系统环境：# lsb_release -a

Distributor ID: Ubuntu

Description:    Ubuntu 16.04.4 LTS

Release:        16.04

Codename:      xenial

之前默认的openssh版本：# ssh -V

OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016

=============== 碰到的问题 ===============

1.    curl www.baidu.com

curl: (77) Problem with the SSL CA cert (path? access rights?)

2.    其实就是相当于安装一个新的/usr/local/bin/，就是都还在/usr/bin/

1.下载源码文件压缩包

wget http://www.zlib.net/zlib-1.2.11.tar.gz

wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz

------------- 解压 -------------

tar zxvf zlib-1.2.11.tar.gz

tar zxvf openssl-1.1.1b.tar.gz

tar zxvf openssh-7.9p1.tar.gz

2.编译安装zlib

cd zlib-1.2.11/

./configure --prefix=/usr/local

make

sudo make install

3.看情况卸载旧的openssl

注：是否不需要卸载旧的openssl，因为装完新的之后会有SSL CA的问题，或者其他问题

    curl: (77) Problem with the SSL CA cert (path? access rights?)

    这个问题重新装回来就好了

    sudo apt install ca-certificates

测试过不需要卸载旧的，最后是新的/usr/local/bin/和旧的/usr/bin/共存

------ 卸载旧的openssl ------

apt-get purge openssl

4.编译安装openssl

cd openssl-1.1.1b/

./config shared --prefix=/usr/local --openssldir=/usr/local/ssl

make

sudo make install

sudo ln -s /usr/local/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1

sudo ln -s /usr/local/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1

------------------------------------------------

这时候就可以查看openssl版本：openssl version -a

OpenSSL 1.1.1b  26 Feb 2019

built on: Fri Apr 19 08:19:20 2019 UTC

platform: linux-x86_64

......

------------------------------------------------

5.编译安装openssh

注：如果./configure失败，可以先执行下面两个命令再试试

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

ldconfig

后面再测试不需要这个步骤，是因为原来的-with-ssl-dir=/usr/local/ssl，去掉ssl就可以了

--------------------------------------------------------------------------------

cd openssh-7.9p1/

./configure -prefix=/usr/local -sysconfdir=/etc/ssh -with-ssl-dir=/usr/local

make

sudo make install

-------------------------------------------

至此，所有都升级完成，可以查看ssh的版本：ssh -V

OpenSSH_7.9p1, OpenSSL 1.1.1b  26 Feb 2019

6.看需要设置相关配置文件

升级完成后，用的命令都是在/usr/local/bin/目录下，可以用：which ssh 试看看哟

/usr/local/bin/ssh

----------------- 设置相关配置文件 ---------------------

mv /usr/bin/scp /tmp/

mv /usr/bin/ssh* /tmp/

ln -s /usr/local/bin/ssh /usr/bin/ssh

ln -s /usr/local/bin/scp /usr/bin/scp

ln -s /usr/local/bin/ssh-add /usr/bin/ssh-add

ln -s /usr/local/bin/ssh-agent /usr/bin/ssh-agent

ln -s /usr/local/bin/ssh-keygen  /usr/bin/ssh-keygen

ln -s /usr/local/bin/ssh-keyscan /usr/bin/ssh-keyscan

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -s /usr/local/sbin/sshd /usr/bin/sshd

7.重启ssh服务

/etc/init.d/ssh restart

如果没有开启过ssh可以看第二个链接【Ubuntu 16.04开启SSH服务】

可以测试连接自己的

ssh your_username@your_host

参考链接：

https://www.jianshu.com/p/9dc0e7c8faca

https://blog.csdn.net/woaiyaou/article/details/78360382