#!/bin/bash
Oracle8() {
yum -y install net-tools gcc wget kernel-devel perl pam-devel zlib-devel openssl-devel pam-devel
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -xzvf openssh-9.8p1.tar.gz
mkdir /etc/ssh/bak
cp /etc/ssh/ssh* /etc/ssh/bak && cp /etc/ssh/m* /etc/ssh/bak
cp /etc/pam.d/sshd ~
systemctl stop sshd
systemctl disable sshd
rpm -e `rpm -qa | grep openssh` --nodeps
rpm -qa openssh
cd openssh-9.8p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --without-openssl-header-check --without-hardening
sleep 1
make && make install
##查看一下是否是9.8版本
ssh -V
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
cp contrib/redhat/sshd.init /etc/init.d/sshd
mv /root/sshd /etc/pam.d/sshd
rm -rf /etc/ssh/sshd_config
cp -a /etc/ssh/bak/sshd_config /etc/ssh/sshd_config
chmod u+x /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
sed -i '/^SELINUX=enforcing/c\SELINUX=disabled' /etc/selinux/config
setenforce 0
mkdir /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chkconfig --add sshd
chkconfig sshd on
rm -rf /usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd
}
ContOS7() {
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
echo 更换阿里源这里是centos7的源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
echo 清除yum缓存
yum clean all
echo 缓存本地yum源
yum makecache
yum -y install net-tools gcc wget kernel-devel perl pam-devel zlib-devel openssl-devel pam-devel
echo 下载openssh openssl
wget https://mirrors.cloud.tencent.com/openssl/source/old/1.1.1/openssl-1.1.1q.tar.gz
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -xzvf openssl-1.1.1q.tar.gz
tar -xzvf openssh-9.8p1.tar.gz
cd openssl-1.1.1q
./config --prefix=/usr/local/openssl
make && make install
sleep 1
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
echo 替换老版本的 openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo 显示最新版本信息
openssl version
cd /root/
mkdir /etc/ssh/bak
cp /etc/ssh/ssh* /etc/ssh/bak && cp /etc/ssh/m* /etc/ssh/bak
cp /etc/pam.d/sshd ~
systemctl stop sshd
systemctl disable sshd
rpm -e `rpm -qa | grep openssh` --nodeps
rpm -qa openssh
cd openssh-9.8p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --without-openssl-header-check --without-hardening
sleep 1
make && make install
##查看一下是否是9.8版本
ssh -V
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
cp contrib/redhat/sshd.init /etc/init.d/sshd
mv /root/sshd /etc/pam.d/sshd
rm -rf /etc/ssh/sshd_config
cp -a /etc/ssh/bak/sshd_config /etc/ssh/sshd_config
chmod u+x /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
sed -i '/^SELINUX=enforcing/c\SELINUX=disabled' /etc/selinux/config
setenforce 0
mkdir /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chkconfig --add sshd
chkconfig sshd on
rm -rf /usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd
}
target_openssh_version="OpenSSH_9.8p1,"
current_openssh_version=$(ssh -V 2>&1 | awk '{print $1}')
if [ "$current_openssh_version" == "$target_openssh_version" ] ; then
echo -e `date +%Y-%m-%d_%H:%M:%S` "INFO" "OpenSSH为9.8,退出脚本"
exit
else
echo 判断系统
if [ -f /etc/os-release ]; then
os_info=$(cat /etc/os-release)
if echo "$os_info" | grep -q "CentOS Linux 7"; then
echo "检查系统为 CentOS 7"
echo "开始升级"
ContOS7
elif echo "$os_info" | grep -q "Oracle Linux Server 8"; then
echo "检查系统为 Oracle Linux 8"
Oracle8
else
echo "########### 不是 CentOS 7 或 Oracle Linux 8 系统,退出脚本"
exit 1
fi
else
echo "无法确定操作系统类型,退出脚本..."
exit 1
fi
fi