linux安装SSH
源码包链接
zlib:https://www.zlib.net/zlib_1.3.1.tar.gz
openssl:https://www.openssl.org/source/openssl-3.3.0.tar.gz
openssh:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
[root@localhost ~]# rpm -qa | grep gcc(检查gcc是否安装)
[root@localhost ~]# yum install gcc(如果没有gcc,安装gcc,如果有,此步骤跳过)
[root@localhost ~]# rpm -qa|grep pam(检查pam是否安装)
[root@localhost ~]# yum install pam (如果没有pam,安装pam,如果有,此步骤跳过)
[root@localhost ~]# rpm -qa|grep pam-devel(检查pam-devel是否安装)
[root@localhost ~]# yum install pam-devel (如果没有pam-devel,安装pam-devel,如果有,此步骤跳过)
注意:pam-devel包必须与系统的pam包版本一致
[root@localhost ~]# rpm -qa|grep zlib(检查zlib是否安装)
[root@localhost ~]# yum install zlib(如果没有zlib,安装zlib,如果有,此步骤跳过)
[root@localhost ~]# rpm -qa|grep zlib-devel(检查zlib-devel是否安装)
[root@localhost ~]# yum install zlib-devel(如果没有zlib-devel,安装zlib-devel,如果有,此步骤跳过)
编译安装zlib
[root@localhost ~]# cd zlib-1.3.1
[root@localhost ~]# ./configure --prefix=/usr/local/zlib
[root@localhost ~]# make && make install
升级OpenSSL
查看当前版本
[root@localhost ~]# ssh -V
备份、卸载原有OpenSSL
查找openssl 相关目录,然后备份
```java
[root@localhost etc]# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/share/man/man1/openssl.1ssl.gz
[root@localhost etc]# mv /usr/bin/openssl /usr/bin/openssl.old
[root@localhost etc]# mv /usr/lib64/openssl /usr/lib64/openssl.old
[root@localhost etc]# mv /usr/bin/openssl /usr/bin/openssl_old #把/usr/bin/openssl 这个可执行文件重命名备份
[root@localhost etc]# mv /usr/include/openssl /usr/include/openssl_old #把/usr/include/openssl这个目录重命名备份
##### 卸载 openssl (看个人需要)
```java
[root@localhost etc]# yum remove openssl
安装openssl
[root@localhost ~]# tar -xzvf openssl-3.3.0.tar.gz
[root@localhost ~]# chown -R root.root /usr/local/openssl-3.3.0
[root@localhost ~]# cd openssl-3.3.0/
[root@localhost ~]# ./config --prefix=/usr/local/openssl shared zlib
或者(二选一)安装在/usr目录下,会覆盖旧版本数据
[root@localhost ~]# ./config --prefix=/usr
[root@localhost ~]# rpm -qa | grep openssl (查看当前安装的版本)
[root@localhost ~]# make && make install
[root@localhost ~]# echo '/usr/local/openssl/lib' >> /etc/ld.so.conf #修改系统配置,写入openssl库文件的搜索路径
[root@localhost ~]# ldconfig -v #重新加载动态库
[root@localhost ~]# cd /usr/local/openssl/bin #进入到安装目录
[root@localhost ~]# ./openssl version #查看安装的版本
[root@localhost ~]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl #建一个/usr/bin/openssl软链接,链接到我们新安装的
[root@localhost ~]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl #建一个/usr/include/openssl软链接,链接到我们新安装的OpenSSL下的include的openssl目录
可以直接拷贝过去,看个人选择
[root@localhost ~]# openssl version #查看版本
选择了/usr 是因为系统最初始的openssl的目录就是/usr 这样可以省去的软连接、更新链接库的问题
error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
[root@localhost ~]# find / -name libssl.so.1.1
[root@localhost ~]# ln -s /usr/local/openssl /lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 #软连接或者拷贝
error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
[root@localhost ~]# ln -s /usr/local/openssl /lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
如果升级ssl后查看版本依旧是老版本,重新执行
[root@localhost ~]# mv /usr/bin/openssl /usr/bin/openssl_old #把/usr/bin/openssl 这个可执行文件重命名备份
[root@localhost ~]# mv /usr/include/openss /usr/include/openss_old #把/usr/include/openssl这个目录重命名备份
[root@localhost ~]# ln -s /usr/local/openssl /bin/openssl /usr/bin/openssl #建一个/usr/bin/openssl软链接,链接到我们新安装的
[root@localhost ~]# ln -s /usr/local/openssl /include/openssl /usr/include/openssl #建一个/usr/include/openssl软链接,链接到我们新安装的OpenSSL下的include的openssl目录
拷贝也可以
升级OpenSSH
[root@localhost ~]# rpm -qa | grep xinetd(检查xinetd是否安装)
[root@localhost ~]# yum install xinetd(如果没有,则安装xinetd,否则跳过此步骤)
[root@localhost ~]# rpm -qa | grep telnet-server(检查telnet-server是否安装)
[root@localhost ~]# yum install telnet-server(如果没有,则安装telnet-server,否则跳过此步骤)
[root@localhost ~]# rpm -qa | grep vsftpd(检查vsftpd是否安装)
[root@localhost ~]# yum install vsftpd(如果没有,则安装vsftpd,否则跳过此步骤)
安装telnet-server
方法一:
[root@localhost ~]# yum install -y xinetd
[root@localhost ~]# yum install -y telnet
[root@localhost ~]# yum install -y telnet-server
[root@localhost ~]# vim /etc/securetty
在末尾添加:
pts/0
pts/1
[root@localhost ~]# echo 'pts/0' >>/etc/securetty
[root@localhost ~]# echo 'pts/1' >>/etc/securetty
方法二:
yum -y install telnet* xinetd*
$ systemctl start telnet.socket
$ systemctl start xinetd
[root@localhost ~]# systemctl restart telnet.socket
[root@localhost ~]# systemctl enable xinetd
[root@localhost ~]# systemctl enable telnet.socket
[root@localhost ~]# rpm -qa | grep telnet
[root@localhost ~]# rpm -qa | grep xinetd
[root@localhost ~]# mv /etc/securetty /etc/securetty.bak
[root@localhost ~]# vim /etc/xinetd.d/telnet
disable = no #开启telnet服务功能,否则telnet启动后,23端口起不来
注意:将disable = yes 改为disable = no
#开启xinetd
[root@localhost ~]# service xinetd start
Starting xinetd: [ OK ]
#查看端口
[root@localhost ~]# netstat -antp|grep 23
tcp 0 0 :::23 :::* LISTEN 6133/xinetd
#设定开机自启
[root@localhost ~]# chkconfig xinetd on
临时关闭安全登录,否则无法进行远程telnet连接
有防火墙记得关闭防火墙,并关闭SELinux
[root@localhost ~]# firewall-cmd --state
关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
测试telnet远程登录,telnet登录成功才进行接下来的操作,防止sshd服务被搞坏了远程连不上服务器
[root@localhost ~]# telnet 127.X.X.X
安装依赖包
安装依赖
yum -y install gcc*
[root@localhost ~]# yum install -y gcc-c++ zlib-devel openssl-devel pam-devel
[root@localhost ~]# yum install -y gcc gcc-c++ glibc make automake autoconf pam pam-devel zlib zlib-devel
备份
通过whereis ssh sshd找出bin文件、源文件,然后备份。
[root@localhost ~]# mv /etc/ssh /etc/ssh.bak
[root@localhost ~]# mv /usr/bin/ssh /usr/bin/ssh.bak
[root@localhost ~]# mv /usr/sbin/sshd /usr/sbin/sshd.bak
[root@localhost ~]# mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
[root@localhost ~]# mv /etc/pam.d/sshd /etc/pam.d/sshd.old
[root@localhost ~]# mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
卸载旧版OpenSSH
[root@localhost ~]# yum remove openssh
安装新版OpenSSH
[root@localhost ~]# tar -xzvf openssh-9.7p1.tar.gz
[root@localhost ~]# chown -R root.root /usr/local/openssh-9.7p1
[root@localhost ~]# cd openssh-9.7p1
[root@localhost ~]# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl
[root@localhost ~]# make && make install
[root@localhost ~]# echo $?
为0正常
[root@localhost ~]# chmod 600 /etc/ssh/*
复制新的配置文件到原来目录
[root@localhost ~]# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
[root@localhost ~]# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
[root@localhost ~]# cp /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@localhost ~]# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@localhost ~]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost ~]# cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
修改权限
[root@localhost ~]# chmod +x /etc/init.d/sshd
[root@localhost ~]# vim /etc/ssh/sshd_config
sshd_config文件修改
[root@localhost ~]# echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost ~]# echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost ~]# echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
PermitRootLogin yes:允许root用户通过SSH登录到系统(重启sshd服务之后远程连接)
PubkeyAuthentication yes:启用公钥身份验证
PasswordAuthentication yes:启用密码身份验证
启动sshd
[root@localhost ~]# service sshd restart
添加到开机启动项
[root@localhost ~]# chkconfig --add sshd
[root@localhost ~]# chkconfig sshd on
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart sshd
[root@localhost ~]# systemctl status sshd
[root@localhost ~]# ssh -V
- 停止telnet相关服务
[root@localhost ~]# systemctl stop telnet.socket
[root@localhost ~]# systemctl stop xinetd
- 卸载telnet
[root@localhost ~]# rpm -e --nodeps `rpm -qa | grep telnet`
[root@localhost ~]# rpm -e --nodeps `rpm -qa | grep xinetd`
3.验证是否验证完成
[root@localhost ~]# rpm -qa | grep telnet
[root@localhost ~]# rpm -qa | grep xinetd
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
