SHELL练习002：openssl&openssh 升级脚本

最新推荐文章于 2024-05-11 13:28:44 发布

迷鹿miloo

最新推荐文章于 2024-05-11 13:28:44 发布

阅读量249

点赞数

分类专栏： Shell

本文链接：https://blog.csdn.net/qq_39949613/article/details/100115467

版权

Shell 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

openssh 升级脚本

环境说明：

环境	版本号
操作系统	centos1810
openssh	7.4

#!/bin/bash
#run this script as root

## check password (and ipaddress)

ckpasswd(){
echo -e "input root password: "
printf -- '\n';
stty -echo
read passwd
stty echo
}

#ip(){
#echo -e "input localIP: "
#printf -- '\n';
#read ip
#printf -- '\n';
#}
#
#checkip(){
#
#while true;do
#
#    while true;do
#
#        ip
#
#        echo $ip | grep "^[0-9]\{1,3\}\.\([0-9]\{1,3\}\.\)\{2\}[0-9]\{1,3\}$" > /dev/null;
#    
#        if [ $? -eq 0 ]
#        then
#            echo "ipaddress check step1 passed"
#            printf -- '\n';
#            break
#        else
#            echo "ipaddress must be number,input again;" 
#            printf -- '\n';
#        fi
#    done
#    
#    ipaddr=$ip
#    a=`echo $ipaddr|awk -F . '{print $1}'`  #以"."分隔，取出每个列的值 
#    b=`echo $ipaddr|awk -F . '{print $2}'`
#    c=`echo $ipaddr|awk -F . '{print $3}'`
#    d=`echo $ipaddr|awk -F . '{print $4}'`
#
#    for num in $a $b $c $d
#    do
#        if [ $num -gt 255 ] || [ $num -lt 0 ]    #每个数值必须在0-255之间 
#        then
#            return 1
#        fi
#    done
#
#    if [ $? -eq 0 ]
#    then
#        echo "ipaddress check  step2 passed,your ipaddress is available;"
#        printf -- '\n';
#        break
#    eles
#        echo " ipaddress is error,input again;" 
#        printf -- '\n';
#    fi
#done
#}

checkpassword(){

while true;do

ckpasswd

    s_ip=$ip
    s_passwd=$passwd
    mv ~/.ssh/known_hosts ~/.ssh/known_hosts`date +'%Y-%m-%d-%H_%M_%S'`

expect << EOF
spawn ssh -l root 127.0.0.1
expect "*yes/no*"
send "yes\r"
expect "*password*"
send $s_passwd\r
expect "#"
send "date && exit\r"

EOF

    if [ $? -eq 0 ]
    then
        echo "your password is available;"
        printf -- '\n';
        break
    eles
        echo " password error,input again;" 
        printf -- '\n';
    fi
done
}

## install telnet and check

e=telnet
f=telnet-server

for pkg in $e $f
do
    rpm -qa $pkg
    if [ $? -ne 0 ]
    then
        yum install -y $pkg
    fi
done

cp /etc/pam.d/remote /etc/pam.d/remote`date +'%Y-%m-%d-%H_%M_%S'`

sed -ri '/pam_securetty.so/{s/^/\#&/g}' /etc/pam.d/remote

systemctl restart telnet.socket

cktelnet(){
# t_ip=$ip
t_passwd=$passwd

expect << EOF
spawn telnet 127.0.0.1
expect "*login*"
send "root\r"
expect "*password*"
send $t_passwd\r
expect "#"
send "exit\r"

EOF
}

cktelnet && echo "telnet server can be used" || echo "telnet server can not be used,check by yourself please,script will stop now."

## uninstall old openssh and install new

systemctl sttop sshd

rpm -qa openssh* | xargs rpm -e --nodeps

rpm -qa openssh*

tar -zxvf zlib-1.2.11.tar.gz && cd zlib-1.2.11/ && ./configure && make && make install && cd ..

tar -zxvf openssl-1.1.1c.tar.gz && cd openssl-1.1.1c && ./config shared zlib && make && make install && cd ..

[[ $? -eq 0 ]] && mv /usr/bin/openssl /usr/bin/openssl.`date +%Y%m%d` && ln -s /usr/local/bin/openssl /usr/bin/openssl && cat >> /etc/ld.so.conf << EOF 
/usr/local/lib64            
/usr/local/lib
EOF

[[ $? -eq 0 ]] && ldconfig -v && openssl version -a

tar -zxvf openssh-8.0p1.tar.gz && cd openssh-8.0p1 && ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam && make && make install && ssh -V

cp -p contrib/redhat/sshd.init /etc/init.d/sshd 
chmod u+x /etc/init.d/sshd 
chkconfig --add sshd 
chkconfig sshd on 
yum install openssh 
echo "PermitRootLogin yes\nUsePAM yes" >> /etc/ssh/sshd_config

systemctl restart sshd 

expect << EOF
spawn ssh -l root 127.0.0.1
expect "*yes/no*"
send "yes\r"
expect "*password*"
send $s_passwd\r
expect "#"
send "date && exit\r"

EOF

[[ $? -eq 0 ]] && systemctl stop telnet.socket && echo "openssh successfull installed"