openssh 升级脚本
环境说明:
环境 | 版本号 |
---|---|
操作系统 | centos1810 |
openssh | 7.4 |
#!/bin/bash
#run this script as root
## check password (and ipaddress)
ckpasswd(){
echo -e "input root password: "
printf -- '\n';
stty -echo
read passwd
stty echo
}
#ip(){
#echo -e "input localIP: "
#printf -- '\n';
#read ip
#printf -- '\n';
#}
#
#checkip(){
#
#while true;do
#
# while true;do
#
# ip
#
# echo $ip | grep "^[0-9]\{1,3\}\.\([0-9]\{1,3\}\.\)\{2\}[0-9]\{1,3\}$" > /dev/null;
#
# if [ $? -eq 0 ]
# then
# echo "ipaddress check step1 passed"
# printf -- '\n';
# break
# else
# echo "ipaddress must be number,input again;"
# printf -- '\n';
# fi
# done
#
# ipaddr=$ip
# a=`echo $ipaddr|awk -F . '{print $1}'` #以"."分隔,取出每个列的值
# b=`echo $ipaddr|awk -F . '{print $2}'`
# c=`echo $ipaddr|awk -F . '{print $3}'`
# d=`echo $ipaddr|awk -F . '{print $4}'`
#
# for num in $a $b $c $d
# do
# if [ $num -gt 255 ] || [ $num -lt 0 ] #每个数值必须在0-255之间
# then
# return 1
# fi
# done
#
# if [ $? -eq 0 ]
# then
# echo "ipaddress check step2 passed,your ipaddress is available;"
# printf -- '\n';
# break
# eles
# echo " ipaddress is error,input again;"
# printf -- '\n';
# fi
#done
#}
checkpassword(){
while true;do
ckpasswd
s_ip=$ip
s_passwd=$passwd
mv ~/.ssh/known_hosts ~/.ssh/known_hosts`date +'%Y-%m-%d-%H_%M_%S'`
expect << EOF
spawn ssh -l root 127.0.0.1
expect "*yes/no*"
send "yes\r"
expect "*password*"
send $s_passwd\r
expect "#"
send "date && exit\r"
EOF
if [ $? -eq 0 ]
then
echo "your password is available;"
printf -- '\n';
break
eles
echo " password error,input again;"
printf -- '\n';
fi
done
}
## install telnet and check
e=telnet
f=telnet-server
for pkg in $e $f
do
rpm -qa $pkg
if [ $? -ne 0 ]
then
yum install -y $pkg
fi
done
cp /etc/pam.d/remote /etc/pam.d/remote`date +'%Y-%m-%d-%H_%M_%S'`
sed -ri '/pam_securetty.so/{s/^/\#&/g}' /etc/pam.d/remote
systemctl restart telnet.socket
cktelnet(){
# t_ip=$ip
t_passwd=$passwd
expect << EOF
spawn telnet 127.0.0.1
expect "*login*"
send "root\r"
expect "*password*"
send $t_passwd\r
expect "#"
send "exit\r"
EOF
}
cktelnet && echo "telnet server can be used" || echo "telnet server can not be used,check by yourself please,script will stop now."
## uninstall old openssh and install new
systemctl sttop sshd
rpm -qa openssh* | xargs rpm -e --nodeps
rpm -qa openssh*
tar -zxvf zlib-1.2.11.tar.gz && cd zlib-1.2.11/ && ./configure && make && make install && cd ..
tar -zxvf openssl-1.1.1c.tar.gz && cd openssl-1.1.1c && ./config shared zlib && make && make install && cd ..
[[ $? -eq 0 ]] && mv /usr/bin/openssl /usr/bin/openssl.`date +%Y%m%d` && ln -s /usr/local/bin/openssl /usr/bin/openssl && cat >> /etc/ld.so.conf << EOF
/usr/local/lib64
/usr/local/lib
EOF
[[ $? -eq 0 ]] && ldconfig -v && openssl version -a
tar -zxvf openssh-8.0p1.tar.gz && cd openssh-8.0p1 && ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam && make && make install && ssh -V
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
yum install openssh
echo "PermitRootLogin yes\nUsePAM yes" >> /etc/ssh/sshd_config
systemctl restart sshd
expect << EOF
spawn ssh -l root 127.0.0.1
expect "*yes/no*"
send "yes\r"
expect "*password*"
send $s_passwd\r
expect "#"
send "date && exit\r"
EOF
[[ $? -eq 0 ]] && systemctl stop telnet.socket && echo "openssh successfull installed"