1、安装Telnet服务
操作系统版本:Red Hat Enterprise Linux Server release 7.5 (Maipo)
升级前需要开启Telnet服务,确保升级OpenSSH失败后用户可以远程登录主机。
yum install -y telnet telnet-server xinetd # 安装相关服务
systemctl start xinetd.service telnet.socket # 启动相关服务
netstat -anpt | grep 23 # 确认telnet服务是否成功启动
2、升级OpenSSL
openssl version # 确认当前openssl版本
# 备份OpenSSL
mv /usr/bin/openssl /usr/bin/opoenssl_20191118
mv /usr/include/openssl /usr/include/openssl_20191118
# 源码安装OpenSSL
tar xf openssl-1.0.2q.tar.gz
cd openssl-1.0.2q/
./config shared && make && make install
# 创建软连接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
# 确认软连接
ll /usr/bin/openssl -ld
ll /usr/include/openssl -ld
# 加载新的lib库
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
#查看升级后的OpenSSL版本
openssl version
3、升级OpenSSH
# 确认当前OpenSSH版本
ssh -V
# 备份OpenSSH
mkdir /etc/ssh/backup_20191118
mv /etc/ssh/* /etc/ssh/backup_20191118/
mv /etc/init.d/sshd /etc/init.d/sshd_20191118
# 安装相关依赖包
yum install -y pam-devel zlib-devel
# 源码安装OpenSSH
tar xf openssh-8.0p1.tar.gz
cd openssh-8.0p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
# sshd_config配置修改
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
# 权限修改&启动文件复制
chown root.root /etc/ssh/sshd_config
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
chown root.root /etc/init.d/sshd
# 相关包替换
mv /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10_20191118
mv /lib64/libssl.so.10 /lib64/libssl.so.10_20191118
ln -s /usr/local/ssl/lib/libssl.so.1.0.0 /lib64/libssl.so.10
ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10
chmod -R 755 /usr/local/ssl/
# 设置开机启动&重启sshd服务
systemctl enable sshd
systemctl restart sshd
# 确认当前OpenSSH版本
ssh -V
至此为止升级结束(升级确认无问题后关闭telnet相关服务)。