oracle linux6.9制作openssh7.9p1的rpm包安装及升级教程
1 检查本机openssh版本,查看yum源中最新的版本
[root@server ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@server ~]# yum info openssh
2安装依赖
[root@server ~]#yum install -y rpm-build make gcc pam-devel wget
3可能还需要这些
[root@server ~]#yum install -y krb5-devel zlib-devel openssl-devel
4制作
[root@server ~]#mkdir -pv /root/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
[root@server ~]# cd /root/rpmbuild/SOURCES/ #上传openssh-7.9p1.tar.gz和
x11-ssh-askpass-1.2.4.1.tar.gz软件包
或者联机下载
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz -O /root/rpmbuild/SOURCES/openssh-7.9p1.tar.gz
[root@server ~]#wget http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz -O /root/rpmbuild/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz
[root@server ~]#tar zxvf /root/rpmbuild/SOURCES/openssh-7.9p1.tar.gz -C /root/rpmbuild/SOURCES/
[root@server ~]#/bin/cp -f /root/rpmbuild/SOURCES/openssh-7.9p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS
[root@server ~]#cd /root/rpmbuild/SPECS
[root@server SPECS]# sed -i ‘s/no_x11_askpass 0/no_x11_askpass 1/’ /root/rpmbuild/SPECS/openssh.spec
[root@server SPECS]# sed -i ‘s/no_gnome_askpass 0/no_gnome_askpass 1/’ /root/rpmbuild/SPECS/openssh.spec
[root@server SPECS]# sed -i ‘/openssl-devel < 1.1/d’ /root/rpmbuild/SPECS/openssh.spec
[root@server SPECS]# sed -i ‘/openssl-devel >= 1.0.1/d’ /root/rpmbuild/SPECS/openssh.spec
[root@server SPECS]# rpmbuild -bb /root/rpmbuild/SPECS/openssh.spec
5进入目录
cd /root/rpmbuild/RPMS/x86_64 #上传制作好的openssh软件包以及依赖包
openssh-7.9p1-1.el6.x86_64.rpm
openssh-clients-7.9p1-1.el6.x86_64.rpm
openssh-debuginfo-7.9p1-1.el6.x86_64.rpm
openssh-server-7.9p1-1.el6.x86_64.rpm
6安装telnet-server
[root@server ~]# yum -y install telnet-server*
7停iptables
[root@server ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
8设置iptables开机不启动
[root@server ~]# chkconfig iptables off
9设置SELinux Disabled
[root@server ~]# setenforce 0
[root@server ~]# vim /etc/selinux/config
[root@server ~]# more /etc/selinux/config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of these two values:
targeted - Targeted processes are protected,
mls - Multi Level Security protection.
SELINUXTYPE=targeted
10禁用securetty
[root@server ~]# mv /etc/securetty /etc/securetty.old
11默认是不开启服务的,下面我们需要修改文件来开启服务。
[root@server ~]#vim /etc/xinetd.d/telnet 修改 disable = yes 为 disable = no
12启动telnet服务
[root@server ~]# service xinetd start
13设置telnet-server开机启动
[root@localhost ssl]# chkconfig xinetd on
14 telnet连接主机测试
15卸载旧openssh
[root@server ~]#for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
16安装新openssh7.9P1
[root@server ~]# cd /root/rpmbuild/RPMS/x86_64
[root@server ~]#yum -y install openssh*.rpm
或者
rpm -ivh *.rpm
17关闭selinux,检查一台之前升级过openssh却可以连上的服务器,发现他的selinux确实是关闭的,而连不上的这台服务器是开着的,关闭后果然可以连接上。
不想直接关掉selinux,使用setsebool -P authlogin_shadow on命令修改此项即可。
-P表示永久修改
[root@server ~]#setsebool -P authlogin_shadow on
[root@server ~]# echo ‘X11Forwarding yes’ >> /etc/ssh/sshd_config
[root@server ~]# echo ‘PermitRootLogin yes’ >> /etc/ssh/sshd_config #允许root用户通过ssh登录
[root@server ~]# echo ‘PasswordAuthentication yes’ >> /etc/ssh/sshd_config #允许密码验证
18重启ssh服务
[root@server ~]#service sshd restart
19本地root和普通用户登录测试
ssh 192.168.100.130
[root@server ~]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.1e-fips 11 Feb 2013
20重启后删除telnet-server
[root@localhost ~]# mv /etc/securetty.old /etc/securetty
[root@localhost ~]# chkconfig xinetd off
[root@localhost ~]# service xinetd stop
Stopping xinetd: [ OK ]
[root@localhost ~]# rpm -qa | grep telnet-server
telnet-server-0.17-47.el6_3.1.x86_64
[root@localhost ~]# rpm -e telnet-server-0.17-47.el6_3.1.x86_64
warning: /etc/xinetd.d/telnet saved as /etc/xinetd.d/telnet.rpmsave
[root@localhost ~]# rpm -qa | grep telnet