1.安装telnet-server以及xinetd
yum install xinetd telnet-server -y
2.如果下面文件存在,请更改配置telnet可以root登录,把disable = no改成disable = yes
cat /etc/xinetd.d/telnet
default: on
description: The telnet server serves telnet sessions; it uses \
unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
3.启动telnet服务,并设置开机自动启动
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
netstat -lntp|grep 23
useradd telnet 创建用户
****echo 123456 | passwd --stdin telnet
4.切换到telnet方式登录,以后的操作都在telnet终端下操作,防止ssh连接意外中断造成升级失败
学会应用快捷键(alt+Q)会弹出一个对话框。
SecureCRT创建telnet连接
##########################################################################################
openssl升级, 升级需要几个组件,有些是和编译相关的等
###########################################################
yum install -y gcc gcc-c++ glibc make autoconf openssl
openssl-devel pcre-devel pam-devel
2.安装pam和zlib等(后面的升级操作可能没用到pam,安装上也没啥影响,
如果不想安装pam请自行测试)
yum install -y pam* zlib*
4.开始安装openssl
mkdir data
cd data/
[root@node01 ~]# openssl version #当前版本
OpenSSL 1.0.2k-fips 26 Jan 2017
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl/ /usr/include/openssl.bak
tar xvf openssl-1.1.1h.tar.gz
cd openssl-1.1.1h/
./config shared && make && make install
echo $?
which openssl
/usr/local/bin/openssl
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
ll /usr/bin/openssl
lrwxrwxrwx 1 root root 22 11月 21 17:42 /usr/bin/openssl -> /usr/local/bin/openssl
ll /usr/include/openssl -ld
添加命令加载新配置
vim /etc/ld.so.conf
include ld.so.conf.d/*.conf
/usr/local/openssl/lib
/usr/sbin/ldconfig 加载
4.查看版本号
[root@node01 ~]# openssl version
OpenSSL 1.1.1h 22 Sep 2020 已经升级成功
##################################################################
openssh升级
###################################################
[root@node01 ~]# ssh -V 查看版本号
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
1.移除旧版本
mv /etc/ssh /etc/ssh.old
需要注意,移除之后,不能退出当前终端,若退出,只能通过telnet连了
2.下载解压编译安装
tar -zxvf openssh-8.0p1.tar.gz
cd openssh-8.0p1/
chown -R root.root /root/openssh-8.0p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
make && make install
4.修改启动脚本
拷贝启动脚本
[root@node01 openssh-8.0p1]#cp ./contrib/redhat/sshd.init /etc/init.d/sshd
修改启动脚本
vim /etc/init.d/sshd
按如下图修改,需要注意,此路径是你安装新版本的openssh路径,根据你的实际情况修改
SSHD=/usr/local/openssh/sbin/sshd
注意根据自身情况修改路径
/usr/local/openssh/bin/ssh-keygen –A
/sbin/restorecon /etc/ssh/ssh_host_key.pub
/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
5、修改sshd配置文件/etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
直接用root登录终端(此处根据自身情况考虑)
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
设置是否允许X11转发
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
是否允许密码验证
6.卸载原有ssh(先安装后卸载,也是怕升级失败,如果有把握,可先卸载)
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
将警告中被修改的文件名字再改回来
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
7.替换相关命令,并重启sshd服务
cp -arp /usr/local/openssh/bin/* /usr/bin/ 替换相关命令
systemctl restart sshd 重启sshd服务
8.查看版本
[root@node01 ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.1.1h 22 Sep 2020
9、设置开机自启
chkconfig --add sshd
chkconfig --level 2345 sshd on
chkconfig --list
10.升级测试完成后,为了安全起见,建议关闭telnet
关闭服务(此处根据自身情况考虑)
systemctl stop telnet.socket
systemctl stop xinetd
关闭服务开机自启(此处根据自身情况考虑)
systemctl disable xinetd.service
systemctl disable telnet.socket
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
