centos9 stream 安装配置升级openssh9
1.系统镜像下载
https://www.centos.org/download/
https://mirrors.tuna.tsinghua.edu.cn/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-dvd1.iso
2.系统安装
安装部署省略,与基本linux安装步骤大致相同,部分虚拟化平台可能出现不兼容情况,如出现无法安装则选择低版本的stream
3.安装完毕配置网络
之前的网卡配置文件已不存在
打开 /etc/sysconfig/network-scripts/readme-ifcfg-rh.txt 文件内容如下
NetworkManager stores new network profiles in keyfile format in the /etc/NetworkManager/system-connections/ directory. Previously, NetworkManager stored network profiles in ifcfg format in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg format is deprecated. By default, NetworkManager no longer creates new profiles in this format. Connection profiles in keyfile format have many benefits. For example, this format is INI file-based and can easily be parsed and generated. Each section in NetworkManager keyfiles corresponds to a NetworkManager setting name as described in the nm-settings(5) and nm-settings-keyfile(5) man pages. Each key-value-pair in a section is one of the properties listed in the settings specification of the man page. If you still use network profiles in ifcfg format, consider migrating them to keyfile format. To migrate all profiles at once, enter: # nmcli connection migrate This command migrates all profiles from ifcfg format to keyfile format and stores them in /etc/NetworkManager/system-connections/. Alternatively, to migrate only a specific profile, enter: # nmcli connection migrate <profile_name|UUID|D-Bus_path> For further details, see: * nm-settings-keyfile(5) * nmcli(1)
新的配置文件在 /etc/NetworkManager/system-connections/ 网络通过nmcli配置管理
网卡配置文件信息如下
[root@localhost ~]# cat /etc/NetworkManager/system-connections/ens32.nmconnection [connection] id=ens32 uuid=23d87384-98f6-390a-b3c7-0ff0a59f3b89 type=ethernet autoconnect-priority=-999 interface-name=ens32 timestamp=1663668122 [ethernet] [ipv4] method=manual address1=192.168.2.28/24,192.168.2.1 [ipv6] addr-gen-mode=eui64 method=auto [proxy] [root@localhost ~]#
重启网络执行命令如下
[root@localhost ~]# vi /etc/NetworkManager/system-connections/ens32.nmconnection
[root@localhost ~]# nmcli connect show
NAME UUID TYPE DEVICE
ens32 23d87384-98f6-390a-b3c7-0ff0a59f3b89 ethernet ens32
[root@localhost ~]# nmcli connect reload ens32
[root@localhost ~]# nmcli connect up ens32
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:b0:8b:ac brd ff:ff:ff:ff:ff:ff
altname enp2s0
inet 192.168.2.28/24 brd 192.168.2.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:feb0:8bac/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]#
4.配置yum本地光盘源
centos8 stream 光盘目录
[root@localhost ~]# ls -l /mnt/ total 32 dr-xr-xr-x. 4 root root 2048 Sep 14 08:32 AppStream dr-xr-xr-x. 4 root root 2048 Sep 14 08:32 BaseOS dr-xr-xr-x. 3 root root 2048 Sep 14 08:32 EFI -r--r--r--. 1 root root 299 Sep 14 08:32 EULA -r--r--r--. 1 root root 745 Sep 14 08:32 extra_files.json dr-xr-xr-x. 3 root root 2048 Sep 14 08:32 images dr-xr-xr-x. 2 root root 2048 Sep 14 08:32 isolinux -r--r--r--. 1 root root 18092 Sep 14 08:32 LICENSE -r--r--r--. 1 root root 88 Sep 14 08:32 media.repo -r--r--r--. 1 root root 1327 Sep 14 08:32 TRANS.TBL [root@localhost ~]#
yum 配置
[root@localhost yum.repos.d]# cat cd.repo [base] name=CentOS baseurl=file:///mnt/AppStream/ gpgcheck=0 enabled=1 [base1] name=CentOS baseurl=file:///mnt/BaseOS/ gpgcheck=0 enabled=1p
配置完毕执行yum install gcc make perl (用于编译openssh源码包)
5.升级openssh
编译安装后有些不同,编译安装参见上个博客
centos7.6升级OpenSSH 9.0 - 你的孤独虽败犹荣 - 博客园 (cnblogs.com)
6.编译安装后启动报错解决
卸载原有openssh 执行 yum remove openssh -y
[root@localhost ~]# rpm -qa | grep openssh openssh-8.7p1-22.el9.x86_64 openssh-clients-8.7p1-22.el9.x86_64 openssh-server-8.7p1-22.el9.x86_64 [root@localhost ~]# yum remove openssh -y Dependencies resolved. ================================================================================================================================================= Package Architecture Version Repository Size ================================================================================================================================================= Removing: openssh x86_64 8.7p1-22.el9 @anaconda 1.9 M Removing dependent packages: openssh-clients x86_64 8.7p1-22.el9 @anaconda 2.0 M openssh-server x86_64 8.7p1-22.el9 @anaconda 1.0 M Removing unused dependencies: libcbor x86_64 0.7.0-5.el9 @anaconda 98 k libfido2 x86_64 1.6.0-7.el9 @anaconda 167 k Transaction Summary ================================================================================================================================================= Remove 5 Packages Freed space: 5.2 M Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: openssh-clients-8.7p1-22.el9.x86_64 1/5 Erasing : openssh-clients-8.7p1-22.el9.x86_64 1/5 Erasing : libfido2-1.6.0-7.el9.x86_64 2/5 Running scriptlet: openssh-server-8.7p1-22.el9.x86_64 3/5 Removed "/etc/systemd/system/multi-user.target.wants/sshd.service". Erasing : openssh-server-8.7p1-22.el9.x86_64 3/5 Running scriptlet: openssh-server-8.7p1-22.el9.x86_64 3/5 Erasing : openssh-8.7p1-22.el9.x86_64 4/5 Erasing : libcbor-0.7.0-5.el9.x86_64 5/5 Running scriptlet: libcbor-0.7.0-5.el9.x86_64 5/5 Verifying : libcbor-0.7.0-5.el9.x86_64 1/5 Verifying : libfido2-1.6.0-7.el9.x86_64 2/5 Verifying : openssh-8.7p1-22.el9.x86_64 3/5 Verifying : openssh-clients-8.7p1-22.el9.x86_64 4/5 Verifying : openssh-server-8.7p1-22.el9.x86_64 5/5 Removed: libcbor-0.7.0-5.el9.x86_64 libfido2-1.6.0-7.el9.x86_64 openssh-8.7p1-22.el9.x86_64 openssh-clients-8.7p1-22.el9.x86_64 openssh-server-8.7p1-22.el9.x86_64 Complete! [root@localhost ~]#
启动新版本的openssh ,拷贝编译后的文件到系统目录
cp /usr/local/openssh/bin/s* /usr/bin/
cp openssh-9.0p1/contrib/redhat/sshd.init /etc/rc.d/init.d/sshd
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
/etc/rc.d/init.d/sshd目录加入启动脚本后,systemctl start sshd 如识别不到,请尝试关闭selinux 或者重启系统尝试,执行启动脚本后报错误如下:
查看文件/etc/rc.d/init.d/sshd 文件49行,文件如下
将编译后的配置文件拷贝到 /etc/ssh/下,重新执行,仍然报错。查看脚本第一行发现缺少文件
拷贝centos7.6版本的functions 文件上传,重新启动后成功
可从cnetos7系列系统中/etc/init.d/目录提取,这里我上传了一个我使用的文件,
https://files.cnblogs.com/files/wenxiao1-2-3-4/functions.zip
7.完成
自启动添加报错,手动设置自启动
