关于redhat5.5版本离线升级openssh服务至8.4最新版本详细步骤

由于是生产环境是内网环境，采用虚拟机模拟生产环境进行测试
一、准备虚拟机环境
安装redhat5.5版本系统
虚拟机安装好redhat5.5系统后

首先关闭防火墙
[root@localhost ~]# service iptables stop
查看防火墙状态
[root@localhost ~]# service iptables status
Firewall is stopped.
永久关闭防火墙生效
[root@localhost ~]# chkconfig iptables off

查看系统ssh服务初始版本
[root@localhost ~]# sshd -version
sshd: illegal option – v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]

备注：本次升级采用xshell客户端连接虚拟机，建议网络配置采用NAT静态模式。

二、安装telnet服务

由于xshell连接虚拟机升级ssh服务，为了避免升级过程中意外中断远程连接，所以事先开启telnet服务。

1、虚拟机挂载redhat5.5系统镜像

关机虚拟机后此处选择自己的系统镜像确定，然后启动虚拟机

创建openssh_update， openssl_update，perl_update ，telnet_update ，zlib_update这五个文件夹用来存放rpm包
我是放在在了自己的家目录，这里根据自己想放哪放哪
[root@localhost demo]# pwd
/home/demo
[root@localhost demo]# mkdir openssh_update
[root@localhost demo]# mkdir openssl_update
[root@localhost demo]# mkdir zlib_update
[root@localhost demo]# mkdir perl_update
[root@localhost demo]# mkdir telnet_update
[root@localhost demo]# ls
openssh_update openssl_update perl_update telnet_update zlib_update

查看telnet-server服务是否安装rpm -qa|grep telnet-server
[root@localhost /]# rpm -qa|grep telnet
telnet-0.17-39.el5
[root@localhost /]# rpm -qa|grep telnet-server
[root@localhost /]#
[root@localhost /]#
系统只安装了telnet客户端，没有安装telnet-server，所以要安装telnet服务
挂载镜像文件
首先创建要挂载的目录
[root@localhost /]# mkdir /mnt/cdrom
然后挂载镜像
[root@localhost /]# mount /dev/cdrom /mnt/cdrom/
[root@localhost /]# cd /mnt/cdrom/
[root@localhost cdrom]# ls
Cluster README-ja.html RELEASE-NOTES-en RELEASE-NOTES-ta.html RELEASE-NOTES-U5-or.html
ClusterStorage README-kn.html RELEASE-NOTES-en.html RELEASE-NOTES-te.html RELEASE-NOTES-U5-pa.html
EULA README-ko.html RELEASE-NOTES-es.html RELEASE-NOTES-U5-as.html RELEASE-NOTES-U5-pt_BR.html
eula.en_US README-ml.html RELEASE-NOTES-fr.html RELEASE-NOTES-U5-bn.html RELEASE-NOTES-U5-ru.html
GPL README-mr.html RELEASE-NOTES-gu.html RELEASE-NOTES-U5-de.html RELEASE-NOTES-U5-si.html
images README-or.html RELEASE-NOTES-hi.html RELEASE-NOTES-U5-en RELEASE-NOTES-U5-ta.html
isolinux README-pa.html RELEASE-NOTES-it.html RELEASE-NOTES-U5-en.html RELEASE-NOTES-U5-te.html
README-as.html README-pt_BR.html RELEASE-NOTES-ja.html RELEASE-NOTES-U5-es.html RELEASE-NOTES-U5-zh_CN.html
README-bn.html README-ru.html RELEASE-NOTES-kn.html RELEASE-NOTES-U5-fr.html RELEASE-NOTES-U5-zh_TW.html
README-de.html README-si.html RELEASE-NOTES-ko.html RELEASE-NOTES-U5-gu.html RELEASE-NOTES-zh_CN.html
README-en README-ta.html RELEASE-NOTES-ml.html RELEASE-NOTES-U5-hi.html RELEASE-NOTES-zh_TW.html
README-en.html README-te.html RELEASE-NOTES-mr.html RELEASE-NOTES-U5-it.html RPM-GPG-KEY-redhat-beta
README-es.html README-zh_CN.html RELEASE-NOTES-or.html RELEASE-NOTES-U5-ja.html RPM-GPG-KEY-redhat-release
README-fr.html README-zh_TW.html RELEASE-NOTES-pa.html RELEASE-NOTES-U5-kn.html Server
README-gu.html RELEASE-NOTES-as.html RELEASE-NOTES-pt_BR.html RELEASE-NOTES-U5-ko.html TRANS.TBL
README-hi.html RELEASE-NOTES-bn.html RELEASE-NOTES-ru.html RELEASE-NOTES-U5-ml.html VT
README-it.html RELEASE-NOTES-de.html RELEASE-NOTES-si.html RELEASE-NOTES-U5-mr.html
[root@localhost cdrom]#

然后 cd /mnt/cdrom/Server

复制telnet相关rpm包至/home/demo/telnet_update下

[root@localhost Server]# cp xinetd-2.3.14-10.el5.x86_64.rpm /home/demo/telnet_update/
[root@localhost Server]# cp telnet-server-0.17-39.el5.x86_64.rpm /home/demo/telnet_update/

安装telnet服务

[root@localhost Server]# cd /home/demo/telnet_update/
[root@localhost telnet_update]# ls
telnet-server-0.17-39.el5.x86_64.rpm xinetd-2.3.14-10.el5.x86_64.rpm
[root@localhost telnet_update]# rpm -ivh xinetd-2.3.14-10.el5.x86_64.rpm
warning: xinetd-2.3.14-10.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing… ########################################### [100%]
1:xinetd ########################################### [100%]
[root@localhost telnet_update]# rpm -ivh telnet-server-0.17-39.el5.x86_64.rpm
warning: telnet-server-0.17-39.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing… ########################################### [100%]
1:telnet-server ########################################### [100%]
[root@localhost telnet_update]#

2、配置telnet服务
修改配置文件 修改 disable　　= no
[root@localhost telnet_update]# vi /etc/xinetd.d/telnet

=================================================================

default: on

description: The telnet server serves telnet sessions; it uses \

unencrypted username/password pairs for authentication.

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}

~
~
~
~
~
~
“/etc/xinetd.d/telnet” 14L, 305C

编辑下面两个配置文件都在 “auth　　required　　　　pam_securetty.so” 这一行前加上#号
[root@localhost telnet_update]# vi /etc/pam.d/login
[root@localhost telnet_update]# vi /etc/pam.d/remote

然后重启telnet服务

[root@localhost telnet_update]# service xinetd restart
Stopping xinetd: [FAILED]
Starting xinetd: [ OK ]
[root@localhost telnet_update]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@localhost telnet_update]#
不知道为啥停止失败，再一次重启telnet服务没问题

3、测试用telnet服务连接虚拟机
打开本地cmd， 直接telnet ip连接虚拟机

然后登陆账号密码

连接成功

三、安装升级openssh服务

1、准备以下安装包，从网上搜一下就能找到

2、用xshell工具的文件传输工具分别传至最先创建好的目录里
3、解压openssh
[root@localhost home]# cd /home/demo/openssh_update/
[root@localhost openssh_update]# ls
openssh-8.4p1.tar.gz
[root@localhost openssh_update]# tar -zxvf openssh-8.4p1.tar.gz

4、安装升级openssh

[root@localhost openssh_update]# ls
openssh-8.4p1 openssh-8.4p1.tar.gz
[root@localhost openssh_update]# cd openssh-8.4p1
[root@localhost openssh-8.4p1]#

以后每一次编译均在此目录下完成，/home/demo/openssh_update/openssh-8.4p1
编译
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords

[root@localhost openssh-8.4p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords

编译中遇到以下报错

checking zlib.h usability… no
checking zlib.h presence… no
checking for zlib.h… no
configure: error: *** zlib.h missing - please install first or check config.log ***
[root@localhost openssh-8.4p1]#

很明显缺少zlib相关依赖包，话不多说直接安装zilb
先解压传好的zlib安装包
[root@localhost openssh-8.4p1]# cd /home/demo/zlib_update/
[root@localhost zlib_update]# ls
zlib-1.2.11.tar.gz
[root@localhost zlib_update]# tar -zxvf zlib-1.2.11.tar.gz

编译 ./configure
[root@localhost zlib_update]# ls
zlib-1.2.11 zlib-1.2.11.tar.gz
[root@localhost zlib_update]# cd zlib-1.2.11
[root@localhost zlib-1.2.11]# ./configure

安装
[root@localhost zlib-1.2.11]# make && make install

再次编译openssh

[root@localhost zlib-1.2.11]# cd /home/demo/openssh_update/openssh-8.4p1
[root@localhost openssh-8.4p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords

编译再次遇到报错

checking if openpty correctly handles controlling tty… yes
checking whether AI_NUMERICSERV is declared… yes
checking if SA_RESTARTed signals interrupt select()… yes
checking for getpgrp… yes
checking if getpgrp accepts zero args… yes
configure: error: *** working libcrypto not found, check config.log
[root@localhost openssh-8.4p1]#

经搜查此错误是缺少openssl相关依赖包，接下来安装openssl
进入/home/demo/openssl_update/
解压
[root@localhost openssh-8.4p1]# cd /home/demo/openssl_update/
[root@localhost openssl_update]# tar -zxvf openssl-1.1.1g.tar.gz

然后编译cd openssl-1.1.1g目录进行编译

[root@localhost openssl_update]# ls
openssl-1.1.1g openssl-1.1.1g.tar.gz
[root@localhost openssl_update]# cd openssl-1.1.1g
[root@localhost openssl-1.1.1g]# ./config --prefix=/usr/local/ssl shared zlib-dynamic enable-camellia
很不辛编译后又遇到报错了
[root@localhost openssl-1.1.1g]# ./config --prefix=/usr/local/ssl shared zlib-dynamic enable-camellia
Operating system: x86_64-whatever-linux2
Perl v5.10.0 required–this is only v5.8.8, stopped at ./Configure line 12.
BEGIN failed–compilation aborted at ./Configure line 12.
Perl v5.10.0 required–this is only v5.8.8, stopped at ./Configure line 12.
BEGIN failed–compilation aborted at ./Configure line 12.
This system (linux-x86_64) is not supported. See file INSTALL for details.
[root@localhost openssl-1.1.1g]#
很明显perl的版本太低导致

接下来直接安装perl
解压
[root@localhost perl_update]# cd /home/demo/perl_update/
[root@localhost perl_update]# ls
perl-5.16.1.tar.gz
[root@localhost perl_update]# tar -zxvf perl-5.16.1.tar.gz
建立文件目录，以供安装时使用
[root@localhost perl-5.16.1]# mkdir /usr/local/perl
设置源码
[root@localhost perl-5.16.1]# ./Configure -des -Dprefix=/usr/local/perl -Dusethreads -Uversiononly
编译安装 这两个步骤等的时间有点长
[root@localhost perl-5.16.1]# make
[root@localhost perl-5.16.1]# make install
替换掉旧的perl命令

[root@localhost perl-5.16.1]# cd /user/bin
[root@localhost perl-5.16.1]# mv perl perl.old //把原来的perl更名为perl.old，弃用。

[root@localhost perl-5.16.1]# ln -s /usr/local/perl/bin/perl /usr/bin/perl //做一个软链接，使用新的perl
完成，查看perl版本
perl -version
[root@localhost bin]# perl -version

This is perl 5, version 16, subversion 1 (v5.16.1) built for x86_64-linux-thread-multi

Copyright 1987-2012, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using “man perl” or “perldoc perl”. If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

[root@localhost bin]#

安装成功
回到/home/demo/openssl_update/openssl-1.1.1g下继续编译

[root@localhost perl-5.16.1]#cd /home/demo/openssl_update/openssl-1.1.1g
[root@localhost openssl-1.1.1g]# ./config --prefix=/usr/local/ssl shared zlib-dynamic enable-camellia
安装

[root@localhost openssl-1.1.1g]#make depend
[root@localhost openssl-1.1.1g]#make && make install

额外配置必须（为OpenSSH升级做准备）
[root@localhost openssl-1.1.1g]#mv /usr/bin/openssl /usr/bin/openssl.bak
[root@localhost openssl-1.1.1g]#ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
[root@localhost openssl-1.1.1g]#ln -s /usr/local/ssl/include/openssl /usr/include/openssl
[root@localhost openssl-1.1.1g]#echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
[root@localhost openssl-1.1.1g]#ldconfig -v

openssl安装成功
查看 openssl version
[root@localhost openssl-1.1.1g]# openssl version

[root@localhost openssl-1.1.1g]# openssl version
OpenSSL 1.1.1g 21 Apr 2020
[root@localhost openssl-1.1.1g]#

再次编译openssh
需要加一点点配置参数–with-ssl-dir=/usr/local/ssl这点配置与升级openssl过程中自定义的配置有关
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-ssl-dir=/usr/local/ssl

[root@localhost openssl-1.1.1g]#
[root@localhost openssl-1.1.1g]# cd /home/demo/openssh_update/openssh-8.4p1
[root@localhost openssh-8.4p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-ssl-dir=/usr/local/ssl
安装
安装之前将现有的ssh配置文件备份

[root@localhost openssh-8.4p1]# mv /etc/ssh/ssh_config /etc/ssh/ssh_config.bak
[root@localhost openssh-8.4p1]# mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@localhost openssh-8.4p1]# make && make install

重启ssh服务 查看ssh服务版本
[root@localhost openssh-8.4p1]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@localhost openssh-8.4p1]# sshd -version
unknown option – v
OpenSSH_8.4p1, OpenSSL 1.1.1g 21 Apr 2020
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
[root@localhost openssh-8.4p1]#
sshd服务开机自启动（以前配置过此处可以不执行，但是执行也不会有问题，万无一失）

[root@localhost openssh-8.4p1]# chkconfig sshd on
[root@localhost openssh-8.4p1]#

ssh服务配置文件配置
[root@localhost openssh-8.4p1]# vi /etc/ssh/sshd_config

找到PermitRootLogin，修改为PermitRootLogin yes
找到X11Forwarding ,修改为X11Forwarding yes

然后重启ssh服务

[root@localhost openssh-8.4p1]# service sshd restart

至此升级ssh服务至最新版本大功告成
然后用xshell测试连接没有问题，然后关闭telnet服务

觉得升级服务没有问题的老铁评论666吧，测试写博客也不容易