升级后的版本
升级代码:
#updatSSHD.sh
#!/bin/bash
rm -rf /opt/openss*
cd /opt
echo -e "Install_openssl"
sleep 3
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz --no-check-certificate
tar -zxvf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w/
./config --prefix=/usr/local/openssl
./config -t
make -j 4 && make install
sleep 2
if [ $? -eq 0 ]; then
ldd /usr/local/openssl/bin/openssl
echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
ldconfig -v
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ll /usr/bin/openssl
ldd /usr/local/openssl/bin/openssl
else
echo -e "flase"
sleep 2
exit
fi
sleep 1
echo -e "$(which openssl)"
echo -e "$(openssl version)"
sleep 10
echo -e "Install_openssh"
sleep 5
cd /opt
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
tar -zxvf openssh-9.6p1.tar.gz
mv /etc/ssh /etc/ssh_bak
cd openssh-9.6p1
sleep 3
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam \
--with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man \
--with-zlib=/usr/local/zlib --without-hardening
sleep 5
make -j 4 && make install
sleep 5
if [ $? -eq 0 ]; then
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /etc/sysconfig/sshd /opt
mv /usr/lib/systemd/system/sshd.service /opt
\cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
sleep 3
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
\cp -arf /usr/local/openssh/bin/* /usr/bin/
\cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
\cp /opt/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
\cp ./contrib/redhat/sshd.init /etc/init.d/sshd
\cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /opt/sshd.service /usr/lib/systemd/system/
else
echo -e "flase"
exit
fi
sleep 5
systemctl daemon-reload
systemctl start sshd ; systemctl enable sshd
systemctl status sshd
sleep 2
echo -e $(ssh -V)
echo -e $(which ssh)
# -------有可能缺少的文件1内容---------------
openssh编译安装是检查pam模块,需添加/etc/pam.d/sshd 文件,没有时添加,有则无需添加
#%PAM-1.0
auth substack password-auth
auth include postlogin
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth
password include password-auth
## pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so
session include password-auth
session include postlogin
# -------有可能缺少的文件2内容-----“/etc/sysconfig/sshd”----------
# Configuration file for the sshd service.
# The server keys are automatically generated if they are missing.
# To change the automatic creation uncomment and change the appropriate
# line. Accepted key types are: DSA RSA ECDSA ED25519.
# The default is "RSA ECDSA ED25519"
# AUTOCREATE_SERVER_KEYS=""
# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
# Do not change this option unless you have hardware random
# generator and you REALLY know what you are doing
SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1
检查安装是否成功: