linux 中升级ssh,一般在telnet终端下操作,防止ssh连接意外中断造成升级失败,导致无法连接到linux.
1、 查看openssh版本
ssh -V
2、 启用telnet服务
1) 安装telnet-server以及xinetd
yum install xinetd telnet-server -y
2)启用telnet
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
3)配置telnet登录的终端类型,在/etc/securetty文件末尾增加一些pts终端,如下
pts/0
pts/1
pts/2
pts/3
4) 在防火墙中开启telnet 默认端口 23 (云服务器中需要配置防火墙规则)
5)远程访问linux : telnet + IP 输入服务器登陆账号及密码
3、升级opnssh软件
1)检查openssh
rpm -qa|grep openssh
卸载旧的openssh
rpm -e 'rpm -qa | grep openssh' --nodeps
下载最新opnssh软件
项目地址:https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
2)安装必要的软件
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
3)备份
mkdir /etc/ssh_bak
mv /etc/ssh/* /etc/ssh_bak
4)解压、编译、安装
#解压
tar xfz openssh-8.6p1.tar.gz
#编译
cd openssh-8.6p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/ssl \
--with-privsep-path=/var/lib/sshd
#安装
make && make install
如果遇到如下报错:chmod 600 /etc/ssh/ssh_host_*
解决后继续执行以下命令:
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.6p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.6p1
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'UsePAM no' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
6) 重启验证,并测试ssh连接(注意开启默认ssh端口 22)
systemctl restart sshd
7)安装完成后,关闭telnet服务
vi /etc/securetty
删除增加的4行:
pts/0
pts/1
pts/2
pts/3
#停止telnet服务
systemctl stop telnet.socket
systemctl disable telnet.socket
systemctl stop xinetd.service
systemctl disable xinetd.service
#防火墙端口及配置也可以关闭了
参考资料:
http://blog.itpub.net/30327022/viewspace-2643917/
https://cloud.tencent.com/developer/article/1745705