Centos7安装openssh8.2

升级前信息:

openssl version
ssh -V
cat /etc/redhat-release

1.安装telnet-server以及xinetd

yum install xinetd telnet-server -y
cat >>/etc/securetty << \EOF
pts/0
pts/1
pts/2
pts/3
EOF
tail -5 /etc/securetty

systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
netstat -lntp|grep 23

2.使用telnet登录操作:

最好使用
su - 命令
切换到root用户下
3.安装编译组件:

yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  wget curl pam* zlib* wget curl

4.下载源码包并解压:

cd /tmp/
wget https://www.openssl.org/source/openssl-1.1.1f.tar.gz
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz
tar xf openssl-1.1.1f.tar.gz
tar xf openssh-8.2p1.tar.gz

5.备份openssl并安装新openssl

ll /usr/bin/openssl 存在则执行 mv /usr/bin/openssl /usr/bin/openssl_bak
ll /usr/include/openssl 存在则执mv /usr/include/openssl /usr/include/openssl_bak
cd openssl-1.1.1f
./config --prefix=/usr shared
make 
make install
echo $? 输出为0则安装完成

链接到新openssl

ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
ln -s /usr/local/lib64/libcrypto.so.1.1  /usr/lib/
ln -s /usr/local/lib64/libssl.so.1.1  /usr/lib/
ll /usr/bin/openssl
ll /usr/include/openssl -ld
touch /etc/ld.so.conf.d/local.conf
vim /etc/ld.so.conf.d/local.conf 写入:/usr/local/lib64
/sbin/ldconfig
openssl version

6安装新版openssh

cd /tmp/openssh-8.2p1
chown -R root.root /tmp/openssh-8.2p1
systemctl stop sshd
mv /etc/ssh/ /tmp/etc-ssh-bak
mkdir /etc/ssh/
mkdir build
cd build
../configure --prefix=/usr --sysconfdir=/etc/ssh  --with-zlib --with-pam --with-md5-passwords
make
make install
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config  
sed -i 's/#UseDNS no/UseDNS no/' /etc/ssh/sshd_config  
sed -i 's/#PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config  
sed -i 's/#PrintMotd yes/PrintMotd no/' /etc/ssh/sshd_config  
sed -i 's/#X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config  
cp /tmp/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /tmp/openssh-8.2p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv  /usr/lib/systemd/system/sshd.service  /tmp/
chmod +x /etc/init.d/sshd
chkconfig --add sshd 
systemctl enable sshd
/etc/init.d/sshd start
netstat -lntp|grep 22
ssh -V


cd /tmp/openssh-8.2p1
chown -R root.root /tmp/openssh-8.2p1
systemctl stop sshd
mv /etc/ssh/ /tmp/etc-ssh-bak
mkdir /etc/ssh/
mkdir build
cd build
../configure --prefix=/usr --sysconfdir=/etc/ssh  --with-zlib --with-pam --with-md5-passwords
make
make install
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config  
sed -i 's/#UseDNS no/UseDNS no/' /etc/ssh/sshd_config  
sed -i 's/#PrintLastLog yes/PrintLastLog no/' /etc/ssh/sshd_config  
sed -i 's/#PrintMotd yes/PrintMotd no/' /etc/ssh/sshd_config  
sed -i 's/#X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config  
cp /tmp/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /tmp/openssh-8.2p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv  /usr/lib/systemd/system/sshd.service  /tmp/
chmod +x /etc/init.d/sshd
chkconfig --add sshd 
systemctl enable sshd
/etc/init.d/sshd start
netstat -lntp|grep 22
ssh -V
sshd -V

**

一键安装脚本

**

#!/bin/bah
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
        sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
        setenforce 0
fi
        if [ "$CHECK" == "SELINUX=permissive" ]; then
                sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
                setenforce 0
        fi
 
                if [ "$CHECK" == "SELINUX=disabled" ]; then
                        exit
                fi
cd /tmp 
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz
tar xf openssh-8.2p1.tar.gz
cd openssh-8.2p1/
mkdir build
cd build
yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers
../configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-pam --with-tcp-wrappers
make
cp /tmp/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
yum -y erase openssh-server &&mv /etc/ssh /etc/ssh-bak &&make install &&sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin\ yes/g' /etc/ssh/sshd_config &&sed -i 's/#PermitEmptyPasswords\(.*\)/PermitEmptyPasswords\ no/g' /etc/ssh/sshd_config &&/etc/init.d/sshd start 
chkconfig --add sshd
/etc/init.d/sshd restart 
已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页