验证环境
- 操作系统版本
- CentOS Linux release 7.6.1810 (Core)
- 内核版本
- 3.10.0-957.el7.x86_64
- openssh 版本
- OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
- openssl 版本
- OpenSSL 1.0.2k-fips 26 Jan 2017
目标环境:
- openssl
- 当前版本:OpenSSL 1.0.2k-fips
- 升级后的版本:OpenSSL-1.1.1
- 下载路径:wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz
- openssh
- 当前版本:OpenSSH_7.4p1, OpenSSL 1.0.2k-fips
- 升级后的版本:OpenSSH_8.4p1, OpenSSL 1.1.1h
- 下载路径:wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
虚拟机环境测试
安装 openssl
- 备份原来的 openssl
[root@kube-master-2 ~]$ ls /usr/bin/openssl
/usr/bin/openssl
[root@kube-master-2 ~]$ mv /usr/bin/openssl /usr/bin/openssl_bak
[root@kube-master-2 ~]$ tar -xzf openssl-1.1.1h.tar.gz && cd openssl-1.1.1h
[root@kube-master-1 ~/openssl-1.1.1h]$ ./config --prefix=/usr/local/openssl --shared && make && make install
[root@kube-master-2 ~]$ ln -s /usr/local/openssl/include/openssl /usr/include/openssl
[root@kube-master-2 ~]$ ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
[root@kube-master-2 ~]$ `echo "/usr/local/openssl/lib" >>/etc/ld.so.conf`
[root@kube-master-2 ~]$ cp libcrypto.so.1.1 /usr/lib64/ && cp libssl.so.1.1 /usr/lib64/
[root@kube-master-2 ~]$ ldconfig
[root@kube-master-2 ~]$ openssl version
OpenSSL 1.1.1h 22 Sep 2020
常见编译问题处理
- 此处执行编译时可能报 /bin/sh: gcc: command not found 错误,缺少gcc 包所致,只需要安装 gcc 包即可,执行命令: yum install gcc -y
- 还可能报 You need Perl 5. 错误,是缺少 Perl 依赖所致,只需要安装 perl 依赖即可,执行命令:yum install perl* -y
安装 openssh
- 安装 openssh
[root@kube-master-2 ~]$ cd /etc/ssh && mkdir –p /root/sshbak && mv ./* /root/sshbak
[root@kube-master-2 ~]$ cd ~ && tar -xzf openssh-8.4p1.tar.gz && cd openssh-8.4p1
[root@kube-master-2 ~/openssh-8.4p1]$ ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam
[root@kube-master-2 ~/openssh-8.4p1]$ make && make install
[root@kube-master-2 ~/openssh-8.4p1]$ mv /usr/bin/ssh /usr/bin/ssh-bak20201230
[root@kube-master-2 ~/openssh-8.4p1]$ ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@kube-master-1 ~/openssh-8.4p1]$ cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@kube-master-2 ~/openssh-8.4p1]$ cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@kube-master-2 ~/openssh-8.4p1]$ chmod +x /etc/init.d/sshd
[root@kube-master-1 ~/openssh-8.4p1]$ chkconfig --add sshd && systemctl enable sshd
[root@kube-master-2 ~]$ mkdir /date
[root@kube-master-2 ~]$ mv /usr/lib/systemd/system/sshd.service /date/
[root@kube-master-2 ~]$ chkconfig sshd on
Note: Forwarding request to 'systemctl enable sshd.socket'.
Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.
[root@kube-master-2 ~]$ ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
常见编译问题:
- 此处执行编译时可能报 configure: error: *** zlib.h missing - please install first or check config.log *** 错误,这是缺少zlib-devel 所致,只需要安装 zlib-devel 即可,执行命令:yum -y install zlib-devel
- 还可能会报 configure: error: PAM headers not found 错误,这是缺少pam-devel 所致,只需要安装 pam-devel 即可,执行命令: yum -y install pam-devel
升级后验证