pkg uninstall service/network/ssh?p
pkg uninstall gnu-tar //Required in global zone only?p
pkg uninstall network/ssh
pkg uninstall ssh-key
源码编译升级openssl版本
官网下载openssl-1.1.1d.tar
gunzip openssl-1.1.1d.tar.gz
tar openssl-1.1.1d.tar
cd openssl-1.1.1d
./config --prefix=/usr/local/ssl shared
make
make install
替换老版本:
- 备份
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
mv /usr/lib/libssl.so /usr/lib/libssl.so.bak
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.bak
- 替换
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -s /usr/local/ssl/lib/libssl.so /usr/lib/libssl.so
ln -s /usr/local/ssl/lib/libcrypto.so /usr/lib/libcrypto.so
ln -s /usr/local/ssl/lib/libssl.so.1.1 /lib/64/libssl.so.1.1
ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /lib/64/libcrypto.so.1.1
ldd /usr/local/ssl/bin/openssl
ldd /usr/local/ssl/bin/openssl
libssl.so.1.1 => /lib/64/libssl.so.1.1
libcrypto.so.1.1 => /lib/64/libcrypto.so.1.1
libsocket.so.1 => /lib/64/libsocket.so.1
libnsl.so.1 => /lib/64/libnsl.so.1
libdl.so.1 => /lib/64/libdl.so.1
libpthread.so.1 => /lib/64/libpthread.so.1
libc.so.1 => /lib/64/libc.so.1
查看升级后的版本
openssl version
OpenSSL 1.1.1d 10 Sep 2019
pkg uninstall archiver/gnu-tar@1.29-11.4.0.0.1.14.0
pkg uninstall pkg://solaris/network/ssh
源码编译升级openssh
官网下载openssh-8.1p1.tar
gunzip openssh-8.1p1.tar.gz
tar openssh-8.1p1.tar
cd openssh-8.1p1
./configure --with-ssl-dir=/usr/local/ssl /指定openssl目录
make
make install
ln -s /usr/local/bin/ssh /usr/bin/ssh
ln -s /usr/local/bin/sftp /usr/bin/sftp
PATH=/usr/bin:/usr/sbin:/usr/local/bin
查看升级后的版本
ssh -V
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
pkg uninstall service/network/ssh
首先生成必要rsal、dsa、rsa等类型的key文件,按以下的命令来做:
ssh-keygen -t rsal -f /usr/local/etc/ssh_host_key -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
5c:30:b9:cc:45:b6:fd:c3:c1:e1:a2:cc:7c:0f:3c:29
#ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
ification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
30:ce:d9:c1:61:36:40:0b:9e:04:6f:89:96:f1:e7:39 root@v420
#ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
37:34:88:98:b3:8c:1b:50:e0:50:9c:3d:18:c6:64:2a
生成key文件以后,仍然是无法执行运行sshd,需要建立sshd用户,要注意的是该用户是没有有效的shell的,这是考虑到了系统的安全,按以下的方法建立用户sshd:
mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
建立该用户后,就能直接手工启动sshd这个守护进程了,需要使用绝对路径来执行该守护进程,否则会报错。在老版本里面,
一个必须要做到步骤就是必须在 /etc/下建立一个ssh的目录,然后将/usr/local/etc下所有配置文件拷贝到/etc/ssh下面,或者做个符号链接,
ln –s /usr/local/etc/ssh /etc/ssh。
做完以上的步骤即可手工启动sshd进程了/usr/local/sbin/sshd。以下是启动和关闭脚本的制定,建立/etc/init.d/sshd脚本,内容如下,然后作两个符号链接:
ln -s /usr/local/etc /etc/ssh
ln -s /etc/init.d/sshd /etc/rc3.d/S99StarSSHD
ln -s /etc/init.d/sshd /etc/rc1.d/K99StopSSHD
#!/sbin/sh
KEYDIR=/usr/local/etc/ssh
KEYGEN="/usr/local/bin/ssh-keygen -q"
PIDFILE=/var/run/sshd.pid
case $1 in
'start')
if [ -x /usr/local/bin/ssh-keygen ]; then
if [ ! -f "$KEYDIR/ssh_host_rsa_key" ]; then
echo "Creating new RSA public/private host key pair"
$KEYGEN -f $KEYDIR/ssh_host_rsa_key -t rsa -N ''
fi
if [ ! -f "$KEYDIR/ssh_host_dsa_key" ]; then
echo "Creating new DSA public/private host key pair"
$KEYGEN -f $KEYDIR/ssh_host_dsa_key -t dsa -N ''
fi
fi
[ -x /usr/local/sbin/sshd ] && /usr/local/sbin/sshd &
;;
'stop')
if [ -z "$_INIT_RUN_LEVEL" ]; then
set -- /usr/bin/who -r
_INIT_RUN_LEVEL="$7"
_INIT_PREV_LEVEL="$9"
fi
if [ $_INIT_RUN_LEVEL -lt $_INIT_PREV_LEVEL ]; then
/usr/bin/pkill -u 0 -x sshd
fi
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -TERM /usr/bin/cat $PIDFILE
fi
;;
'restart')
if [ -f "$PIDFILE" ]; then
/usr/bin/kill -HUP /usr/bin/cat $PIDFILE
fi
;;
- )
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
chmod -R 755 /usr/local
chmod 700 /usr/local/etc/ssh_host_rsa_key
chmod 700 /usr/local/etc/ssh_host_ecdsa_key
chmod 700 /usr/local/etc/ssh_host_ed25519_key
/etc/init.d/sshd start
oot@tongji:/usr# ps -ef |grep ssh
root 7927 7814 0 12:41:45 pts/2 0:00 grep ssh
root 7642 7632 0 12:30:28 ? 0:00 /usr/bin/ssh-agent -- gnome-session
root 7925 1 0 12:41:41 ? 0:00 /usr/local/sbin/sshd
7.4.2 创建文件夹repoSolaris11用于存放补丁包
root@t2000a # mkdir repoSolaris11 //先进入到/expor/目录再创建
root@t2000a # zfs create rpool/export/repoSolaris11
(一般solaris 11操作系统采用zfs封装系统盘,如果采用zfs的话,zfs create需要制定rpool名字以及磁盘等信息。)
root@t2000a # zfs list
root@t2000a # zfs set atime=off rpool/export/repoSolaris11
atime 属性控制是否在读取文件时更新文件的访问时间。关闭此属性可避免在读取文件时生成写入流量。
用ftp软件传输以下文件到/export/repoSolaris11 路径下
ls /export/repoSolaris11
然后执行脚本(执行之前需要把install-repo.ksh赋予执行权限)
#chmod a+x install-repo.ksh //把文件变成可执行文件
#./install-repo.ksh -d /export/repoSolaris11 -I -v -c //执行这个文件的主要作用是解压5个压缩包并合成一个iso文件
- G为删除publisher,-g为添加publisher
root@t2000a #
pkg set-publisher -G '' -M '' -g file:///export/repoSolaris11 solaris
root@t2000a # pkg publisher
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
