Linux升级openssh过程
Linux升级openssh过程
之前由于有需要升级到openssh,现在整理下。
1.先安装telnet-server,防止升级openssh过程中出现意外再也无法使用ssh远程。
2.升级openssl。
3.升级openssh过程。
下文详解。
4.确定没问题后禁用telnet-server等服务。
openssh升级
官网下载:http://www.openssh.com/ 点左下角的链接下载:For other systems:Linux
安装依赖包:
前边升级openssl已经安装过了。
yum install -y gcc gcc-c++ glibc make autoconf pcre-devel pam-devel automake makedepend perl-Test-Simple perl zlib zlib-devel
备份openssh:
mv /usr/bin/ssh /usr/bin/ssh.bak mv /usr/sbin/sshd /usr/sbin/sshd.bak mv /etc/ssh /etc/ssh.bak [root@dm8 ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 [root@dm8 ~]# mv /usr/bin/ssh /usr/bin/ssh.bak [root@dm8 ~]# mv /usr/sbin/sshd /usr/sbin/sshd.bak [root@dm8 ~]# mv /etc/ssh /etc/ssh.bak
解压编译和安装:
tar -zxvf openssh-8.7p1.tar.gz cd openssh-8.7p1 ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam --with-ssl-engine make make install echo $? ssh -V vi /etc/ssh/sshd_config 添加或修改: PermitRootLogin yes PasswordAuthentication yes UseDNS no
UsePAM yes cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam systemctl stop sshd.service ##不会影响已经连接的会话 mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak systemctl daemon-reload /etc/init.d/sshd start cp /run/systemd/generator.late/sshd.service /usr/lib/systemd/system/sshd.service systemctl daemon-reload systemctl restart sshd systemctl status sshd systemctl enable sshd [root@dm8 soft]# tar -zxvf openssh-8.7p1.tar.gz [root@dm8 soft]# cd openssh-8.7p1 [root@dm8 openssh-8.7p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam --with-ssl-engine [root@dm8 openssh-8.7p1]# make [root@dm8 openssh-8.7p1]# make install [root@dm8 openssh-8.7p1]# echo $? [root@dm8 openssh-8.7p1]# ssh -V OpenSSH_8.7p1, OpenSSL 1.1.1k 25 Mar 2021 [root@dm8 openssh-8.7p1]# vi /etc/ssh/sshd_config 添加或修改: PermitRootLogin yes PasswordAuthentication yes UseDNS no [root@dm8 openssh-8.7p1]# cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd [root@dm8 openssh-8.7p1]# cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam [root@dm8 openssh-8.7p1]# systemctl stop sshd.service [root@dm8 openssh-8.7p1]# mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak [root@dm8 openssh-8.7p1]# systemctl daemon-reload [root@dm8 openssh-8.7p1]# /etc/init.d/sshd start [root@dm8 openssh-8.7p1]# cp /run/systemd/generator.late/sshd.service /usr/lib/systemd/system/sshd.service [root@dm8 openssh-8.7p1]# systemctl daemon-reload [root@dm8 openssh-8.7p1]# systemctl restart sshd [root@dm8 openssh-8.7p1]# systemctl status sshd [root@dm8 openssh-8.7p1]# systemctl enable sshd
注意:cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd这条指令运行后同时会产生/etc/rc.d/init.d/sshd文件,实际这个是同一个文件。
若正常升级,则停止telnet服务并移除。
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd
systemctl disable telnet.socket
参考链接:
https://www.cnblogs.com/wangyang0210/p/12552040.html
https://blog.csdn.net/f4112cd/article/details/111151709
