为了避免在升级过程中登陆访问失败,需要安装telnetserver以及xinetd
yum install xinetd telnet-server -y #安装telnet
vi /etc/xinetd.d/telnet #修改配置文件
配置文件内容
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
修改配置文件
vim /etc/securetty
增加配置文件内容
pts/0
pts/1
pts/2
pts/3
启动服务
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
设置防火墙 本次系统是centos7.2
firewall-cmd --state
firewall-cmd --permanent --add-port=23/tcp
firewall-cmd --reload
安装
openssh
依赖包
yum install y gcc gccc++ glibc make autoconf openssl openssldevel pcre devel pamdevel
下载安装包
openssh8.4
版本
cd /home/workdata/
wget http://www.zlib.net/zlib-1.2.11.tar.gz && wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz && wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
解压安装包
tar -zxvf zlib-1.2.11.tar.gz
tar -zxvf openssl-1.1.1h.tar.gz
tar -zxvf openssh-8.4p1.tar.gz
安装 zlib-1.2.11
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make -j 4
make install
yum install y gcc* pam* zlib*
安装
openssl1.1.1h
cd ../openssl-1.1.1h
mv /usr/bin/openssl /usr/bin/openssl_bak
./config --prefix=/usr/local/ssl shared && make && make install
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version
安装
openssh8.4p
cd ../openssh-8.4p1
chown -R root.root /home/workdata/openssh-8.4p1
mv /etc/ssh /etc/ssh.bak
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
检查openss安装是否成功
echo $? # 是0 说明无报错
配置ssh配置文件
vi /etc/ssh/sshd_config
PermitRootLogin yes ##新增一行
UseDNS no ##放开注释
KexAlgorithms curve25519sha256@libssh.org,ecdhsha2nistp256,ecdhsha2 nistp384,ecdhsha2nistp521,diffiehellmangroup14sha ##复制到最后一行
##如果需要与其他服务进行sftp 传输报错 请复制下面这一段。 因为有可能双方的编码不一致导致
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org
设置开机启动并查看更新成功后的版本号
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /home/workdata/
mv /usr/lib/systemd/system/sshd.socket /home/workdata/
chkconfig --list sshd
chkconfig sshd on
service sshd restart
ssh -V
升级完成 如果SSH访问能通 但是密码一直不对 解决方式
修改/etc/selinux/config 文件,将SELINUX=enforcing改为SELINUX=disabled
重启服务器 后生效
如果有更好的方式 请大神留言指导