Centos7.6升级openssh8.6操作步骤
Centos7.6升级openssh8.6操作步骤
概述
本文档用以指导在CentOS Linux release 7.6.1810 (Core)版本操作系统升级Openssh到8.6p1版本,操作前务必保证存在可用的基础yum源,否则可能导致升级失败。
正文
软件准备
上传软件
上传openssh.zip压缩包到/tmp目录下,压缩包中包含以下软件:
- openssh-8.6p1.tar.gz
- openssl-1.1.1j.tar.gz
- zlib-1.2.11.tar.gz
![在这里插入图片描述]()
解压缩软件
tar -zxf openssl-1.1.1j.tar.gz
tar -zxf zlib-1.2.11.tar.gz
tar -zxf openssh-8.6p1.tar.gz
开启Telnet
此操作是为了防止Openssh升级失败无法连接到服务器。
安装软件
yum install telnet telnet-server xinetd -y
服务配置及启动
sed -i '14a disabled = no ' /etc/xinetd.conf
echo -e 'pts/0\npts/1\npts/2\npts/3' >>/etc/securetty
systemctl start telnet.socket
systemctl start xinetd
systemctl enable telnet.socket
systemctl enable xinetd
基础软件安装
务必保证安装此步骤的所有软件,防止编译过程出错:
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
Openssh升级
安装zlib
cd /tmp/openssh/zlib-1.2.11
./configure --prefix=/usr/local/zlib
安装Openssl
编译安装
cd openssl-1.1.1j/
./config --prefix=/usr/local/openssl -d shared
make && make install
库文件载入
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig
mv /usr/bin/openssl /tmp/openssh/opensslbak
openssl help
升级Openssh
编译安装
./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make && make install
关键配置备份
mv /etc/ssh/sshd_config /tmp/openssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /tmp/openssh/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /tmp/openssh/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /tmp/openssh/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /tmp/openssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
旧版软件删除
for i in ${rpm -qa|grep openssh};do rpm -e $i --nodeps;done
cp /tmp/openssh/openssh-8.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
cp /etc/init.d/sshd /tmp/openssh/sshdnewbk
配置更改
cp /etc/init.d/sshd /tmp/openssh /sshdnewbk
sed -i '/SSHD=/c\SSHD=\/usr\/local\/openssh\/sbin\/sshd' /etc/init.d/sshd
sed -i '/\/usr\/bin\/ssh-keygen/c\ \/usr\/local\/openssh\/bin\/ssh-keygen -A' /etc/init.d/sshd
sed -i '/ssh_host_rsa_key.pub/i\ \/sbin\/restorecon \/etc\/ssh\/ssh_host_key.pub' /etc/init.d/sshd
sed -i '/$SSHD $OPTIONS && success || failure/i\ \ OPTIONS="-f /etc/ssh/sshd_config"' /etc/rc.d/init.d/sshd
#---------操作sshd_config-------
sed -i '/PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config
sed -i '/X11Forwarding/c\X11Forwarding yes' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
命令替换及服务重启
cp -arp /usr/local/openssh/bin/* /usr/bin/
service sshd restart
设置开机启动
chkconfig --add sshd
chkconfig --level 2345 sshd on
chkconfig –list
版本验证
ssh -V
配套脚本
此脚本不一定适用于所有环境,使用者请自行更改:
echo '--------1.解压缩安装包--------'
cd /tmp
unzip /tmp/openssh.zip
cd /tmp/openssh/
for i in `ls *.tar.gz`;do tar -zxvf $i;done
echo '--------2.安装telnet--------'
yum install telnet telnet-server xinetd -y
#修改disabled = no ,即可以使用telnet服务
cp /etc/xinetd.conf /tmp/openssh/xinetd.comfbk
sed -i '14a disabled = no ' /etc/xinetd.conf
#在第14行增加 disabled = no
echo -e 'pts/0\npts/1\npts/2\npts/3' >>/etc/securetty
systemctl start telnet.socket #开启服务
systemctl start xinetd #开启服务
systemctl enable telnet.socket #开机自起服务
systemctl enable xinetd
echo '--------3.安装gcc--------'
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
echo '--------4.升级zlib-1.2.11--------'
cd /tmp/openssh/zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
echo '--------5.升级openssl-1.1.1--------'
cd /tmp/openssh/openssl-1.1.1j/
./config --prefix=/usr/local/openssl -d shared
make && make install
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig
mv /usr/bin/openssl /tmp/openssh/opensslbk
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
echo '--------6.升级openssh-8.6p1--------'
cd /tmp/openssh/openssh-8.6p1/
./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make && make install
mv /etc/ssh/sshd_config /tmp/openssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /tmp/openssh/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /tmp/openssh/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /tmp/openssh/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /tmp/openssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
for i in $(rpm -qa|grep openssh);do rpm -e $i --nodeps;done
mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
cp /tmp/openssh/openssh-8.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
cp /etc/init.d/sshd /tmp/openssh/sshdnewbk
sed -i '/SSHD=/c\SSHD=\/usr\/local\/openssh\/sbin\/sshd' /etc/init.d/sshd
sed -i '/\/usr\/bin\/ssh-keygen/c\ \/usr\/local\/openssh\/bin\/ssh-keygen -A' /etc/init.d/sshd
sed -i '/ssh_host_rsa_key.pub/i\ \/sbin\/restorecon \/etc\/ssh\/ssh_host_key.pub' /etc/init.d/sshd
sed -i '/$SSHD $OPTIONS && success || failure/i\ \ OPTIONS="-f /etc/ssh/sshd_config"' /etc/rc.d/init.d/sshd
sed -i '/PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config
sed -i '/X11Forwarding/c\X11Forwarding yes' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
cp -arp /usr/local/openssh/bin/* /usr/bin/
service sshd restart
chkconfig --add sshd
chkconfig --level 2345 sshd on
chkconfig --list
浙公网安备 33010602011771号