linux的openssh升级脚本,Openssh源码升级回退脚本

通过https://blog.51cto.com/kk876435928/2419589 脚本升级Openssh的，想回退用rpm方式安装的脚本如下：

执行脚本前确保本地YUM源或者网络YUM源可用

#!/bin/bash

#

# Determine whether the root user

userid=`id -u`

if [ "$userid" -ne 0 ]; then

echo "sorry,only root can execute the script. "

exit

fi

if ! rpm -qa|grep which &> /dev/null; then

echo "which is not installed" && exit

fi

# OS TYPE

#Distributor_ID=$(lsb_release -i)

# OS Version

Distributor_VE=$(lsb_release -a|grep Release|tr -cd '[0-9.]'|cut -d'.' -f1)

if [ -e $(which lsb_release) ]; then

Distributor=`lsb_release -i|cut -c 17-`

fi

# Check if telnet service has started

netstat -tnlp | grep -w 23

RETVAL3=$?

if [ $RETVAL3 -eq 0 ]; then

echo "telnet service is running------------[yes]"

else

echo "telnet service is not running--------[no]"

echo "Try to start the telnet service..........."

if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then

systemctl start xinetd.service

systemctl start telnet.socket

else

sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet

service xinetd restart

fi

netstat -tnlp | grep -w 23

RETVAL4=$?

if [ $RETVAL4 -ne 0 ]; then

echo "telnet service is not running------------[no]"

echo "unable to start the service automatically, please try manually"

exit

fi

fi

# Stop sshd service

netstat -tnlp | grep -w 22

RETVAL5=$?

if [ $RETVAL5 -eq 0 ]; then

service sshd stop

echo "stop sshd service --------------[yes]"

fi

sed -i '//usr/local/ssl/lib/d' /etc/ld.so.conf

ldconfig

mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config_bak

mv -f /etc/ssh/ssh*key /tmp

yum -y install openssh-server openssh-clients openssh openssh-askpass

if [ `rpm -qa|grep openssh|wc -l` -ne 4 ]; then

echo "check if openssh-server openssh-clients openssh openssh-askpass had already installd.." && exit

else

#echo "KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org" >> /etc/ssh/sshd_config

#echo "Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc" >> /etc/ssh/sshd_config

#echo "MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha1-96,hmac-md5-96" >> /etc/ssh/sshd_config

sed -i 's/^#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config

sed -i '/^PermitRootLogin/s/prohibit-password/no/' /etc/ssh/sshd_config

sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config

fi

# Start sshd service

service sshd start

# Disable telnet service

if netstat -tnlp | grep -w 22 &> /dev/null; then

if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then

systemctl stop telnet.socket

systemctl stop xinetd.service

else

sed -i '/disable/s/no/yes/' /etc/xinetd.d/telnet

service xinetd restart

fi

fi