由于官方没有 rpm 包，安装不是很方便，这里采用将官方的 tar 包通过 rpmbuild 制作为 rpm 包，再进行安装。
源码安装参考：https://www.cnblogs.com/yanjieli/p/13445912.html

制作 RPM 包

安装相关依赖

# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y

创建所需目录

# mkdir -p /root/rpmbuild/{SOURCES,SPECS}
# cd /root/rpmbuild/SOURCES

下载源码包

下载地址：

http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

https://src.fedoraproject.org/repo/pkgs/openssh/

# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

# tar -xvzf openssh-8.4p1.tar.gz
# tar -xvzf x11-ssh-askpass-1.2.4.1.tar.gz

修改配置文件

# cp openssh-8.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
# cd /root/rpmbuild/SPECS/

# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec

构建

# rpmbuild -ba openssh.spec

构建成功结果如下：
Wrote: /root/rpmbuild/SRPMS/openssh-8.4p1-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-8.4p1-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.pshj6r
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-8.4p1
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-8.4p1-1.el7.x86_64
+ exit 0

验证软件包

# ls /root/rpmbuild/RPMS/x86_64/
openssh-8.4p1-1.el7.x86_64.rpm                openssh-clients-8.4p1-1.el7.x86_64.rpm
openssh-askpass-8.4p1-1.el7.x86_64.rpm        openssh-debuginfo-8.4p1-1.el7.x86_64.rpm
openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm  openssh-server-8.4p1-1.el7.x86_64.rpm

构建过程报错解决

错误1：

error: Failed build dependencies: openssl-devel < 1.1 is needed by openssh-8.4p1-1.el7.x86_64

解决办法：

注释BuildRequires: openssl-devel < 1.1这一行

# sed -i 's/BuildRequires: openssl-devel < 1.1/#&/' openssh.spec

错误2：

error: Failed build dependencies: /usr/include/X11/Xlib.h is needed by openssh-8.4p1-1.el7.x86_64

解决办法：

安装libXt-devel imake gtk2-devel openssl-libs

# yum install libXt-devel imake gtk2-devel openssl-libs -y

开始升级

备份配置文件

# cp /etc/pam.d/{sshd,sshd.bck}
# cp /etc/ssh/{sshd_config,sshd_config.bck}

安装telnet

避免 openssh 升级识别无法登陆，安装telnet（同时开启两个窗口）

# yum install telnet-server xinetd -y
# systemctl enable --now xinetd.service
# systemctl enable --now telnet.socket

配置 telnet 登陆

//注释auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so这一行

# sed -i 's/^auth \[user_unknown=/#&/' /etc/pam.d/login

# cat >> /etc/securetty <<EOF
pts/1
pts/2
EOF

//测试登陆
[C:\~]$ telnet 192.168.3.179
Trying 192.168.3.179...
Connected to 192.168.3.179.
Escape character is '^]'.

Kernel 3.10.0-957.27.2.el7.x86_64 on an x86_64
localhost0 login: root
Password: 
Last login: Thu Dec 31 15:28:23 from 192.168.3.144
[root@localhost0 ~]# 

卸载之前的版本

# yum remove openssh*

安装新版本

# rpm -Uvh openssh-*

启动ssh服务

# chmod 600 /etc/ssh/ssh_host_rsa_key
# chmod 600 /etc/ssh/ssh_host_ecdsa_key
# systemctl start sshd
# systemctl enable sshd

关闭 telnet

注意：开启telnet的root远程登录极度不安全，账号密码都是明文传输，尤其在公网，所以一般只限于在某些情况下内网中ssh无法使用时，临时调测，使用完后，将相关配置复原，彻底关闭telnet服务！

# systemctl stop telnet.socket && systemctl disable telnet.socket
# systemctl stop xinetd.service && systemctl disable xinetd.service

恢复配置文件

# \mv /etc/ssh/sshd_config.bck /etc/ssh/sshd_config
# \mv /etc/pam.d/sshd.bck /etc/pam.d/sshd

验证当前版本

# ssh -V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017