现在有个需求:目前OpenSSH的版本是OpenSSH_7.4p1,需要将OpenSSH的版本升级至9.6p1或者9.7p1

一、设置通过telnet能够登录(万一升级失败还可以登录)

1、新建一个telnet的目录,用于存放telnet-0.17-66.el7.x86_64.rpm、telnet-server-0.17-66.el7.x86_64.rpm和xinetd-2.3.15-14.el7.x86_64.rpm

[root@node1 telnet]# ls
telnet-0.17-65.el7_8.x86_64.rpm  telnet-server-0.17-65.el7_8.x86_64.rpm  xinetd-2.3.15-14.el7.x86_64.rpm
[root@node1 telnet]# ll
total 244
-rw-r--r-- 1 root root  65816 Jun 30 15:33 telnet-0.17-65.el7_8.x86_64.rpm
-rw-r--r-- 1 root root  41996 Jun 30 15:34 telnet-server-0.17-65.el7_8.x86_64.rpm
-rw-r--r-- 1 root root 131484 Jun 30 15:34 xinetd-2.3.15-14.el7.x86_64.rpm
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.

2、telnet离线安装

rpm -Uvh *.rpm --nodeps --force
  • 1.

3、启动telnet和xinetd

systemctl start telnet.socket
systemctl start  xinetd
  • 1.
  • 2.

4、追加以下字符到/etc/securetty文件

echo 'pts/0' >>/etc/securetty
$echo 'pts/1' >>/etc/securetty
  • 1.
  • 2.

5、重启telnet

systemctl restart telnet.socket
  • 1.

6、设置开机自启

systemctl enable xinetd 
systemctl enable telnet.socket   测试就加telnet.socket就可以
  • 1.
  • 2.

7、Telnet远程登录测试

离线openssh RPM包升级方法_RPM 升级openssh

8、如果碰到Login incorrect字样

修改文件 /etc/pam.d/remote ,注释auth required pam_securetty.so这一行

离线openssh RPM包升级方法_远程登录_02

9、重启telnet和xinetd

systemctl restart telnet.socket   测试就重启telnet.socket 
systemctl restart xinetd
  • 1.
  • 2.

10、使用xshell远程登录工具再次进行telnet远程登录测试

二、RPM升级

1、查看当前版本

[root@node1 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
  • 1.
  • 2.

2、备份  sshd_config 配置文件

cd /etc/ssh
cp sshd_config sshd_config.bak
  • 1.
  • 2.

3、上传升级RPM文件(如果您没有这些文件,留言我给你发)

root@node1 tmp]# ll
total 15476
-rw-r--r--  1 root root 5144416 Jun 30 15:30 openssh-9.7p1-1.el7.x86_64.rpm
-rw-r--r--  1 root root 5201872 Jun 30 15:30 openssh-clients-9.7p1-1.el7.x86_64.rpm
-rw-r--r--  1 root root 3963844 Jun 30 15:30 openssh-debuginfo-9.7p1-1.el7.x86_64.rpm
-rw-r--r--  1 root root 1532388 Jun 30 15:30 openssh-server-9.7p1-1.el7.x86_64.rpm
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.

4、删除原版本

yum remove openssh*
  • 1.

5、进入解压包目录下,升级openssh版本到9.7

rpm -Uvh openssh-*.rpm
  • 1.

6、重启ssh会报错

[root@node1 tmp]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
  • 1.
  • 2.
[root@node1 tmp]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2024-06-30 16:06:11 CST; 1min 36s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 21406 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)

Jun 30 16:06:11 node1 sshd[21406]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 30 16:06:11 node1 sshd[21406]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Jun 30 16:06:11 node1 sshd[21406]: It is required that your private key files are NOT accessible by others.
Jun 30 16:06:11 node1 sshd[21406]: This private key will be ignored.
Jun 30 16:06:11 node1 sshd[21406]: sshd: no hostkeys available -- exiting.
Jun 30 16:06:11 node1 sshd[21406]: [FAILED]
Jun 30 16:06:11 node1 systemd[1]: sshd.service: control process exited, code=exited status=1
Jun 30 16:06:11 node1 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
Jun 30 16:06:11 node1 systemd[1]: Unit sshd.service entered failed state.
Jun 30 16:06:11 node1 systemd[1]: sshd.service failed.
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.

7、调整文件权限

$ chmod 600 /etc/ssh/ssh_host_rsa_key
$ chmod 600 /etc/ssh/ssh_host_ecdsa_key
$ chmod 600 /etc/ssh/ssh_host_ed25519_key
  • 1.
  • 2.
  • 3.

8、再次启动SSH


三、卸载telnet

1、停止telnet相关服务

systemctl stop telnet.socket
systemctl stop xinetd
  • 1.
  • 2.

2、卸载telnet

rpm -e --nodeps `rpm -qa | grep telnet`
rpm -e --nodeps `rpm -qa | grep xinetd`
  • 1.
  • 2.

3、验证是否验证完成

rpm -qa | grep xinetd
$rpm -qa | grep xinetd
  • 1.
  • 2.