CentOs7.6升级默认openssh7.4到8.0
查看当前版本
1 2 |
shell>ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 |
安装和配置telnet(避免因直接操作ssh导致ssh连接不了后机子失联)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#安装telnet-server以及xinetd shell>yum install xinetd telnet-server -y #配置telnet登录的终端类型 shell>echo "pts/0" >> /etc/securetty shell>echo "pts/1" >> /etc/securetty shell>echo "pts/2" >> /etc/securetty shell>echo "pts/3" >> /etc/securetty #启动telnet服务,并设置开机自动启动 shell>systemctl enable xinetd shell>systemctl enable telnet.socket shell>systemctl start telnet.socket shell>systemctl start xinetd shell>netstat -lntp|grep 23 |
下载openssl和openssh
1 2 3 4 5 6 7 8 |
#切换到telnet方式登录,以后的操作都在telnet终端下操作,防止ssh连接意外中断造成升级失败 shell>telnet 192.168.9.84 #注意telnet默认不可使用root账户登录,请使用其他账户,如果没有,请新建。 telnet>yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel telnet>yum install -y pam* zlib* telnet>wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz telnet wget https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz |
更新openssl
1 2 3 4 5 6 7 8 9 10 11 12 13 |
#备份openssl文件 telnet>mv /usr/bin/openssl /usr/bin/openssl_bak telnet>mv /usr/include/openssl /usr/include/openssl_bak #编译安装新版本的openssl telnet>tar xfz openssl-1.0.2u.tar.gz telnet>cd openssl-1.0.2u telnet>./config shared && make && make install telnet>ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl telnet>ln -s /usr/local/ssl/include/openssl /usr/include/openssl telnet>echo "/usr/local/ssl/lib" >> /etc/ld.so.conf telnet>/sbin/ldconfig telnet>openssl version |
更新openssh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
#安装openssh telnet>cd telnet>tar xfz openssh-8.0p1.tar.gz telnet>mv /etc/ssh /etc/ssh-bak telnet>cd openssh-8.0p1 telnet>./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install telnet>cp -a contrib/redhat/sshd.init /etc/init.d/sshd telnet>cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam telnet>chmod +x /etc/init.d/sshd telnet>chkconfig --add sshd telnet>systemctl enable sshd telnet>mv /usr/lib/systemd/system/sshd.service /tmp telnet>chkconfig sshd on telnet>vim /etc/ssh/sshd_config Port 8122 telnet>/etc/init.d/sshd restart telnet>ssh -V OpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019 #测试ssh服务是否正常 shell>ssh -p 8122 192.168.9.84 |
关闭telnet
1 2 3 4 5 |
#关闭telnet shell>systemctl disable xinetd.service shell>systemctl stop xinetd.service shell>systemctl disable telnet.socket shell>systemctl stop telnet.socket |