该脚本适用于CentOS 6和7系统,详细指导了如何下载并安装OpenSSH 8.6p1,包括停止iptables,禁用SELINUX,配置允许root登录,以及启动和检查sshd服务。同时,对于CentOS 6系统,还涉及了安装telnet-server,修改xinetd配置;对于CentOS 7系统,涉及移除旧版本openssh,安装依赖,重建密钥文件,并启用sshd服务。
本脚本适应Centos6 &Centos7
- 首先将
openssh-8.6p1.tar包和脚本放在/root/下
当然,可以去下载最新的sshd包,p1为编译版本,下载这个就可以了
https://openbsd.hk/pub/OpenBSD/OpenSSH/portable
2. 脚本内容如下,如果下载了其他版本的sshd包,请在脚本中修改
#!/bin/bash
source ~/.bashrc
systemver=`cat /etc/redhat-release|sed -r 's/.* ([0-9]+)\..*/\1/'`
if [[ $systemver = "6" ]];then
echo "当前是Centos6系统"
# wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
/etc/init.d/iptables stop &> /dev/null
/bin/sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
/usr/sbin/setenforce 0
cp -rf /etc/ssh /etc/ssh.bak
yum -y install telnet-server
/bin/sed -i 's/= yes/= no/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd start && /etc/init.d/xinetd restart
echo “pts/0” >> /etc/securetty && echo “pts/1” >> /etc/securetty && echo “pts/2” >> /etc/securetty
mv /etc/securetty /etc/securetty.bak
yum install -y gcc openssl-devel pam-devel rpm-build
tar -zvxf openssh-8.6p1.tar.gz #这里需要修改你想要的包名称
cd openssh-8.6p1 #这里需要修改你想要的包名称
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make && make install
/bin/sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
service sshd restart && ssh -V
NUM=$(/usr/sbin/lsof -i:23|wc -l)
if [ $NUM -ne 0 ]
then
mv /etc/securetty.bak /etc/securetty
fi
service sshd restart && ssh -V
else
echo "当前是Centos7系统"
# wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
rpm -e --nodeps `rpm -qa | grep openssh`
tar -zxf openssh-8.6p1.tar.gz #这里需要修改你想要的包名称
mv /etc/ssh/ ./ssh.bak
yum -y install gcc zlib-devel openssl-devel
cd openssh-8.6p1/ #这里需要修改你想要的包名称
./configure --prefix=/usr --sysconfdir=/etc/ssh && make
make install && chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key && make install
newversion=`ssh -V 2>&1`
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
sed -i '/#PermitRootLogin prohibit-password/c'"PermitRootLogin yes" /etc/ssh/sshd_config
service sshd restart
fi
扫一扫
349
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
