该脚本可能不是非常完善,还在修改中,要注意的是:在部署前,主机需要所需要的组件。脚本中对组件的检查不是很全面。
可执行以下命令安装:
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
#!/bin/bash
############################################################
#### yum install -y gcc gcc-c++ glibc make autoconf #####
#### openssl openssl-devel pcre-devel pam-devel #####
#### yum install -y pam* zlib* #####
############################################################
echo "open telnet port 23"
rpm -qa |grep xinetd
UPSSH2=$?
if [ $UPSSH2 -eq 0 ]; then
echo "telnet is exists"
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet
sed -i 's/#telnet/telnet/' /etc/services
else
echo "telnet is not exists"
fi
sleep 10
service xinetd restart
netstat -tnlp | grep -w 23
UPSSH3=$?
if [ $UPSSH3 -eq 0 ]; then
echo "telnet service is running"
else
echo "telnet service is not running"
exit
fi
sleep 10
# Determine whether to install gcc package
if which gcc &> /dev/null; then
echo "gcc is installed"
else
echo "gcc is not installed"
exit
fi
if ! rpm -qa|grep pam-devel &>/dev/null; then
echo "pam-devel is not installed" && exit
fi
sleep 10
# install openssh
tar -xvf openssh-8.5p1.tar.gz
chown -R root.root openssh-8.5p1
cp -r /etc/ssh /etc/ssh_20210407bak
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config-20210407bak
cd /root/openssh-8.5p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
UPSSH4=$?
if [ $UPSSH4 -eq 0 ]; then
echo "install success"
else
echo "install fail"
fi
sed -i '/PermitRootLogin/s/no/yes/' /etc/ssh/sshd_config
cp -a /root/openssh-8.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /root/openssh-8.5p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list|grep sshd
UPSSH5=$?
if [ $UPSSH5 -eq 0 ]; then
echo "sshd chkconfig success"
else
echo "sshd chkconfig fail"
fi
service sshd restart
UPSSH6=$?
if [ $UPSSH6 -eq 0 ];then
echo "ssh restart sucess"
else
echo "ssh restart fail"
fi
netstat -lntp |grep 23119
UPSSH7=$?
if [ $UPSSH7 -eq 0 ];then
echo "ssh port sucess"
else
echo "ssh port fail"
fi
ssh -V
#stop telnet service
sed -i '/disable/s/no/yes/' /etc/xinetd.d/telnet
service xinetd restart
echo "#########################################################"
echo "################ #################"
echo "################ openssh install sucess ################"
echo "################ #################"
echo "#########################################################"
echo "############### ssh version #######################"
echo "#########################################################"
ssh -V