CentOS7 升级 openssh
梦·D· 2024-07-07 11:07:03 阅读 94
一、准备环境
1、准备一台CentOS7系统的虚拟机
2、 配置好网络和YUM源
3、安装版本确认
openssh升级到9.7
zlib 使用 1.3.1
openssl 使用 1.1.1.w
二、升级openssh
1、安装编译环境基础
<code>yum -y install build-essential perl gcc gcc-c++ make pam-devel
2、编译安装zlib
2.1 下载zlib安装包
wget https://zlib.net/fossils/zlib-1.3.1.tar.gz
2.2 解压缩
tar -zxvf zlib-1.3.1.tar.gz
2.3 创建工作目录
mkdir -p /opt/ssh-upgrade/zlib
2.4 编译三部曲
# 进入zlib解压目录
# 1、执行编译脚本
./configure --prefix=/opt/ssh-upgrade/zlib
# 2、编译
make
# 3、安装
make install
3、编译安装openssl
3.1 查看当前版本
# 查看版本
[root@localhost ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
# 查看openssl命令所在路径,后面创建软链接需要用到
[root@localhost ~]# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
3.2 卸载当前openssl
yum remove openssl
3.3 备份并删除openssl目录
[root@localhost ~]# cp -rf /etc/ssl/ /tmp/ssl_bak
[root@localhost ~]# rm -rf /etc/ssl
3.4 下载源码包
wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
3.5 解压
tar -zxvf openssl-1.1.1w.tar.gz
3.6 创建工作目录
mkdir -p /opt/ssh-upgrade/openssl
3.7 编译三部曲
# 进入openssl解压目录
# 1、执行编译脚本
./config --prefix=/opt/ssh-upgrade/openssl/ --openssldir=/opt/ssh-upgrade/openssl/ shared
# 2、编译
make
# 3、安装
make install
3.8 创建软连接
[root@localhost openssl-1.1.1w]# ln -s /opt/ssh-upgrade/openssl/bin/openssl /usr/bin/openssl
[root@localhost openssl-1.1.1w]# ln -s /opt/ssh-upgrade/openssl/include/openssl /usr/include/openssl
[root@localhost openssl-1.1.1w]# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl
3.9 更新系统配置
[root@localhost openssl-1.1.1w]# vi /etc/ld.so.conf.d/ssh-upgrade.conf
/opt/ssh-upgrade/openssl/lib
# 重新加载配置,使其生效
[root@localhost openssl-1.1.1w]# ldconfig
3.10 检查当前版本
[root@localhost openssl-1.1.1w]# openssl version
OpenSSL 1.1.1w 11 Sep 2023
4、安装openssh
4.1 查看当前版本
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
4.2 卸载当前版本
# 备份文件
[root@localhost openssl-1.1.1w]# cp -rf /etc/ssh/ /tmp/
# 卸载
[root@localhost openssl-1.1.1w]# yum remove openssh
4.3 下载源码包
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
4.4 解压
tar -zxvf openssh-9.7p1.tar.gz
4.5 创建工作目录
mkdir -p /opt/ssh-upgrade/openssh/
4.6 编译三部曲
# 进入openssh解压目录
# 1、执行编译脚本
./configure \
--prefix=/opt/ssh-upgrade/openssh/ \
--sysconfdir=/opt/ssh-upgrade/openssh/ssh/ \
--with-openssl-includes=/opt/ssh-upgrade/openssl/include/ \
--with-ssl-dir=/opt/ssh-upgrade/openssl/ \
--with-zlib=/opt/ssh-upgrade/zlib/ \
--with-md5-passwords \
--without-openssl-header-check
# 2、编译
make
# 3、安装
make install
4.7 创建软链接
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/sbin/sshd /usr/sbin/sshd
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh /usr/bin/ssh
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-add /usr/bin/ssh-add
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-agent /usr/bin/ssh-agent
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@localhost openssh-9.7p1]# ln -s /opt/ssh-upgrade/openssh/bin/ssh-keyscan /usr/bin/ssh-keyscan
4.8 修改配置文件
# 1、拷贝openssh/ssh/目录下的文件到/etc/ssh目录下
cp -rf /opt/ssh-upgrade/openssh/ssh/* /etc/ssh/
# 2、修改配置
vi /etc/ssh/sshd_config
PermitRootLogin no
4.9 启动sshd服务
# 1、设置启动脚本
[root@localhost openssh-9.7p1]# cp -rf /opt/upgrade/package/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
# 2、将sshd添加到系统中
[root@localhost openssh-9.7p1]# chkconfig --add sshd
# 3、设置开机自启动
[root@localhost openssh-9.7p1]# chkconfig sshd on
# 4、启动服务
[root@localhost openssh-9.7p1]# systemctl restart sshd
[root@localhost openssh-9.7p1]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Wed 2024-05-15 04:12:49 EDT; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 25079 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 25087 (sshd)
CGroup: /system.slice/sshd.service
└─25087 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
May 15 04:12:49 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...
May 15 04:12:49 localhost.localdomain sshd[25079]: Starting sshd:[ OK ]
May 15 04:12:49 localhost.localdomain systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
May 15 04:12:49 localhost.localdomain sshd[25087]: Server listening on 0.0.0.0 port 22.
May 15 04:12:49 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
May 15 04:12:49 localhost.localdomain sshd[25087]: Server listening on :: port 22
4.10 检查当前版本
[root@localhost openssh-9.7p1]# ssh -V
OpenSSH_9.7p1, OpenSSL 1.1.1w 11 Sep 2023
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。