1 ssh版本检查
本文档针对于ssh版本低于7.0的系统,升级为openssh7.5 p1。
ssh –V
[root@kuajing-db3 ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
2 OPENssh7.5安装步骤
卸载原有openssh
yum remove openssh -y
准备编译环境:
yum install gcc openssl-devel zlib-devel
上传openssh安装包到/mnt并解压进行编译:
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install
拷贝ssh服务文件
cp /usr/local/bin/ssh /usr/bin/ssh
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pubcp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshdcp ./contrib/redhat/sshd.init /etc/init.d/sshd
修改配置文件
修改/etc/ssh/sshd_config
将#PermitRootLogin修改为PermitRootLogin yes
修改/usr/libexec/sftp-server为/usr/local/libexec/sftp-server
修改 /etc/init.d/sshd
将SSHD=/usr/sbin/sshd 改为 SSHD=/usr/local/sbin/sshd
将/usr/sbin/ssh-keygen -A 改为 /usr/local/bin/ssh-keygen -A
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
加入系统服务
chkconfig --add sshd
chkconfig sshd on
检查服务
chkconfig --list |grepsshd
sshd0:off 1:off 2:on 3:on 4:on 5:on 6:off
启动服务
service sshd start
检查ssh版本
[root@oracle ~]# ssh -V
OpenSSH_7.5p1, OpenSSL1.0.1e-fips 11 Feb 2013
3 OPENssh升级脚本
根据以上升级过程编写了脚本自动执行操作,脚本内容如下
#!/bin/bash
sshInst()
{yum remove openssh -yyum install gcc openssl-devel zlib-devel -y
cd/mnttar zxvf openssh-7.5p1.tar.gz -C /mnt/cd ./openssh-7.5p1
./configuremake && make install}
CHG_SSHD()
{chmod +x /etc/init.d/sshd
OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`if [ -z "${OPT_EXIST}" ];then
sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshdelse
echo${OPT_EXIST}fiPATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`if [ -n "${PATH_EXIST}" ];then
echo "${PATH_EXIST}"
else
sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshdfi
echo "/etc/init.d/sshd file changes completed."}
CHG_CONF()
{
##Chenge/etc/ssh/sshd_configcp sshd_config /etc/ssh/sshd_configsed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config
PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`if [ -z "${PATH_EXIST}" ];then
sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_configelse
echo "${PATH_EXIST}"
fi
echo "/etc/ssh/sshd_config file changes completed."}
OPATH=/usr/NPATH=/usr/local/
echo -n "The SSH current version is:"
ssh -Vwhile true;do
echo -n "Continue to update?(yes/no)"read INPUTcase $INPUT inY|y|YES|yes)
sshInstecho -n "Press any key to continue....."read AnyKeycp /usr/local/bin/ssh /usr/bin/ssh
echo "Copying ssh....Done."
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pubecho "Copying ssh_host_ecdsa_key.pub....Done."
cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshdecho "Copying sshd....Done."CHG_SSHD
CHG_CONF
break;;
N|n|NO|no)echoexited
exit ;;"")
break;;esac
done
ssh -V
chkconfig--add sshd
#解决root用户无法登陆echo "PermitRootLogin yes" >> /etc/ssh/sshd_configecho "PasswordAuthentication yes" >> /etc/ssh/sshd_config
chkconfig sshd on
service sshd startecho "Operation is completed."#centos7重启ssh操作
#systemctl daemon-reload
#systemctl restart sshd
注意:代码copy可能出现编译错误,需要先进行如下处理
sed -i 's/\r$//' XXX.sh
会把 XXX.sh 中的\r 替换成空白!
再次编译!成功!!
如果没有安装zlib,需要先安装zlib,再行脚本:
yum install zlib