CentOS7升级openssh9.6p1

Abstracod
245 阅读2分钟

下载文件:openssl1.1.1 , openssh9.6p1

openssl1.1.1

objects.githubusercontent.com/github-prod…

openssh9.6p1,p1版本是补丁版本

cdn.openbsd.org/pub/OpenBSD…

安装telnet

防止升级失败,备用连接方案

# 安装telnet-server
yum -y install telnet-server

# 启动并设置开机自启动
systemctl start telnet.socket && systemctl enable telnet.socket

# 如果有防火墙,则需要放行23端口
firewall-cmd --zone=public --add-port=23/tcp --permanent
firewall-cmd --reload

# 添加普通用户并设置密码
useradd teluser
echo teluser123 | passwd --stdin teluser

# 增加账号的sudo权限,但该文件默认是没有写权限的,因此需要先增加写权限
chmod u+w /etc/sudoers

vim /etc/sudoers
#添加内容
teluser ALL=(ALL) ALL

# 上面配置完成后就可以在windows下的终端中使用telnet命令来测试连接
telnet 192.168.0.10 23

升级Openssl

#安装依赖库
yum install -y gcc gcc-c++ glibc make automake autoconf zlib zlib-devel

# 解压,复制后按tab键补全命令
tar -zxf openssl-1.1.1

cd openssl-1.1.1

./config shared zlib -fPIC --prefix=/usr/local/openssl

make -j 4
make install

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl

echo '/usr/local/openssl/lib' > /etc/ld.so.conf.d/openssl-x86_64.conf

ldconfig -v

openssl version -a

升级OpenSSH

# 下载安装包和备份

systemctl stop sshd

mv /etc/ssh /etc/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
mv /usr/bin/ssh /usr/bin/ssh.bak

# 卸载原有openssh
rpm -qa | grep openssh
rpm -e openssh-clients-7.5p1-1.x86_64 --nodeps
rpm -e openssh-server-7.5p1-1.x86_64
rpm -e openssh-7.5p1-1.x86_64
rpm -e openssh-debuginfo-7.5p1-1.x86_64

(可以试试yum卸载,yum remove openssh)
rpm -qa | grep openssh

# 编译安装openssh
yum install -y pcre-devel  perl perl-Test-Simple

# 解压,复制后按tab键补全命令
tar -zxf openssh-9.6

cd openssh-9.6

./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib

make -j 4

make install

# 取消原有sshd启动方式并配置新版sshd.service
ls /usr/lib/systemd/system/ssh*
rm -f /usr/lib/systemd/system/ssh*
cp contrib/redhat/sshd.init /etc/init.d/sshd

# 复制sshd相关文件到新目录
mkdir /etc/ssh
vim /usr/local/openssh/etc/sshd_config
# 填写内容
PermitRootLogin yes
PubkeyAuthentication yes

cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

# 启动sshd服务并设置开机启动
systemctl daemon-reload
systemctl start sshd && systemctl enable sshd
ssh -V

# 停止并卸载telnet
systemctl stop telnet.socket
systemctl disable telnet.socket
rpm -e telnet-server

# 删除之前创建的用户并取消用户权限,如果报错用户占用线程,则先kill掉线程,再执行一次
userdel -r teluser

vim /etc/sudoers
#删除内容
teluser ALL=(ALL) ALL

#关闭23端口
firewall-cmd --permanent --zone=public --remove-port=23/tcp
firewall-cmd --reload

参考链接:www.cnblogs.com/williamzhen…

avatar
文章
阅读
粉丝