Centos6.6x系统与unbutu18.04系统升级ssh到8.3版本
Centos6.6升级ssh5.3版本到ssh8.3版本
下载所需要的源码包:
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/zlib-1.2.11.tar.gz
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssh-8.3p1.tar.gz
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssl-1.1.1g.tar.gz
备份当前openssh
# cp/etc/ssh /etc/ssh.bak
# cp /etc/init.d/sshd /etc/init.d/sshd.abk
卸载旧的版本
# rpm -e –nodeps openssh-xxx(使用这条命令逐个卸载)
rpm -e --nodeps openssh-askpass-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-server-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-clients-5.3p1-104.el6.x86_64
卸载时报错,解决:
rpm -e --noscripts openssh-server-5.3p1-104.el6.x86_64
配置阿里yum源
curl -O http://mirrors.aliyun.com/repo/Centos-6.repo
curl -O http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all && yum makecache
yum -y install gcc gcc-c++ vim pam* openssl-devel (先安装要使用的工具)
注:pam*测试时未安装 若安装在进行openssh配置时需加上--with-pam=enable
解压 (-C 可以指定解压到指定的目录)
]#tar zxf zlib-1.2.11.tar.gz
]#tar zxf openssl-1.1.1g.tar.gz
]#tar zxf openssh-8.3p1.tar.gz
编译安装zlib
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
编译安装openssl
cd openssl-1.1.1g
./config --prefix=/usr/local/openssl -d shared
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so //目前发现这一步有错误,可不做
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version
安装openssh
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make && make install
sshd_config文件修改
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
解===>>>
PermitRootLogin yes #允许root认证登录
PasswordAuthentication yes #允许密码认证
RSAAuthentication yes #秘钥认证
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys #默认公钥存放的位置
备份原有文件,并将新的配置复制到指定目录
cp -p /root/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -p /root/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam(使用pam需拷贝)
启动sshd
service sshd restart
centos7可直接使用systemctl进行管理
查看信息版本
ssh -V 或者 sshd -v
ubuntu升级ssh到8.3版本
更改apt源为阿里源
vi /etc/apt/sources.list 添加以下内容
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
--------------------------------------------------------------------------------------------------------------------
更新一下apt库:
apt update
解压 (-C 可以指定解压到指定的目录)
]#tar zxf zlib-1.2.11.tar.gz
]#tar zxf openssl-1.1.1g.tar.gz
]#tar zxf openssh-8.3p1.tar.gz
安装gcc编译工具
apt-get install gcc make libpam0g-dev
编译zlib
./configure --prefix=/usr/local/zlib
make
make install
编译安装openssl
cd openssl-1.1.1g
./config --prefix=/usr/local/openssl -d shared
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so //目前发现执行这一步有错误,可跳过
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf //这一步与centos有一些区别
ldconfig
openssl version //查看版本
# 备份原openssh文件
mv /etc/ssh /etc/ssh.bak
mv /etc/init.d/ssh /etc/init.d/ssh.bak
# 卸载原openssh
apt-get remove openssh-server openssh-client
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd #需要指定openssl的安装路径和zlib的安装路径
make && make install
1. 修改默认配置文件
根据之前配置修改,保证配置相同
2. 也可使用原来的配置文件
cd /etc/ssh
mv sshd_config sshd_config.default
cp ../ssh.old/sshd_config ./
# 使用原来的/etc/init.d/ssh
mv /etc/init.d/ssh.old /etc/init.d/ssh
# 取消注销指定服务
systemctl unmask ssh
# 重启服务
systemctl restart ssh
---------------------------------报错-------------------------------------------
# 报错 checking whether OpenSSL's PRNG is internally seeded... yes
# configure: error: PAM headers not found
# 解决:ubuntu: apt-get install libpam0g-dev centos: yum -y install pam-devel
---------------------------------报错-------------------------------------------------------------------
# 报错: Privilege separation user sshd does not exist
vim /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
# 注册名:口令:用户标识号:组标识号:用户名:用户主目录:命令解释程序
# /etc/passwd文件是Linux/UNIX安全的关键文件之一.该文件用于用户登录时校验 用户的口令,当然应当仅对root可写.
--------------------------------------------------------------------------------------------------------
Centos6(限6版本) ssh升级到8.3p脚本(超菜的写法,大神勿看)
#!/bin/bash
curl -o /opt/zlib-1.2.11.tar.gz http://www.zlib.net/zlib-1.2.11.tar.gz > /dev/null
if [ $? == '0' ]; then
echo "zlib源码包下载完成!!"
else
exit 1
fi
curl -o /opt/openssh-8.3p1.tar.gz http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz >/dev/null
if [ $? == '0' ]; then
echo "openssh源码包下载完成!!"
else
exit 1
fi
curl -o /opt/openssl-1.1.1g.tar.gz https://www.openssl.org/source/openssl-1.1.1g.tar.gz >/dev/null
if [ $? == '0' ]; then
echo "openssl源码包下载完成!!"
else
exit 1
fi
#rpm -q openssh > /dev/null && cat /etc/redhat-release |grep 6.* > /dev/null
if [ -d /etc/ssh ]; then
mv /etc/ssh /etc/ssh.bak
echo "备份ssh OK"
fi
if [ -f /etc/init.d/sshd ]; then
mv /etc/init.d/sshd /etc/init.d/sshd.bak
echo "备份sshd OK"
fi
rpm -qa |grep openssh-askpass > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-askpass-5.3p1-104.el6.x86_64 && echo "成功卸载openssh-askpass"
fi
rpm -qa |grep openssh-server > /dev/null
if [ $? == '0' ]; then
rpm -e --noscripts openssh-server-5.3p1-104.el6.x86_64 && echo "成功卸载openssh-server"
fi
rpm -qa |grep openssh-5.3p1 > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-5.3p1-104.el6.x86_64 && echo "成功卸载openssh-5.3p1"
fi
rpm -qa |grep openssh-clients > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-clients-5.3p1-104.el6.x86_64 && echo "成功卸载openssh-clients"
fi
curl -o /etc/yum.repos.d/Centos-6.repo http://mirrors.aliyun.com/repo/Centos-6.repo >/dev/null && echo "pull Centos-6.repo yes"
curl -o /etc/yum.repos.d/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo >/dev/null && echo "pull epel-6.repo yes"
yum clean all > /dev/null && yum makecache > /dev/null && echo "repo clan yes"
yum -y install gcc gcc-c++ vim pam* openssl-devel > /dev/null
if [ $? == '0' ];then
echo "install依赖 yes"
else
exit 1
fi
tar zxf /opt/zlib-1.2.11.tar.gz -C /opt/ && cd /opt/zlib-1.2.11 && ./configure --prefix=/usr/local/zlib >/dev/null && make >/dev/null && make install > /dev/null && echo "install zlib succeed"
if [ $? == '0' ];then
tar zxf /opt/openssl-1.1.1g.tar.gz -C /opt/ && cd /opt/openssl-1.1.1g && ./config --prefix=/usr/local/openssl -d shared >/dev/null && make >/dev/null && make install >/dev/null
echo "install openssl succeed"
else
exit 1
fi
if [ $? == '0' ];then
mv /usr/bin/openssl /usr/bin/openssl.bak && mv /usr/include/openssl /usr/include/openssl.bak && ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl && ln -s /usr/local/openssl/include/openssl /usr/include/openssl
else
exit 1
fi
if [ $? == '0' ];then
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf && ldconfig -v > /dev/null && echo $(openssl version)
else
exit 1
fi
if [ $? == '0' ];then
cd /opt/ && tar zxf openssh-8.3p1.tar.gz -C /opt/ && cd openssh-8.3p1 && ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords --with-pam=enable > /dev/null && make > /dev/null && make install > /dev/null
echo "install openssh succeed"
else
exit 1
fi
echo 'PermitRootLogin yes' >>/etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >>/etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >>/etc/ssh/sshd_config
cp -p /opt/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -p /opt/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
service sshd restart && ssh -V
******人生若只如初见******
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构