1. yum升级到最新可用版本(openssh7.4p1)
yum update openssh
2. 安装telnet-server 以及 xinetd
yum install xinetd telnet-server -y
3. 配置telnet登录的终端类型,在/etc/securetty 文件末尾增加一些pts终端,如下
cat >> /etc/securetty <<EOF pts/0 pts/1 pts/2 pts/3 EOF
4.启动telnet服务,并设置开机自动启动
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
5.使用telnet 登陆,以后操作都是通过telnet
6.备份并移除老文件 ( 这些配置可能影响装完以后的登陆 所以备份)
mkdir /root/update cd /root/update cp /etc/ssh/sshd_config sshd_config cp /etc/pam.d/sshd sshd yum remove openssl-devel rm -rf /etc/ssl
7.安装依赖包
yum install -y gcc gcc-c++ glibc make autoconf pcre-devel pam-devel yum install -y pam* zlib*
8.下载openssh包和openssl的包
# https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/ # https://ftp.openssl.org/source/ wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz
9.安装 openssl
tar xfz openssl-1.1.1k.tar.gz openssl version mv /usr/bin/openssl /usr/bin/openssl_bak cd openssl-1.1.1k ./config --prefix=/usr/local --openssldir=/usr/local/ssl make && make install ./config shared --prefix=/usr/local --openssldir=/usr/local/ssl make clean make && make install ln -s /usr/local/bin/openssl /usr/bin/openssl ln -s /usr/local/include/openssl /usr/include/openssl echo "/usr/local/lib" >> /etc/ld.so.conf echo "/usr/local/lib64" >> /etc/ld.so.conf /sbin/ldconfig openssl version
10.安装openssh
rm -rf /etc/ssh cd /root/update tar xfz openssh-8.5p1.tar.gz cd openssh-8.5p1 ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam make clean make && make install
cp -af contrib/redhat/sshd.init /etc/init.d/sshd cp -af contrib/redhat/sshd.pam /etc/pam.d/sshd.pam chmod +x /etc/init.d/sshd cat >> /etc/ssh/sshd_config <<EOF HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key PermitRootLogin yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes
KexAlgorithms +diffie-hellman-group1-sha1 EOF chkconfig --add sshd mv /usr/lib/systemd/system/sshd.service /root/update/sshd.service chkconfig sshd on systemctl enable sshd systemctl restart sshd ssh -V
11.检测ssh 可以正常登陆,使用ssh登陆,然后 停止telnet服务 并 移除
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd
systemctl disable telnet.socket
遇到的坑:
mv /usr/lib/systemd/system/sshd.service /root/update/sshd.service
这一步会导致sshd重启后无法自启动,解决办法先卸载openssh
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
再重新安装openssh 安装后后需要还原/etc/pam.d/sshd 文件,原文件卸载时会被删除
cat /etc/pam.d/sshd
#%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin # Used with polkit to reauthorize users in remote sessions -auth optional pam_reauthorize.so prepare account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth session include postlogin # Used with polkit to reauthorize users in remote sessions -session optional pam_reauthorize.so prepare