升级前先做好备份并开启telnet服务。

1.开启telnet
telnet安装包放在／home下
安装后
vi /etc/xinetd.d/telnet
将 disabled yes 改为no
重启xinet服务：service xinetd restart

测试telnet正常登入后开始升级

2.升级openssl
先升级openssl, 一定记得加上 shared选项, 否则openssh编译的时候会找不到新安装的openssl的library, 
会报错: openssl的 header和library版本不匹配。

cd openssl-1.0.2h
./config --prefix=/usr/openssl shared zlib
make
make install

mv /usr/bin/openssl /usr/bin/openssl-old
mv /usr/include/openssl /usr/include/openssl-old
ln -s /usr/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/openssl/include/openssl /usr/include/openssl
cp -p /etc/ld.so.conf /etc/ld.so.conf-old
echo "/usr/openssl/lib">> /etc/ld.so.conf

ldconfig -v

*用命令查看openssl version -a 查看openssl版本是否正确。

vi /etc/profile 添加：
export LIBPATH=/usr/openssl/lib:$LIBPATH
export LD_LIBRARY_PATH=/usr/openssl/lib:$LD_LIBRARY_PATH
export PATH=/usr/openssl/bin:/usr/openssh/bin:$PATH

source /etc/profile

3.升级openssh

mv /etc/init.d/sshd /etc/init.d/sshd-old
mv /etc/ssh /etc/ssh-old
mkdir /etc/ssh

cd openssh-7.3p1

./configure --prefix=/usr/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/openssl --mandir=/usr/share/man --with-zlib --with-pam --with-md5-passwords --with-kerberos5
make
make install

ssh -V

mv /usr/bin/ssh /usr/bin/ssh.old
ln -s /usr/openssh/bin/ssh /usr/bin/ssh

cp -p /home/openssh-7.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -p /home/openssh-7.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
chown root:root /etc/init.d/sshd
chown root:root /etc/pam.d/sshd

修改/etc/init.d/sshd 文件的内容：

SSHD=/usr/sbin/sshd==》SSHD=/usr/openssh/sbin/sshd
/usr/bin/ssh-keygen==》/usr/openssh/bin/ssh-keygen -A

vi /etc/ssh/sshd_config
添加 PermitRootLogin yes

sed -i 's/# StrictHostKeyChecking ask/StrictHostKeyChecking no/' /etc/ssh/ssh_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
service sshd restart

重启ssh服务
/etc/init.d/sshd restart
4.测试ssh
测试能否ssh localhost

成功ssh的话 
5.关闭telnet 将disabled no 改为yes 重启service xinetd restart
6.mv /etc/securrtty.bak /etc/securetty
telnet localhost
*检查是否正常升级