RHEL5.4 openssh升级至OpenSSH_7.4p1版本-shell处理
客户30台RHEL5.4系统的openssh需要升级到OpenSSH_7.4p1版本
#cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
# uname -r
2.6.18-164.el5PAE
# uname -m
i686
由于防止远程连接中断,需要开启telnet服务,防火墙放开tcp 23端口,同时下载所需文件,故写了2个脚本
脚本1:下载软件,防火墙放开tcp 23 端口,开启telnet服务
#!/bin/bash
#Load system paraments
. /etc/init.d/functions
function DownloadSoftware(){
[ ! -d /root/tools ] && mkdir -p /root/tools
if [ `grep "nameserver 8.8.8.8" /etc/resolv.conf | wc -l` -lt 1 ]
then
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
fi
wget -O /root/tools/openssl-0.9.8f.tar.gz https://dl.packetstormsecurity.net/crypt/SSL/openssl/openssl-0.9.8f.tar.gz \
--no-check-certificate > /dev/null 2>&1
if [ $? -eq 0 ]
then
action "download openssl-0.9.8f.tar.gz" /bin/true
else
action "download openssl-0.9.8f.tar.gz" /bin/false
exit
fi
wget -O /root/tools/openssh-7.4p1.tar.gz http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz \
> /dev/null 2>&1
if [ $? -eq 0 ]
then
action "download openssh-7.4p1.tar.gz" /bin/true
else
action "download openssh-7.4p1.tar.gz" /bin/false
exit
fi
}
function ModIptables(){
if [ `iptables -L | grep -w "dpt:telnet" | wc -l` -lt 1 ]
then
sed -i '19 i-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT' /etc/sysconfig/iptables
iptables-restore < /etc/sysconfig/iptables &&/etc/init.d/iptables save > /dev/null 2>&1 && \
/etc/init.d/iptables restart
if [ `iptables -L | grep -w "dpt:telnet" | wc -l` -eq 1 ]
then
action "Add Telnet port..." /bin/true
fi
fi
}
function StartTelnet(){
sed -i '/.*disable/s#yes#no#g' /etc/xinetd.d/krb5-telnet
/etc/init.d/xinetd restart
if [ `awk -F "[= ]+" '/.*disable/{print $2}' /etc/xinetd.d/krb5-telnet` = "no" ]
then
action "Start Telnet" /bin/true
else
action "Start Telnet" /bin/false
exit
fi
}
function main(){
DownloadSoftware
ModIptables
StartTelnet
}
main
脚本2:卸载并安装openssl,卸载并安装openssh,关闭telnet服务
#!/bin/bash
#Load system paraments
. /etc/init.d/functions
function InstallOpenSsl(){
#Uninstall OpenSsl.
for i in `rpm -qa openssl*`
do
rpm -e $i --nodeps > /dev/null 2>&1
done
#Install OpenSsl.
cd /root/tools && tar xf openssl-0.9.8f.tar.gz
sleep 5
cd /root/tools/openssl-0.9.8f
./config shared zlib > /dev/null 2>&1 && make > /dev/null 2>&1 && make install > /dev/null 2>&1
if [ $? -eq 0 ]
then
action "Install OpenSsl" /bin/true
else
action "Install OpenSsl" /bin/false
exit
fi
#Config openssl.
mv /usr/include/openssl /usr/include/openssl.bak > /dev/null 2>&1
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -s /usr/local/ssl/lib/libssl.so.0.9.8 /lib/libssl.so.6
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.8 /lib/libcrypto.so.6
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v > /dev/null 2>&1
}
function InstallOpenSsh(){
#Uninstall OpenSsh.
/etc/init.d/sshd stop
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +%F`
for ossh in `rpm -qa | grep openssh*`
do
rpm -e $ossh > /dev/null 2>&1
done
#Install OpenSsh.
cd /root/tools && tar xf openssh-7.4p1.tar.gz
sleep 5
cd /root/tools/openssh-7.4p1
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl/ > /dev/null 2>&1 && make > /dev/null 2>&1 && make install > /dev/null 2>&1
if [ $? -eq 0 ]
then
action "Install OpenSsh" /bin/true
else
action "Install OpenSsh" /bin/false
exit
fi
#Config OpenSsh.
echo 'export PATH=/usr/local/ssh/bin:/usr/local/ssh/sbin:$PATH' >> /etc/profile
source /etc/profile
echo '/usr/local/ssh/sbin/sshd' >> /etc/rc.d/rc.local
#Modify OpenSsh sshd_config.
sed -i 's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
CheckSsh=(`cat /etc/ssh/sshd_config | grep -E "PermitRootLogin|UseDNS" | grep -v ^# | awk '{print $2}'`)
if [ ${#CheckSsh[*]} -eq 1 ]
then
if [ ${CheckSsh[0]} = no ]
then
action "Modify sshd_config" /bin/true
else
action "Modify sshd_config" /bin/false
exit
fi
else
if [ ${CheckSsh[0]} = no -a ${CheckSsh[1]} = no ]
then
action "Modify sshd_config" /bin/true
else
action "Modify sshd_config" /bin/false
exit
fi
fi
#Start OpenSsh and check it.
/usr/local/ssh/sbin/sshd > /dev/null 2>&1
if [ `lsof -i :22 | grep -o sshd | wc -l` -gt 1 ]
then
action "Start OpenSSH" /bin/true
else
action "Start OpenSSH" /bin/false
exit
fi
}
function StopTelnet(){
sed -i '/.*disable/s#no#yes#g' /etc/xinetd.d/krb5-telnet
/etc/init.d/xinetd restart
if [ `awk -F "[= ]+" '/.*disable/{print $2}' /etc/xinetd.d/krb5-telnet` = "yes" ]
then
action "Stop Telnet" /bin/true
else
action "Stop Telnet" /bin/false
exit
fi
}
function main(){
InstallOpenSsl
InstallOpenSsh
StopTelnet
}
main
写脚本以及测试脚本时,出现的问题,做个总结
1. 安装完毕openssl后,configure openssh的时候
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh
出现错误:
checking OpenSSL library version... configure: error: OpenSSL >= 0.9.8f required
先自己尝试解决,无法处理,后网上搜相关问题,根据某个网友的文章得到提示,需要指定
--with-ssl-dir参数
2. 在测试环境升级完成后,想使用wget下载个软件,出现一下错误
wget
wget: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory
#ldd /usr/bin/wget linux-gate.so.1 => (0x00b69000) libssl.so.6 => not found libcrypto.so.6 => not found libdl.so.2 => /lib/libdl.so.2 (0x008a4000) librt.so.1 => /lib/librt.so.1 (0x008d8000) libc.so.6 => /lib/libc.so.6 (0x00733000) /lib/ld-linux.so.2 (0x00715000) libpthread.so.0 => /lib/libpthread.so.0 (0x008aa000)
libssl.so.6 => not found
libcrypto.so.6 => not found
由于删除openssl的时候相关文件被一并删除,造成这个问题,只需ln 对新的文件做个软连接
ln -s /usr/local/ssl/lib/libssl.so.0.9.8 /lib/libssl.so.6 ln -s /usr/local/ssl/lib/libcrypto.so.0.9.8 /lib/libcrypto.so.6
匆匆忙忙写完脚本,有一些执行权限没有做判断,不足指出,还请热心网友斧正!
转载于:https://blog.51cto.com/zihang/1904438
扫一扫
1052
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
