Redhat7.x Openssh、Openssl升级
注:生产环境亲测,无截图,整理出完整命令行,供参考(Centos系统操作相同,只是少了yum变更)
首先,确保Redhat yum源能够使用
RedHat下的yum是需要注册才能使用的,所有需要更换yum源(见另一篇文章,redhat更换centosyum)
一.安装zlib
1.#rpm -qa | grep zlib(查看zlib是否安装)
#wget http://www.zlib.net/zlib-1.2.11.tar.gz(目前最新的zlib版本)
#yum - y install gcc make(安装gcc、openssl-devel)
#tar -zxvf zlib-1.2.11.tar.gz
#cd zlib-1.2.11/
#./configure --prefix=/usr/local/zlib
#make && make install
二.升级openssl
2.openssl version(查看openssl版本)
#wget https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz
#yum -y install gcc-c++ glibc autoconf openssl openssl-devel pcre-devel pam-devel
#yum -y install pam* zlib*
#mv /usr/bin/openssl /usr/bin/openssl_bak
#tar -zxvf openssl-1.0.2r.tar.gz
#cd openssl-1.0.2r/
#./config shared zlib
#make && make install
#echo $?
#ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/ssl/include/openssl /usr/include/openssl
#ll
#ll /usr/bin/openssl
#ll /usr/include/openssl -ld
#echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#/sbin/ldconfig
#openssl version(查看成功)
三.升级Openssh
1.ssh -V(查看)
#wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
#tar -zxvf openssh-8.0p1/
#chown -R root:root /root/openssh-8.0p1
#./configure --prefix=/usr/ \
--sysconfdir=/etc/ssh \
--with-openssl-includes=/usr/local/ssl/include/ \
--with-ssl-dir=/usr/local/ssl/ \
--with-zlib \
--with-md5-passwords \
--with-pam
#make && make install
#chmod 600 /etc/ssh/ssh_host_rsa_key
#chmod 600 /etc/ssh/ssh_host_ecdsa_key
#chmod 600 /etc/ssh/ssh_host_ed25519_key
#cp -a contrib/redhat/sshd.init /etc/init.d/sshd
#cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#chmod +x /etc/init.d/sshd
#chkconfig --add sshd
#systemctl enable sshd
#mv /usr/lib/systemd/system/sshd.service /root/
#systemctl daemon-reload
#/etc/init.d/sshd restart(systemctl restart sshd)
#/etc/init.d/sshd status(systemctl status sshd)
#vim /etc/ssh/sshd_config(最后修改配置文件端口、权限等)
#systemctl restart sshd
#ssh -V(已升级到目标8.0p1、1.0.2r)
