一、下载镜像制作自己的yum源
1.CentOS下载镜像
官网地址:https://www.centos.org/download/ 国内镜像地址:https://mirrors.aliyun.com/centos/7/isos/x86_64
2.创建ISO存放目录以及挂载目录
mkdir /mnt/iso /mnt/cdrom
3.上传ISO镜像文件至/mnt/iso
4.挂载ISO镜像到挂载目录
mount -o loop /mnt/iso/*.iso /mnt/cdrom
5、检查挂载是否成功
df -h
6.备份/etc/yum.repos.d文件至备份文件夹
7.创建repo文件并存放
8.写入信息至local.repo
[local] name=local #挂载地址:/mnt/cdrom baseurl=file:///mnt/cdrom enabled=1 gpgcheck=0 #cd /mnt/cdrom/可以看到KEY gpgkey=file:///mnt/cdrom/RPM-GPG-KEY-CentOS-7
9.测试yum安装
yum clean all yum install ntp
10.取消挂载
umount /mnt/cdrom
一、先查看服务器版本的ssl
1. 下载新版本openssl
查看当前openssl版本信息
[root@localhost src]# openssl version
OpenSSL 1.1.1q 5 Jul 2022
2、上传下载新版本
[root@localhost src]# tar xzfv openssl-1.1.1q.tar.gz
[root@localhost src]# ll
total 32252
-rw-r--r--. 1 root root 3817196 Aug 3 23:10 glibc-2.17-325.el7_9.x86_64.rpm
-rw-r--r--. 1 root root 12058444 Aug 3 23:10 glibc-common-2.17-317.el7.x86_64.rpm
-rw-r--r--. 1 root root 1127364 Aug 3 23:10 glibc-devel-2.17-317.el7.x86_64.rpm
-rw-r--r--. 1 root root 706340 Aug 3 23:10 glibc-headers-2.17-317.el7.x86_64.rpm
-rw-r--r--. 1 root root 91396 Aug 3 23:10 libtirpc-0.2.4-0.16.el7.x86_64.rpm
drwxr-xr-x. 7 1000 1000 16384 Aug 3 23:39 openssh-8.6p1
-rw-r--r--. 1 root root 1786328 Aug 3 23:10 openssh-8.6p1.tar.gz
drwxrwxr-x. 19 root root 4096 Aug 3 23:27 openssl-1.1.1q
-rw-r--r--. 1 root root 9864061 Aug 3 23:10 openssl-1.1.1q.tar.gz
-rw-r--r--. 1 root root 2440676 Aug 3 23:10 openssl-devel-1.1.1k-5.el8_5.x86_64.rpm
-rw-r--r--. 1 root root 737960 Aug 3 23:37 pam-1.1.8-23.el7.x86_64.rpm
-rw-r--r--. 1 root root 189124 Aug 3 23:37 pam-devel-1.1.8-23.el7.x86_64.rpm
-rw-r--r--. 1 root root 92068 Aug 3 23:10 zlib-1.2.7-19.el7_9.x86_64.rpm
-rw-r--r--. 1 root root 51256 Aug 3 23:10 zlib-devel-1.2.7-19.el7_9.x86_64.rpm
3、备份证书和密钥文件
[root@localhost src]# mv /usr/bin/openssl /usr/bin/openssl.old
[root@localhost src]# mv /usr/include/openssl /usr/include/openssl.old
4、安装新版本openssl,预编译以及编译安装
#进入目录
[root@172-15-4-5 openssl-1.1.1h]# cd openssl-1.1.1h[root@172-15-4-5 openssl-1.1.1h]# ./config --prefix=/usr/local/openssl
看看是否成功,0则为成功
[root@172-15-4-5 openssl-1.1.1h]# echo $?[root@172-15-4-5 openssl-1.1.1h]# make && make install
5、替换原有旧openssl文件
[root@localhost ~]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
[root@localhost ~]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl#在/etc/ld.so.conf文件中写入openssl库文件的搜索路径
[root@localhost ~]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf#使修改后的/etc/ld.so.conf生效
[root@localhost ~]# ldconfig -v
6、验证版本
[root@172-15-4-5 openssl-1.1.1h]# openssl version
OpenSSL 1.1.1h 22 Sep 2020
二、以防失败,安装telnet
yum -y install telnet-server.x86_64 //telnet服务器
yum list | grep telnet-server //telnet客户端(可不安装)
yum list | grep xinetd //xinetd守护进程#配置开机启动
systemctl enable xinetd.service
systemctl enable telnet.socket#启动服务
systemctl start telnet.socket
systemctl start xinetd#查看端口,看到23端口已打开
netstat -ntlp#开启防火墙允许访问23端口(没开防火墙跳过此步骤)
firewall-cmd --add-port=23/tcp --permanent
firewall-cmd --reload#默认root无法远程访问,修改/etc/securetty
vi /etc/securetty
在末尾添加
pts/0
pts/1测试使用telnet登录服务器
1、下载openssh
下载地址: https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
#进入要下载的目录
[root@localhost ~]# cd /usr/local/src/#下载源码
[root@localhost src]# wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz#解压
[root@localhost src]# tar -zxvf openssh-8.6p1.tar.gz
2、编译安装
#进入目录
[root@172-15-4-5 src]# cd openssh-8.6p1#编译
[root@172-15-4-5 openssh-8.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/lib64 --without-hardening
#查看结果,输出为0代表正常
[root@172-15-4-5 openssh-8.6p1]# echo $?
0
安装
[root@172-15-4-5 openssh-8.6p1]# make
#查看结果,输出为0代表正常
[root@172-15-4-5 openssh-8.6p1]# echo $?
0[root@172-15-4-5 openssh-8.6p1]# make install
#查看结果,输出为0代表正常
[root@172-15-4-5 openssh-8.6p1]# echo $?
0
安装后一定要做的一步!!不做后悔系列,非常重要,本人已尝试多次,
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
3、配置SSH文件
#允许root账户登录
[root@localhost openssh-8.6p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-8.6p1]# grep "^PermitRootLogin" /etc/ssh/sshd_config
PermitRootLogin yes[root@localhost openssh-8.6p1]# echo "UseDNS no" >> /etc/ssh/sshd_config
[root@localhost openssh-8.6p1]# grep "UseDNS" /etc/ssh/sshd_config
UseDNS no#复制文件到系统服务目录
[root@localhost openssh-8.6p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-8.6p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam#添加执行权限
[root@localhost openssh-8.6p1]# chmod +x /etc/init.d/sshd#添加服务,配置开机启动
[root@localhost openssh-8.6p1]# chkconfig --add sshd
[root@localhost openssh-8.6p1]# systemctl enable sshd
[root@localhost openssh-8.6p1]# chkconfig sshd on#原来的服务移走,否走有时重启后ssh服务起不来
[root@localhost openssh-8.6p1]# mv /usr/lib/systemd/system/sshd.service /home/
4、测试验证
[root@localhost openssh-8.4p1]# /etc/init.d/sshd restart
Restarting sshd (via systemctl): [ OK ]#查看端口
[root@localhost openssh-8.4p1]# netstat -ntlp
#22端口正常即可#可以通过systemctl start/stop/restart 启动/停止/重启sshd服务
#查看版本
[root@localhost openssh-8.4p1]# ssh -V
OpenSSH_8.6p1, OpenSSL 1.1.1h 22 Sep 2020
5、关闭telent
[root@172-15-4-5 src]# systemctl disable xinetd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.
[root@172-15-4-5 src]# systemctl stop xinetd.service
[root@172-15-4-5 src]# systemctl disable telnet.socket
Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.
[root@172-15-4-5 src]# systemctl stop telnet.socket