1 #!/bin/bash
2 :<<!
3 注意: : %s/openssh-8.1p1/openssh-8.1p1/g
4 1.使用脚本前需要在命令行模式下更改文本模式set ff=unix ;
5 2. 执行完脚本后,请执行source /etc/profile;
6 3. 请在/root下执行脚本
7 4.如出现openssl升级后找不到库文件,可通过查找openssl库文件解决。//find / -name "libssl*” echo "/usr/local/lib64" >> /etc/ld.so.conf ldconfig -v
8 !
9
10 system_init () {
11 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #//永久设置selinux为disabled状态
12 setenforce 0 #//手动设置selinux为Permissive
13 # sed -i 's/#Port 22/Port 22022' /etc/ssh/sshd_config #//如果需要更改远程端口,去掉前面注释并修改相应的端口
14 sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config #//允许root用户远程登录,不允许yes改为no
15 sed -i '1a nameserver 114.114.114.114' /etc/resolv.conf #//添加NDS地址
16 sed -i '1a options timeout:1 attempts:1 rotate' /etc/resolv.conf #//设置超时时间和重试次数,加上这条可以解决dns解析慢的问题
17 echo root | passwd --stdin root
18 yum -y install wget net-tools httpd-tools sysstat lsof tree
19 if [ $? = 0 ];then
20 systemctl stop firewalld && systemctl disable firewalld
21 else
22 echo "firewalld is off "
23 fi
24
25 zone=$(timedatectl |grep Asia/Shanghai)
26 if [ $? != 0 ];then
27 timedatectl set-timezone Asia/Shanghai
28 else
29 echo "Time zone configuration successful"
30 fi
31 rpm -qa |grep chrony
32 if [ $? != 0 ];then
33 yum -y install chrony && \cp /etc/chrony.conf /etc/chrony.conf.bak
34 sed -i '/^server/ s/^/#/' /etc/chrony.conf
35 sed -i '2a server ntp.ntsc.ac.cn iburst' /etc/chrony.conf
36 chronyc -a makestep
37 else
38 echo "chrony is sucess"
39 fi
40 id SHunicom
41 if [ $? != 0 ];then
42 useradd SHunicom && echo ShCX#9+2uc0$]80\! |passwd --stdin SHunicom
43 echo "SHunicom add ok"
44 fi
45 }
46
47
48 zlic_install () {
49 cd /root
50 tar -vxf zlib-1.2.11.tar.gz
51 cd zlib-1.2.11
52 ./configure --prefix=/usr/local/zlib
53 make && make install
54 echo " zlib install ok"
55 }
56
57 openssl_install () {
58 cd /root
59 tar -vxf openssl-1.1.1a.tar.gz >/dev/null
60 cd openssl-1.1.1a
61 ./config shared zlib --prefix=/usr/local/openssl
62 make && make install
63 \mv /usr/bin/openssl /usr/bin/openssl.old
64 \mv /usr/include/openssl /usr/include/openssl.old
65 ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
66 ln -s /usr/local/openssl/include/openssl /usr/include/openssl
67 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
68 ldconfig -v
69 }
70
71 openssh_prepare () {
72 yum -y install wget
73 rpm -qa |grep wget
74 wget_stat=$?
75 ping -c 3 openbsd.hk
76 ping_stat=$?
77
78 if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
79 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
80 wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
81 wget http://www.zlib.net/zlib-1.2.11.tar.gz
82 yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel tcp_wrappers-devel wget
83 else
84 echo -n -e "program: 'basename $wget_stat' openssh download faifled"
85 fi
86 ps -ef |grep sshd | grep -v grep
87 ssh_stat=$?
88 rpm -qa |grep openssh
89 openssh_stat=$?
90 if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
91 systemctl stop sshd
92 rpm -qa |grep openssh |xargs -d "\n" rpm -e --nodeps
93 \mv /etc/init.d/sshd /etc/init.d/sshd.bak
94 \mv /etc/ssh /etc/ssh.bak
95 elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ] ;then
96 systemctl stop sshd
97 \mv /usr/local/openssh /usr/local/openssh.bak
98 elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ] ;then
99 \mv /usr/local/openssh /usr/local/openssh.bak
100 elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ] ;then
101 rpm -qa |grep openssh |xargs -d "\n" rpm -e --nodeps
102 \mv /etc/init.d/sshd /etc/init.d/sshd.bak
103 \mv /etc/ssh /etc/ssh.bak
104 fi
105 }
106
107 ubuntu_prepare () {
108 echo "0" >/etc/apt-get/sources.list
109 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list
110 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse ' /etc/aptt/sources.list
111 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list
112 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list
113 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list
114 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list
115 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse' /etc/apt/sources.list
116 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list
117 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list
118 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list
119 sudo apt-get install wget
120 dpkg -s wget
121 wget_stat=$?
122 ping -c 3 openbsd.hk
123 ping_stat=$?
124
125 if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
126 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
127 wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
128 wget http://www.zlib.net/zlib-1.2.11.tar.gz
129 sudo apt-get install wget gcc make zlib1g-dev libssl-dev libpam0g-dev sysv-rc-conf -y
130 else
131 echo -n -e "program: 'basename $wget_stat' openssh download faifled"
132 fi
133 ps -ef |grep sshd | grep -v grep
134 ssh_stat=$?
135 rpm -qa |grep openssh
136 openssh_stat=$?
137 if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
138 systemctl stop sshd
139 \mv /etc/init.d/sshd /etc/init.d/sshd.bak
140 \mv /etc/ssh /etc/ssh.bak
141 elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ] ;then
142 systemctl stop sshd
143 \mv /usr/local/openssh /usr/local/openssh.bak
144 elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ] ;then
145 \mv /usr/local/openssh /usr/local/openssh.bak
146 elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ] ;then
147 \mv /etc/init.d/sshd /etc/init.d/sshd.bak
148 \mv /etc/ssh /etc/ssh.bak
149 fi
150 }
151 apt_get=$?
152 if [ apt_get -eq 0 ];then
153 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
154 wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
155 wget http://www.zlib.net/zlib-1.2.11.tar.gz
156 fi
157
158 openssh_install () {
159 cd /root
160 tar -xvf openssh-8.1p1.tar.gz && /root > /dev/null
161 cd openssh-8.1p1
162 var="$1"
163 if [ "$var" = "cen6" ];then
164 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl -with-md5-passwords --without-hardening
165 if [ $? = 0 ];then
166 openssh_init
167 else
168 echo "system is $var , configure openssh failed " >>/install.log
169 fi
170 elif [ "$var" = "cen7" ];then
171 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl
172 if [ $? = 0 ];then
173 openssh_init
174 else
175 echo "system is $var , configure openssh failed " >>/install.log
176 fi
177 fi
178 }
179
180 openssh_init () {
181 make && make install
182 \cp $DIRSSH/contrib/redhat/sshd.init /etc/init.d/sshd
183 sed -i '25,25s/SSHD=\/usr\/sbin\/sshd/SSHD=\/usr\/local\/openssh\/sbin\/sshd/' /etc/init.d/sshd
184 sed -i '41,41s/\/usr\/bin\/ssh-keygen -A/\/usr\/local\/openssh\/bin\/ssh-keygen -A/' /etc/init.d/sshd
185 chkconfig --add sshd && systemctl daemon-reload
186 # sed -i 's/#Port 22/Port 22022/' /etc/ssh/sshd_config
187 sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
188 \chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
189 systemctl start sshd
190 echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile
191 source /etc/profile
192 }
193
194 DIRZLIB='/usr/local/zlib'
195 DIRSSL='/usr/local/openssl'
196 DIRSSH='/root/openssh-8.1p1'
197 INSTALLSSH='/usr/local/openssh'
198 SYSSSH='/etc/ssh'
199 array_number=(init centos6 centos7 ubuntu)
200 echo -n -e "\e[31;47m please input number 0.init 1.centos6 2.centos7 3.ubuntu\n please input number:\t\e[30"
201 read input
202 number=${array_number["$input"]}
203 case "$number" in
204 ${array_number[0]})
205 system_init
206 ;;
207 ${array_number[1]})
208 openssh_prepare
209 zlic_install
210 openssl_install
211 openssh_install cen6
212 ;;
213 ${array_number[2]})
214 openssh_prepare
215 zlic_install
216 openssl_install
217 openssh_install cen7
218 ;;
219 ${array_number[3]})
220 ubuntu_prepare
221 zlic_install
222 openssl_install
223 openssh_install cen7
224 ;;
225 *)
226 echo "Usage: input number 0.init 1.centos6 2. centos7 3. ubuntu\n"
227 exit 1
228 ;;
229 esac
