Centos7升级OpenSSH到OpenSSH_8.0p1版本

柔光的暖阳◎ 2022-09-06 01:21 312阅读 0赞

Centos7升级OpenSSH到OpenSSH_8.0p1版本

1、升级要求

升级至openssl 1.1.1版本
升级至openssh 8.0版本
ssh -V 当前查看版本

2、安装telnet (以防升级失败,连不上服务器,建议弄)
  1. 4  2020-11-01 16:34:22 rpm -qa | grep telnet     
  2.     5  2020-11-01 16:34:24 rpm -qa | grep xinetd   
  3.     6  2020-11-01 16:34:34 yum -y install telnet* 
  4.     7  2020-11-01 16:34:42 yum -y install xinetd   
  5.     8  2020-11-01 16:34:56 systemctl enable xinetd.service
  6.     9  2020-11-01 16:35:13 systemctl enable telnet.socket
  7.    10  2020-11-01 16:35:24 systemctl enable telnet.sockesystemctl enable telnet.sockett
  8.    11  2020-11-01 16:35:34 systemctl start telnet.socket  
  9.    12  2020-11-01 16:35:47 systemctl start xinetd
  10.    13  2020-11-01 16:36:02  vi /etc/securetty
  11.    在最后添加两行 pts/0    pts/1
  12.    14  2020-11-01 16:36:32 systemctl restart xinetd
  13.    15  2020-11-01 16:36:42 netstat -plnt |grep 23 # 确认下是否启动成功
3、升级OpenSSl
  1. cd /opt/
  2. scp  root@62.234.150.127:/tmp/open* ./ #上传软件
  3. [root@VM-39-10-centos ~]# cd /opt/
  4. [root@VM-39-10-centos opt]# ls
  5. mellanox  openssh-8.0p1  openssh-8.0p1.tar.gz  openssl-1.1.1c  openssl-1.1.1c.tar.gz  rh
  6. [root@VM-39-10-centos opt]#
  8. tar zxvf openssl-1.1.1c.tar.gz
  9. cd openssl-1.1.1c
  10. ./config --prefix=/usr/local/openssl  #检查环境
  11. ./config t
  12. make     #编译
  13. make install      #编译安装
  15. cd /usr/local
  16. ldd /usr/local/openssl/bin/openssl    #检查函数库
  17. echo "/usr/local/openssl/lib" >> /etc/ld.so.conf    #添加所缺函数库
  18. ldconfig -v        #更新函数库
  19. openssl/bin/openssl version      #查看新安装的版本
  21. which openssl           #查看旧版本openssl命令在哪里
  22. mv /bin/openssl /usr/bin/openssl.old      #将旧版本openssl移除
  23. ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl           #新版本制作软链接
  24. openssl version         最后查看版本,更新完毕
  26. [root@VM-39-10-centos opt]# openssl version 
  27. OpenSSL 1.1.1c  28 May 2019
  28. [root@VM-39-10-centos opt]# #更新完毕
4、升级openssh
  1. mv /etc/ssh /etc/ssh.old
  2. ### 需要注意,移除之后,不能退出当前终端,若退出,只能通过telnet连了
  3.  cd /opt/
  4.  tar -zxvf  openssh-8.0p1.tar.gz 
  5.  cd openssh-8.0p1/
  6.  yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel pam* zlib*
  7.  ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
  8. echo $?
  9. make && make install 
  10. echo $?
  11.  s -l ./contrib/redhat/sshd.init
  13. # 拷贝启动脚本
  14. cp ./contrib/redhat/sshd.init /etc/init.d/sshd
  15. # 修改启动脚本
  16. vim /etc/init.d/sshd
  17. # 按如下修改,需要注意,此路径是你安装新版本的openssh路径,根据你的实际情况修改
  18. SSHD=/usr/local/openssh/sbin/sshd
  20. ### 注意根据自身情况修改路径
  21. /usr/local/openssh/bin/ssh-keygen A
  22. /sbin/restorecon /etc/ssh/ssh_host_key.pub
  23. /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
  24. /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
  25. /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
  27. [root@VM-39-10-centos openssh-8.0p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
  28. [root@VM-39-10-centos openssh-8.0p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
  29. [root@VM-39-10-centos openssh-8.0p1]# echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config 
  30. [root@VM-39-10-centos openssh-8.0p1]# for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
  31. 警告:/etc/ssh/moduli 已另存为 /etc/ssh/moduli.rpmsave
  32. 警告:/etc/ssh/ssh_config 已另存为 /etc/ssh/ssh_config.rpmsave
  33. 警告:/etc/ssh/sshd_config 已另存为 /etc/ssh/sshd_config.rpmsave
  34. [root@VM-39-10-centos openssh-8.0p1]# mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
  35. [root@VM-39-10-centos openssh-8.0p1]# 
  36. [root@VM-39-10-centos openssh-8.0p1]# mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
  37. [root@VM-39-10-centos openssh-8.0p1]# 
  38. [root@VM-39-10-centos openssh-8.0p1]# mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
  39. [root@VM-39-10-centos openssh-8.0p1]# cp -arp /usr/local/openssh/bin/* /usr/bin/
  40. [root@VM-39-10-centos openssh-8.0p1]# service sshd restart
  41. Restarting sshd (via systemctl):                           [  OK  ]
  42. [root@VM-39-10-centos openssh-8.0p1]# ssh -V 
  43. OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
  44. [root@VM-39-10-centos openssh-8.0p1]# chkconfig --add sshd
  45. [root@VM-39-10-centos openssh-8.0p1]# chkconfig --level 2345 sshd on
  46. [root@VM-39-10-centos openssh-8.0p1]# systemctl stop telnet.socket 
  47. [root@VM-39-10-centos openssh-8.0p1]# ssh 49.232.141.113
  48. The authenticity of host '49.232.141.113 (49.232.141.113)' can't be established. ECDSA key fingerprint is SHA256:YURCHUWDH7YGwNetYX5iduAJhwC5DJclN/1akV2l9t0. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '49.232.141.113' (ECDSA) to the list of known hosts. root@49.232.141.113's password: 
  49. Last login: Sun Nov  1 16:33:34 2020 from 223.20.102.110
  50. [root@VM-39-10-centos ~]#

发表评论

表情:
评论列表 (有 0 条评论,312人围观)

还没有评论,来说两句吧...

相关阅读