centos 升级openssh8.1

1. 开启telnet (备用)

预防万一可以先开启telnet服务

[root@VM_0_15_centos ~]# rpm -qa |grep telnet
telnet-0.17-48.el6.x86_64
telnet-server-0.17-48.el6.x86_64

 

没有的话  yum install telnet-server telnet

修改  /etc/xinetd.d/telnet   把disable = yes   改为no

[root@VM_0_15_centos ~]# vim /etc/xinetd.d/telnet 
# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = no
}

 重启xinetd服务  查看23端口是否开放

[root@VM_0_15_centos ~]# service xinetd restart
Stopping xinetd:                                           [FAILED]
Starting xinetd:                                           [  OK  ]
[root@VM_0_15_centos ~]# netstat -lntp|grep 23
tcp        0      0 :::23                       :::*                        LISTEN      8999/xinetd

 

注意:   默认的telnet不允许root用户登录,若需要使用root用户登录则通过以下方法:但是最好不要放开 root

修改/etc/pam.d/remote,注释掉:auth required pam_securetty.so

 

2. openssh升级

 

yum install  gcc openssl-devel pam-devel rpm-build  libedit-devel  

 

[root@VM_0_15_centos openssh]# wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
[root@VM_0_15_centos openssh]# tar xf openssh-8.1p1.tar.gz 
[root@VM_0_15_centos openssh]# cd openssh-8.1p1

https://github.com/openssh/openssh-portable#build-time-customisation  编译参数参考

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords  --with-libedit --with-kerberos5 --with-selinux
make
make install

 

PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory

cp /etc/init.d/sshd  /etc/init.d/sshd_old
cp /etc/pam.d/sshd  /etc/pam.d/sshd_old   ###不执行
cd ./contrib/redhat
cp sshd.init  /etc/init.d/sshd
cp sshd.pam  /etc/pam.d/sshd      ###不执行

 

[root@VM_0_15_centos redhat]# grep UsePAM /etc/ssh/sshd_config
#UsePAM no
UsePAM yes 

[root@VM_0_15_centos redhat]# tail /var/log/secure
Jan 10 14:01:07 VM_0_15_centos sshd[16567]: PAM adding faulty module: /lib64/security/pam_stack.so
Jan 10 14:01:07 VM_0_15_centos sshd[16567]: Failed password for root from 111.198.29.223 port 23387 ssh2
Jan 10 14:01:09 VM_0_15_centos sshd[16567]: error: Received disconnect from 111.198.29.223 port 23387:0: [preauth]
Jan 10 14:01:09 VM_0_15_centos sshd[16567]: Disconnected from authenticating user root 111.198.29.223 port 23387 [preauth]
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: Invalid user upload from 134.209.81.60 port 49494
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory   #执行替换/etc/pam.d/sshd 引起的
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: PAM adding faulty module: /lib64/security/pam_stack.so
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: Failed password for invalid user upload from 134.209.81.60 port 49494 ssh2
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: Received disconnect from 134.209.81.60 port 49494:11: Bye Bye [preauth]
Jan 10 14:02:15 VM_0_15_centos sshd[16733]: Disconnected from invalid user upload 134.209.81.60 port 49494 [preauth]

 

注意:  安装配置完成后登录root用户登录不上. 因为升级后默认限制root登录. 要root登录需修改 /etc/ssh/sshd_config

 PermitRootLogin yes

 

编译报错处理  

configure: error: libedit not found

解决:  yum install libedit-devel  

 

configure: error: PAM headers not found

解决:  yum  install pam-devel

 

 

[root@wu ~]# cat openssh.sh 
#!/bin/bash
############################################
# File Name: openssh.sh
# Version:  V1.0
# Author:   
# Created Time: 2020-01-10 15:07:40
# Description:   
############################################
yum install  gcc openssl-devel pam-devel rpm-build  libedit-devel  -y
cd /opt/
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
tar xf openssh-8.1p1.tar.gz
cd openssh-8.1p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords  --with-libedit --with-kerberos5 --with-selinux
make
make install
[ $? != 0 ]&&exit

cp /etc/init.d/sshd  /etc/init.d/sshd_old
cd ./contrib/redhat
cp sshd.init  /etc/init.d/sshd
sed -i "/#PermitRootLogin/a PermitRootLogin yes" /etc/ssh/sshd_config
/etc/init.d/sshd restart

  

  

 

  

posted @ 2020-01-09 09:18  mingetty  阅读(309)  评论(0)    收藏  举报