openssl 升级
(灰色为可选)
下载:
cd /tmp
Wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz
二.升级openssl
1.升级 zlib
(1)安装zlib-1.2.8
sudo tar -zvxf zlib-1.2.8.tar.gz
[root@dd4_img tmp]# cd zlib-1.2.8
sudo ./configure --prefix=/usr/local/zlib -share
sudo make
sudo make install
-------------------------------------------未替换----------------------------------------------------------------------------
(2)备份原来的zlib库文件
uname -a
Linux localhost.localdomain 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
sudo mkdir /lib64_zlib.bak
ls –l /lib64/libz.so*
ls -l /lib64/libz.so.*
lrwxrwxrwx 1 root root 13 Sep 14 14:18 /lib64/libz.so.1 -> libz.so.1.2.3
-rwxr-xr-x 1 root root 91096 Feb 22 2013 /lib64/libz.so.1.2.3
sudo cp -p /lib64/libz.so.1.2.3 /lib64_zlib.bak/ 备份旧的库文件
(3)使用升级后的zlib库文件
sudo cp -p /usr/local/zlib/lib/libz.so.1.2.8 /lib64/
sudo rm libz.so.1 (注意:需要root用户执行,否则移除后不能执行sudo,无法进行后续工作)
ln -s libz.so.1.2.8 libz.so.1
sudo ls -l libz.s*
lrwxrwxrwx 1 root root 13 Mar 10 11:01 libz.so.1 -> libz.so.1.2.8
-rwxr-xr-x 1 root root 91096 Feb 22 2013 libz.so.1.2.3
-rwxr-xr-x 1 root root 99192 Mar 10 10:57 libz.so.1.2.8
cd /usr/lib64
ls –l libz.so*
lrwxrwxrwx 1 root root 25 Jan 14 2015 libz.so -> ../../lib64/libz.so.1.2.3
#rm rf libz.so
#ln –s ../../lib64/libz.so.1.2.8 libz.so
sudo ldconfig
sudo yum ß- yum工具可以正常使用
----------------------------------------------------------------------------------------------------------------------------------------------
2.升级 openssl
sudo yum -y install zlib-devel
(1)安装openssl
sudo tar -zvxf openssl-1.0.1t.tar.gz
cd openssl-1.0.1t
sudo ./config shared --prefix=/usr/local/ssl_1.0.1t --openssldir=/usr/local/ssl_1.0.1t zlib-dynamic
sudo make
sudo make install
sudo mv /usr/bin/openssl /usr/bin/openssl.bak
sudo mv /usr/include/openssl /usr/include/openssl.bak
sudo ln -s /usr/local/ssl_1.0.1t/bin/openssl /usr/bin/openssl
sudo ln -s /usr/local/ssl_1.0.1t/include/openssl /usr/include/openssl
sudo vim /etc/ld.so.conf #设置库文件路径。
写入:/usr/local/ssl/lib
[root@dd4_img openssl-1.0.1p]# echo "/usr/local/ ssl_1.0.1t/lib" >> /etc/ld.so.conf
执行 Ldconfig 命令
-------------------------------------未替换-------------------------------------------------
(2)备份原openssl库文件
sudo mkdir /usr/lib64_libssl_backup
sudo mkdir /usr/lib64_libcrypto_backup
cd /usr/lib64/
sudo mv libssl.so.1.0.1j /usr/lib64_libssl_backup
#mvlibcrypto.so.1.0.1j /usr/lib64_libcrypto_backup
------------------------------------------------------------------------------------------------
openssl version
OpenSSL 1.0.1t 3 May 2016
Openssl后需要升级openssh,不然ssh可能异常。
注意:在升级openssh过程中,多打开一个ssh会话,在该会话中长ping,例如ping 8.8.8.8 –t 防止会话超时,这样进行操作的那个会话中断后还可以使用这个会话来管理。
三.升级openssh
sudo yum install -y pam-devel
# rpm -qa | grep openssh
openssh-6.6p1-1.x86_64
openssh-clients-6.6p1-1.x86_64
openssh-server-6.6p1-1.x86_64
卸载原ssh
rpm -e `rpm -qa | grep openssh` --allmatches --nodeps (root权限执行,或者使用sudo对每一个单独卸载)
warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave
warning: /etc/pam.d/sshd saved as /etc/pam.d/sshd.rpmsave
备份原ssh配置
sudo mkdir /etc/sshbak
sudo mv /etc/ssh/* /etc/sshbak/
开始安装
cd /tmp
sudo tar -zvxf openssh-7.2p2.tar.gz
cd openssh-7.2p2
sudo ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl_1.0.1t/ --with-md5-passwords --mandir=/usr/share/man
sudo make
sudo make install
生成ssh服务管理脚本
sudo cp /tmp/openssh-7.2p2/contrib/redhat/sshd.init /etc/init.d/sshd
sudo chmod +x /etc/init.d/sshd
sudo chkconfig --add sshd
sudo /etc/init.d/sshd start
Starting sshd: [ OK ]
sudo ssh -V
OpenSSH_7.2p2, OpenSSL 1.0.1t 1 Mar 2016
配置ssh的pam认证
sudo mv /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
sudo /etc/init.d/sshd restart
退出ssh,
重新登录时,可能会出现的问题:
或者删除/home/heaven/.ssh/known_hosts文件
mv /home/heaven/.ssh/known_hosts /home/heaven/.ssh/known_hosts.bak
浙公网安备 33010602011771号