内网linux主机升级openssh

内网linux主机升级openssh

系统版本：centos7x3.10.0-514.el7.x86_64

telnet服务版本：telnet-server-0.17-64.el7.x86_64

xinetd版本：xinetd-2.3.15-13.el7.x86_64

挂载镜像到任意文件夹 我这挂到了media

mount /dev/sr0 /media/

cd /media/
ls    

安装telnet服务,以防卸载openssh后连接不到服务器

检查telnet是否安装

rpm -qa | grep telnet

cd Packages/
进入	Packages   查找telnet的rpm文件
find -name telnet*

rpm -ivh ./telnet-server-0.17-64.el7.x86_64.rpm

find -name xinetd*

rpm -ivh ./xinetd-2.3.15-13.el7.x86_64.rpm

systemctl enable telnet.socket

systemctl start telnet.socket

systemctl start xinetd

测试telnet能否连接到服务器

内网访问不到外部镜像源，将yum源指向服务器内部镜像

进入 /etc/yum.repos.d/ ，将里面要yum指向的文件地址更改掉

cd /etc/yum.repos.d/

ls

vim CentOS-Media.repo

里面内容改为

#

#  This repo can be used with mounted DVD media, verify the mount point for

#  CentOS-7.  You can use this repo and yum to install items directly off the

#  DVD ISO that we release.

#

# To use this repo, put in your DVD and use it with the other repos too:

#  yum --enablerepo=c7-media [command]

#

# or for ONLY the media repo, do this:

#

#  yum --disablerepo=\* --enablerepo=c7-media [command]

[c7-media]
name=CentOS-$releasever - Media
baseurl=file:///media
gpgcheck=0
enabled=1

# gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

~ 

更改yum.repos.d文件里其他文件的名称

mv CentOS-Base.repo CentOS-Base.repo.BAK

mv CentOS-fasttrack.repo CentOS-fasttrack.repo.BAK

mv CentOS-Vault.repo CentOS-Vault.repo.BAK

mv CentOS-CR.repo CentOS-CR.repo.BAK

mv CentOS-Debuginfo.repo CentOS-Debuginfo.repo.BAK

mv CentOS-Sources.repo CentOS-Sources.repo.BAK

安装gcc环境

cd /media

yum install gcc gcc-c++ autoconf automake

安装依赖

yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

yum install -y gcc openssl openssl-devel pam-devel rpm-build

cd  ~

卸载openssh

rpm -qa | grep openssh
rpm -e `rpm -qa | grep openssh` --nodeps
rpm -qa | grep openssh

进入桌面

把openssh7.9压缩包传桌面，解压

tar -zxvf openssh-7.9p1.tar.gz

cd openssh-7.9p1
安装
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers

make && make install

因为权限问题而发出警告

修改文件权限后，执行make install

chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
 make install
 
 install -v -m755 contrib/ssh-copy-id /usr/bin && install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 && install -v -m755 -d /usr/share/doc/openssh-7.9p1 && install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
 
 查看openssh版本，查看是否升级成功
 ssh -V

修改配置文件 PermitRootLogin yes 允许root远程登录 , 开机自启

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

chkconfig --add sshd

chkconfig sshd on

service sshd start

service sshd restart

chkconfig --list sshd

把telnet关掉

rpm -qa telnet-server
systemctl stop telnet.socket 
systemctl stop xinetd
systemctl disable xinetd.service  
systemctl disable telnet.socket

参考于 https://blog.51cto.com/12390045/2361630