rpm资源包已经上传分享可以自行下载
下面是脚本代码及附件shell脚本代码:
#!/bin/bash
#
#************************************
#author: OY
#version: 9.0
#date: 2022-05-20
#description: rpm pageks update oepnssl and openssh.
#FileName: openssh.sh
#log: /root/update_`date +%Y%m%d`.log
#************************************
touch /root/update_`date +%Y%m%d`.log
if [[ `id -u` != "0" ]]; then
echo "not root!"
exit 1;
fi
#检查yum源环境
yum repolist
#安装依赖包
if [[ `echo $?` == "0" ]]; then
sleep 1;yum -y install gcc gcc-c++ glibc make autoconf >> /root/update_`date +%Y%m%d`.log
sleep 1;yum -y install openssl openssl-devel pcre-devel pam-devel >> /root/update_`date +%Y%m%d`.log
sleep 1;tar xf ./ssh_ssl.tar.gz
sleep ;cd ./ssh_ssl && rpm -ivh perl-WWW-Curl-4.17-1.el7.x86_64.rpm >> /root/update_`date +%Y%m%d`.log
sleep 1;echo "Dependency installed successfully !"
else
echo "Network is unreachable or No local source was created !"
exit 2;
fi
#安装telnet备用方式
#yum install telnet-server xinetd -y
#systemctl enable xinetd telnet.socke
#
#if [[ `echo $?` == "0" ]]; then
# sleep 1;echo -e 'pts/0\npts/1\npts/2\npts/3' >>/etc/securetty
# sleep 1;systemctl restart xinetd telnet.socket
# sleep 1;echo "xinetd and telnet installed start successfully !"
#else
# echo "xinetd telnet.socket start error"
# exit 3;
#fi
#升级openssl到最新版本
if [[ -f ./ssl.tar.gz ]]; then
sleep 1;rpm -aq openssl && yum -y remove openssl
sleep 1;tar xf ./ssl.tar.gz
sleep 2;cd ./ssl && rpm -Uvh openssl-1.1.1o-1.el7.x86_64.rpm --nodeps >> /root/update_`date +%Y%m%d`.log
sleep 2;rpm -Uvh *.rpm --nodeps >> /root/update_`date +%Y%m%d`.log && cd /root/ssh_ssl/
sleep 2;cp /etc/ld.so.conf /etc/ld.so.conf.bak
sleep 1;echo "SSL update successful!"
else
echo "oepnssl update failed !"
fi
if [[ -f /etc/ld.so.conf ]]; then
sed -i '/openssl/d' /etc/ld.so.conf
echo "/usr/local/openssl/lib">> /etc/ld.so.conf
openssl version|tee -a >> /root/update_`date +%Y%m%d`.log
else
echo "file /etc/ld.so.conf is not found !"
exit 4;
fi
mkdir -p /bak/sshbak_`date +%Y%m%d`
#升级openssh到最新版本
if [[ `echo $?` = "0" ]]; then
sleep 1;cd /root/ssh_ssl/
sleep 1;cp /etc/pam.d/sshd /bak/sshbak_`date +%Y%m%d`/
sleep 1;cp /etc/ssh/sshd_config /bak/sshbak_`date +%Y%m%d`/
sleep 2;rpm -e `rpm -qa | grep openssh` --nodeps
sleep 1;tar xf ./ssh.tar.gz && cd ./ssh
sleep 2;rpm -Uvh *.rpm --nodeps >> /root/update_`date +%Y%m%d`.log
sleep 2;echo "openssh rpm installed successfully !"
else
echo "openssh update failed !"
exit 12;
fi
#修改配置
if [[ -f /etc/ssh/sshd_config ]]; then
chmod 600 /etc/ssh/*
cp -f /bak/sshbak_`date +%Y%m%d`/sshd /etc/pam.d/sshd
cp -f /bak/sshbak_`date +%Y%m%d`/sshd_config /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin .*/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/PermitRootLogin .*/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/#PasswordAuthentication .*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/PasswordAuthentication .*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/#PermitEmptyPasswords .*/PermitEmptyPasswords no/g" /etc/ssh/sshd_config
sed -i "s/PermitEmptyPasswords .*/PermitEmptyPasswords no/g" /etc/ssh/sshd_config
sed -i "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
sed -i "s/UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
sed -i "s/#UseDNS no/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
else
echo "file /etc/ssh/sshd_config is not found !"
exit 9;
fi
#重启ssh服务
if [[ `echo $?` = "0" ]]; then
systemctl daemon-reload && sleep 1 && systemctl restart sshd >> /root/update_`date +%Y%m%d`.log && chkconfig sshd on >> /root/update_`date +%Y%m%d`.log
echo " sshd service start successfully !"
else
echo "sshd service not start !"
exit 10;
fi
ss -a|grep ssh
ssh -V
echo All upgrades are successful !
结语:telnet安装需要把注释“#”都取消掉,远程安装建议安装telnet。