版本:
升级前版本 os 版本: 7.9.2009 软件版本: OpenSSH_7.4p1
升级后版本为:OpenSSH_9.7p1
00 安装软件和脚本清单:
1 关闭防火墙
systemctl stop firewalld
安装完毕后启动防火墙
systemctl start firewalld
2 安装 telnet 服务
chmod +x install_telnet.sh
sh install_telnet.sh
#!/bin/bash
# 安装Telnet及其依赖
# 脚本报错需要sed -i 's/\r$//' install_telnet.sh
yum install -y xinetd telnet-server
# 配置Telnet,允许root用户通过telnet登录
# 检查配置文件是否存在,如果不存在则跳过
if [ -f /etc/xinetd.d/telnet ]; then
sed -i 's/LOGIN/LOGIN -n/g' /etc/xinetd.d/telnet
fi
# 配置Telnet登录的终端类型
echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
echo "pts/3" >> /etc/securetty
# 重启telnet服务
systemctl start xinetd.service
systemctl start telnet.socket
# 查看端口服务是否运行
ss -ntlp | grep "23"
通过
3 运行安装脚本
使用
chmod +x up_ssh.sh
sh up_ssh.sh
#!/bin/bash
# 安装telnet以备不时之需
# 脚本报错需要sed -i 's/\r$//' up_ssh.sh
# 创建下载目录并进入
mkdir -p /usr/local/src
mv *.tar.gz /usr/local/src
cd /usr/local/src
# 下载所需的软件包
#wget https://www.openssl.org/source/openssl-3.2.1.tar.gz
#wget https://zlib.net/current/zlib.tar.gz
#wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
# 安装zlib
tar zxvf zlib.tar.gz
cd zlib-1.3.1
yum install -y gcc gcc-c++ make
./configure --prefix=/usr/local/zlib
make && make install
cd ..
# 升级OpenSSL
tar zxvf openssl-3.2.1.tar.gz
cd openssl-3.2.1
yum install -y perl-CPAN perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker
./config --prefix=/usr/local/ssl --shared
make && make install
cd ..
# 备份OpenSSL
mv -f /usr/bin/openssl /usr/bin/openssl.bak
# 更新ld.so.conf
echo '/usr/local/ssl/lib64' >> /etc/ld.so.conf
# 建立软链接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
# 检查配置
ldconfig -v
# 查看OpenSSL版本
openssl version -a
# 备份SSH相关文件
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp -p /usr/sbin/sshd /usr/sbin/sshd.bak
cp -p /usr/bin/ssh /usr/bin/ssh.bak
cp -p /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -p /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
# 停止SSH服务并备份文件夹
systemctl stop sshd
cp -r /etc/ssh /etc/ssh.old
# 卸载旧版本的SSH
rpm -qa | grep openssh | xargs yum remove -y
# 安装新版本的SSH
tar zxvf openssh-9.7p1.tar.gz
cd openssh-9.7p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
# 复制启动脚本并添加执行权限
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
cd ..
# 添加SSH配置
echo 'PermitRootLogin yes' >> /usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >> /usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >> /usr/local/openssh/etc/sshd_config
# 复制新配置到原目录
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp -rf /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
# 重新加载SSH配置
systemctl daemon-reload
# 重启SSH服务并查看状态
systemctl restart sshd
systemctl status sshd
systemctl enable sshd
systemctl is-enabled sshd
# 查看SSH版本
ssh -V
4 后续工作
卸载
重启测试