linux的openssh升级脚本,openssh一键升级脚本（测试成功）

1 ssh版本检查

本文档针对于ssh版本低于7.0的系统，升级为openssh7.5 p1。

ssh –V

[root@kuajing-db3 ~]# ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

2  OPENssh7.5安装步骤

卸载原有openssh

yum remove openssh -y

准备编译环境：

yum install gcc openssl-devel zlib-devel

上传openssh安装包到/mnt并解压进行编译：

tar zxvf openssh-7.5p1.tar.gz

cd openssh-7.5p1

./configure

make && make install

拷贝ssh服务文件

cp /usr/local/bin/ssh /usr/bin/ssh

cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pubcp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshdcp ./contrib/redhat/sshd.init /etc/init.d/sshd

修改配置文件

修改/etc/ssh/sshd_config

将#PermitRootLogin修改为PermitRootLogin yes

修改/usr/libexec/sftp-server为/usr/local/libexec/sftp-server

修改 /etc/init.d/sshd

将SSHD=/usr/sbin/sshd 改为 SSHD=/usr/local/sbin/sshd

将/usr/sbin/ssh-keygen -A 改为 /usr/local/bin/ssh-keygen -A

在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’

加入系统服务

chkconfig --add sshd

chkconfig sshd on

检查服务

chkconfig --list |grepsshd

sshd0:off 1:off 2:on 3:on 4:on 5:on 6:off

启动服务

service sshd start

检查ssh版本

[root@oracle ~]# ssh -V

OpenSSH_7.5p1, OpenSSL1.0.1e-fips 11 Feb 2013

3 OPENssh升级脚本

根据以上升级过程编写了脚本自动执行操作，脚本内容如下

#!/bin/bash

sshInst()

{yum remove openssh -yyum install gcc openssl-devel zlib-devel -y

cd/mnttar zxvf openssh-7.5p1.tar.gz -C /mnt/cd ./openssh-7.5p1

./configuremake && make install}

CHG_SSHD()

{chmod +x /etc/init.d/sshd

OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`if [ -z "${OPT_EXIST}" ];then

sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshdelse

echo${OPT_EXIST}fiPATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`if [ -n "${PATH_EXIST}" ];then

echo "${PATH_EXIST}"

else

sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshdfi

echo "/etc/init.d/sshd file changes completed."}

CHG_CONF()

{

##Chenge/etc/ssh/sshd_configcp sshd_config /etc/ssh/sshd_configsed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config

PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`if [ -z "${PATH_EXIST}" ];then

sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_configelse

echo "${PATH_EXIST}"

fi

echo "/etc/ssh/sshd_config file changes completed."}

OPATH=/usr/NPATH=/usr/local/

echo -n "The SSH current version is:"

ssh -Vwhile true;do

echo -n "Continue to update?(yes/no)"read INPUTcase $INPUT inY|y|YES|yes)

sshInstecho -n "Press any key to continue....."read AnyKeycp /usr/local/bin/ssh /usr/bin/ssh

echo "Copying ssh....Done."

cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pubecho "Copying ssh_host_ecdsa_key.pub....Done."

cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshdecho "Copying sshd....Done."CHG_SSHD

CHG_CONF

break;;

N|n|NO|no)echoexited

exit ;;"")

break;;esac

done

ssh -V

chkconfig--add sshd

#解决root用户无法登陆echo "PermitRootLogin yes" >> /etc/ssh/sshd_configecho "PasswordAuthentication yes" >> /etc/ssh/sshd_config

chkconfig sshd on

service sshd startecho "Operation is completed."#centos7重启ssh操作

#systemctl daemon-reload

#systemctl restart sshd

注意：代码copy可能出现编译错误，需要先进行如下处理

sed -i 's/\r$//' XXX.sh

会把 XXX.sh 中的\r 替换成空白！

再次编译！成功！！

如果没有安装zlib，需要先安装zlib，再行脚本：

yum install zlib