed to start SYSV: OpenSSH server daemon.
Aug 06 20:39:07 mysql8test systemd[1]: Unit sshd.service entered failed state.
Aug 06 20:39:07 mysql8test systemd[1]: sshd.service failed.
[root@mysql8test x86_64]#
##修改文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_ed25519_key
##再次重启sshd,正常
[root@mysql8test x86_64]# systemctl restart sshd
[root@mysql8test x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Sun 2023-08-06 20:40:10 CST; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 32689 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 32697 (sshd)
CGroup: /system.slice/sshd.service
└─32697 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Aug 06 20:40:10 mysql8test systemd[1]: Starting SYSV: OpenSSH server daemon...
Aug 06 20:40:10 mysql8test sshd[32689]: /sbin/restorecon: lstat(/etc/ssh/ssh_host_dsa_key.pub) failed: No such file or directory
Aug 06 20:40:10 mysql8test sshd[32697]: Server listening on 0.0.0.0 port 22.
Aug 06 20:40:10 mysql8test sshd[32697]: Server listening on :: port 22.
Aug 06 20:40:10 mysql8test sshd[32689]: Starting sshd:[ OK ]
Aug 06 20:40:10 mysql8test systemd[1]: Started SYSV: OpenSSH server daemon.
[root@mysql8test x86_64]#
四、Centos7.9 openssh 9.3p1升级到openssh 9.3p2
[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@ucsp-rancher-03 openssh9.3p2]#
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]# cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]#
[root@ucsp-rancher-03 openssh9.3p2]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
已加载插件:fastestmirror, langpacks
正在检查 openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64
openssh-9.3p2-1.el7.x86_64.rpm 将作为 openssh-9.3p1-1.el7.x86_64 的更新
正在检查 openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64
openssh-clients-9.3p2-1.el7.x86_64.rpm 将作为 openssh-clients-9.3p1-1.el7.x86_64 的更新
正在检查 openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64
openssh-server-9.3p2-1.el7.x86_64.rpm 将作为 openssh-server-9.3p1-1.el7.x86_64 的更新
正在解决依赖关系
--> 正在检查事务
---> 软件包 openssh.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh.x86_64.0.9.3p2-1.el7 将被 更新
---> 软件包 openssh-clients.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh-clients.x86_64.0.9.3p2-1.el7 将被 更新
---> 软件包 openssh-server.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh-server.x86_64.0.9.3p2-1.el7 将被 更新
--> 解决依赖关系完成
base/7/x86_64 | 3.6 kB 00:00:00
centosplus/7/x86_64 | 2.9 kB 00:00:00
epel/7/x86_64 | 4.7 kB 00:00:00
extras/7/x86_64 | 2.9 kB 00:00:00
updates/7/x86_64 | 2.9 kB 00:00:00
依赖关系解决
======================================================================================================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================================================================================================
正在更新:
openssh x86_64 9.3p2-1.el7 /openssh-9.3p2-1.el7.x86_64 2.9 M
openssh-clients x86_64 9.3p2-1.el7 /openssh-clients-9.3p2-1.el7.x86_64 2.4 M
openssh-server x86_64 9.3p2-1.el7 /openssh-server-9.3p2-1.el7.x86_64 1.1 M
事务概要
======================================================================================================================================================================================================================
升级 3 软件包
总计:6.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : openssh-9.3p2-1.el7.x86_64 1/6
正在更新 : openssh-server-9.3p2-1.el7.x86_64 2/6
正在更新 : openssh-clients-9.3p2-1.el7.x86_64 3/6
清理 : openssh-clients-9.3p1-1.el7.x86_64 4/6
清理 : openssh-server-9.3p1-1.el7.x86_64 5/6
清理 : openssh-9.3p1-1.el7.x86_64 6/6
验证中 : openssh-server-9.3p2-1.el7.x86_64 1/6
验证中 : openssh-9.3p2-1.el7.x86_64 2/6
验证中 : openssh-clients-9.3p2-1.el7.x86_64 3/6
验证中 : openssh-9.3p1-1.el7.x86_64 4/6
验证中 : openssh-clients-9.3p1-1.el7.x86_64 5/6
验证中 : openssh-server-9.3p1-1.el7.x86_64 6/6
更新完毕:
openssh.x86_64 0:9.3p2-1.el7 openssh-clients.x86_64 0:9.3p2-1.el7 openssh-server.x86_64 0:9.3p2-1.el7
完毕!
[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@ucsp-rancher-03 openssh9.3p2]# systemctl restart sshd
[root@ucsp-rancher-03 openssh9.3p2]#