centos升级openssh和openssl

Posted on by Feel

升级前做好准备,下载好openssl和openssh

openssh下载地址 最新版目前8.5p1 https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

openssl下载地址 直接官网撸就好 https://www.openssl.org/source/openssl-1.1.1j.tar.gz

系统版本centos7.8 按自己的需求去下载

系统需要安装编译所需的gcc

yum install net-tools lrzsz zlib-devel openssl-devel wget curl telnet ncurses ncurses-devel gcc gcc-c++ autoconf automake -y

yum install perl pam-devel -y

远程升级记得用到telnet 需要安装telnet服务

yum install telnet telnet-server xinetd -y

暂时我们本地直接升级,所以不说telnet有关的事

升级openssl

1.备份openssl
find / -name openssl
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
以下库文件必须备份,防止升级过程出现问题,导致yum、wget等失效无法使用
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
2.删除原openssl
rpm -qa|grep openssl
rpm -qa|grep openssl|xargs -i rpm -e nodeps {}
也可以rpm -e nodeps 第一条语句检测出的包
3.安装新openssl
tar -zxvf openssl-1.1.1c.tar.gz
./config –prefix=/usr –openssldir=/etc/ssl –shared zlib #这一步如果报错很可能是zlib版本未升级
make
make install
openssl version -a #查看是否升级到新版本#

升级openssh

1.备份当前openssh
mv /etc/ssh /etc/ssh.old
2.卸载当前openssh
rpm -qa|grep openssh
rpm -qa|grep openssh|xargs -i rpm -e –nodeps {}
3.openssh安装前环境配置
install -v -m700 -d /var/lib/sshd #创建目录并授权700权限
chown -v root:sys /var/lib/sshd
4.开始安装
tar -xvf openssh-8.4p1.tar #解压安装包#
cd openssh-8.4p1
./configure –prefix=/usr –sysconfdir=/etc/ssh –with-md5-passwords –with-pam –with-zlib –with-openssl-includes=/usr –with-privsep-path=/var/lib/sshd
make
make install
5.安装后环境配置
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.4p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.4p1
6.查看是否升级成功
ssh -V
7.启用openssh服务
echo ‘X11Forwarding yes’ >> /etc/ssh/sshd_config
echo “PermitRootLogin yes” >> /etc/ssh/sshd_config #允许root用户通过ssh登录
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig –add sshd
chkconfig sshd on
chkconfig –list sshd
service sshd restart

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注