一 安装telnet服务并启用
A、安装telnet服务
# yum -y install telnet-server*
B、启用telnet
先关闭防火墙,否则telnet可能无法连接
# service iptables stop
# chkconfig iptables off
# vi /etc/xinetd.d/telnet
将其中disable字段的yes改为no以启用telnet服务
# mv /etc/securetty /etc/securetty.old
# service xinetd start #启动telnet服务
# chkconfig xinetd on #使telnet服务开机启动,避免升级过程中服务器意外重启后无法远程登录系统
telnet [ip] #新开启一个远程终端以telnet登录验证是否成功启用
yum -y install gcc* make perl pam-devel
一、 OpenSSL升级
tar xf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
###############################查看openssl version
[root@node01 ~]# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
tar xf openssl-1.1.1.tar.gz
./config --shared --prefix=/usr/local/openssl ###缺少perl
yum -y install perl perl-devel
./config --shared --prefix=/usr/local/openssl
make -j 5
make install
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
ldconfig
[root@node01 ~]# openssl version
OpenSSL 1.1.1 11 Sep 2018
###############################openssl 升级成功
二、openssh 升级(先升级openssl,是ssh的依赖)
tar xzvf openssh-7.9p1.tar.gz
cd openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make
yum -y remove openssh
make install
ssh -V
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config 允许root用户登录
修改 /etc/ssh/sshd_config UsePAM yes
问题1:
PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory PAM adding faulty module: /lib64/security/pam_stack.so
升级前备份/etc/pam.d/sshd文件
或者修改/etc/pam.d/sshd文件为如下内容
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
修改/etc/ssh/sshd_config
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
UseDNS no
Subsystem sftp /usr/libexec/openssh/sftp-server
PermitRootLogin yes
service sshd restart