openssh离线升级9.0的步骤总结---(针对与centos7)
openssh离线升级9.0的步骤总结---(针对与centos7)
序言:
ssh服务版本低会出现漏洞,对于安全要求较高的公司来讲,服务器的ssh加固最有效的方式就是平滑升级到最新版本,所以今天需要来讲一下平滑升级到ssh9.0的方法和步骤。
1:所需包下载地址如下:
Zlib官网:http://www.zlib.net/
OpenSSL官网:https://www.openssl.org/
OpenSSH官网:https://www.openssh.com/
2:准备工作:
需要升级前先开启telnet服务,防止当我们的ssh升级失败的时候没有可以远程链接机器的服务。
开启telnet服务:
1:检查是否安装了telnet rpm -qa telnet
2:未安装telnet的情况下先到 http://rpmfind.net/下载telnet的对应版本的rpm包上传到服务器后进行安装 安装命令 rpm -ivh telnet-server*.rpm
3: 开启telnet 命令如下
1 | systemctl start telnet.socket |
3: 安装与最终查询
3.1 创建自定义目录
1 | mkdir ssh_up |
3.2: 将准备好的zlib ssl,ssh的最新的安装包放置到服务器的自定义目录下
3.3:检查安装依赖是否都存在,不存在利用yum进行安装,yum源里没有的情况下缺少的包可以去 http://rpmfind.net/进行对应包的搜索和下载
1 | yum install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers |
3.4: 开启脚本安装ssh升级服务,脚本如下:步骤一定和文档一样才能用这个脚本,否则请自行按照自己的实际情况修改脚本。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 | #!/bin/bash########################################################### Function :openssh-9.0p1 update ## Platform :Centos7 ## Version :2.0 ## Date :2022-06-13 # #########################################################clearexport LANG="en_US.UTF-8"#版本号zlib_version="zlib-1.2.12"openssl_version="openssl-1.1.1o"openssh_version="openssh-9.0p1"#安装包地址file="/ssh_up"#默认编译路径default="/usr/local"date_time=`date +%Y-%m-%d—%H:%M`#安装目录file_install="$file/openssh_install"file_backup="$file/openssh_backup"file_log="$file/openssh_log"#源码包链接zlib_download="http://www.zlib.net/$zlib_version.tar.gz"openssl_download="https://www.openssl.org/source/$openssl_version.tar.gz"openssh_download="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_version.tar.gz"# Check if user is root if [ $(id -u) != "0" ]; then echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 当前用户为普通用户,必须使用root用户运行,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi#判断是否安装wgetecho -e "\033[33m 正在安装Wget............... \033[0m"sleep 2echo "" if ! type wget >/dev/null 2>&1; then yum install -y wget else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " wget已经安装了:" "\033[32m Please continue\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" fi#判断是否安装tarecho -e "\033[33m 正在安装TAR............... \033[0m"sleep 2echo "" if ! type tar >/dev/null 2>&1; then yum install -y tar else echo "" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " tar已经安装了:" "\033[32m Please continue\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" fi echo ""#创建文件(可修改)mkdir -p $file_installmkdir -p $file_backupmkdir -p $file_logmkdir -p $file_backup/zlibmkdir -p $file_backup/sslmkdir -p $file_backup/sshmkdir -p $file_log/zlibmkdir -p $file_log/sslmkdir -p $file_log/ssh#备份文件(可修改)cp -rf /usr/bin/openssl $file_backup/ssl/openssl_$date_time.bak > /dev/nullcp -rf /etc/init.d/sshd $file_backup/ssh/sshd_$date_time.bak > /dev/nullcp -rf /etc/ssh $file_backup/ssh/ssh_$date_time.bak > /dev/nullcp -rf /usr/lib/systemd/system/sshd.service $file_backup/ssh/sshd_$date_time.service.bak > /dev/nullcp -rf /etc/pam.d/sshd.pam $file_backup/ssh/sshd_$date_time.pam.bak > /dev/null##并卸载原有的openssh(可修改)rpm -e --nodeps `rpm -qa | grep openssh`#下载的源码包,检查是否解压(可修改)# if [ -e $file/$zlib_version.tar.gz ] && [ -e $file/$openssl_version.tar.gz ] && [ -e /$file/$openssh_version.tar.gz ];then# echo -e " 下载软件源码包已存在 " "\033[32m Please continue\033[0m"# else# echo -e "\033[33m 未发现本地源码包,链接检查获取中........... \033[0m "# echo ""# cd $file# wget --no-check-certificate $zlib_download# wget --no-check-certificate $openssl_download# wget --no-check-certificate $openssh_download# echo ""# fi#zlibecho -e "\033[33m 正在下载Zlib软件包.............. \033[0m"sleep 2echo "" if [ -e $file/$zlib_version.tar.gz ] ;then echo -e " 下载软件源码包已存在 " "\033[32m Please continue\033[0m" else echo -e "\033[33m 未发现zlib本地源码包,链接检查获取中........... \033[0m " sleep 1 echo "" cd $file wget --no-check-certificate $zlib_download echo "" fi#opensslecho -e "\033[33m 正在下载Openssl软件包.............. \033[0m"sleep 2echo "" if [ -e $file/$openssl_version.tar.gz ] ;then echo -e " 下载软件源码包已存在 " "\033[32m Please continue\033[0m" else echo -e "\033[33m 未发现openssl本地源码包,链接检查获取中........... \033[0m " echo "" sleep 1 cd $file wget --no-check-certificate $openssl_download echo "" fi#opensshecho -e "\033[33m 正在下载Openssh软件包.............. \033[0m"sleep 2echo "" if [ -e /$file/$openssh_version.tar.gz ];then echo -e " 下载软件源码包已存在 " "\033[32m Please continue\033[0m" else echo -e "\033[33m 未发现openssh本地源码包,链接检查获取中........... \033[0m " echo "" sleep 1 cd $file wget --no-check-certificate $openssh_download echo "" fi#安装zlib#Install_zlib(){echo -e "\033[33m 正在解压Zlib软件包.............. \033[0m"sleep 2echo "" cd $file && mkdir -p $file_install && tar -xzf zlib*.tar.gz -C $file_install if [ -d $file_install/$zilb_version ];then echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " zilb解压源码包成功" "\033[32m Success\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " zilb解压源码包失败,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fiecho -e "\033[33m 正在编译安装Zlib服务.............. \033[0m"sleep 2echo "" cd $file_install/zlib* ./configure --prefix=$default/$zlib_version > $file_log/zlib/zlib_configure_$date_time.txt #> /dev/null 2>&1 if [ $? -eq 0 ];then echo -e "\033[33m make... \033[0m" make > /dev/null 2>&1 echo $? echo -e "\033[33m make test... \033[0m" make test > /dev/null 2>&1 echo $? echo -e "\033[33m make install... \033[0m" make install > /dev/null 2>&1 echo $? else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 编译安装压缩库失败,脚本退出中..." "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi if [ -e $default/$zlib_version/lib/libz.so ];then sed -i '/zlib/'d /etc/ld.so.conf echo "$default/$zlib_version/lib" >> /etc/ld.so.conf echo "" echo "$default/$zlib_version/lib" >> /etc/ld.so.conf.d/zlib.conf ldconfig -v > $file_log/zlib/zlib_ldconfig_$date_time.txt > /dev/null 2>&1 /sbin/ldconfig echo "" fi#}#install_openssl(){echo -e "\033[33m 正在解压Openssl.............. \033[0m"sleep 2echo "" cd $file && tar -xvzf openssl*.tar.gz -C $file_install if [ -d $file_install/$openssl_version ];then echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " OpenSSL解压源码包成功" "\033[32m Success\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " OpenSSL解压源码包失败,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi echo ""echo -e "\033[33m 正在编译安装Openssl服务.............. \033[0m"sleep 2echo "" cd $file_install/$openssl_version ./config shared zlib --prefix=$default/$openssl_version > $file_log/ssl/ssl_config_$date_time.txt #> /dev/null 2>&1 if [ $? -eq 0 ];then echo -e "\033[33m make clean... \033[0m" make clean > /dev/null 2>&1 echo $? echo -e "\033[33m make -j 4... \033[0m" make -j 4 > /dev/null 2>&1 echo $? echo -e "\033[33m make install... \033[0m" make install > /dev/null 2>&1 echo $? else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 编译安装OpenSSL失败,脚本退出中..." "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi mv /usr/bin/openssl /usr/bin/openssl_$date_time.bak #先备份 if [ -e $default/$openssl_version/bin/openssl ];then sed -i '/openssl/'d /etc/ld.so.conf echo "$default/$openssl_version/lib" >> /etc/ld.so.conf ln -s $default/$openssl_version/bin/openssl /usr/bin/openssl ln -s $default/$openssl_version/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s $default/$openssl_version/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 ldconfig -v > $file_log/ssl/ssl_ldconfig_$date_time.txt > /dev/null 2>&1 /sbin/ldconfig echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 编译安装OpenSSL " "\033[32m Success\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 echo -e "\033[32m====================== OpenSSL veriosn ===================== \033[0m" echo "" openssl version -a echo "" echo -e "\033[32m======================================================= \033[0m" else echo "" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " OpenSSL软连接失败,脚本退出中..." "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" fi#}#install_openssh(){echo -e "\033[33m 正在解压Openssh.............. \033[0m"sleep 2echo "" cd $file && tar -xvzf openssh*.tar.gz -C $file_install if [ -d $file_install/$openssh_version ];then echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " OpenSSh解压源码包成功" "\033[32m Success\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " OpenSSh解压源码包失败,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi echo ""echo -e "\033[33m 正在编译安装Openssh服务.............. \033[0m"sleep 2echo "" mv /etc/ssh /etc/ssh_$date_time.bak #先备份 cd $file_install/$openssh_version ./configure --prefix=$default/$openssh_version --sysconfdir=/etc/ssh --with-ssl-dir=$default/$openssl_version --with-zlib=$default/$zlib_version > $file_log/ssh/ssh_configure_$date_time.txt #> /dev/null 2>&1 if [ $? -eq 0 ];then echo -e "\033[33m make -j 4... \033[0m" make -j 4 > /dev/null 2>&1 echo $? echo -e "\033[33m make install... \033[0m" make install > /dev/null 2>&1 echo $? else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 编译安装OpenSSH失败,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 4 exit fi echo "" echo -e "\033[32m==================== OpenSSH veriosn =================== \033[0m" echo "" /usr/local/$openssh_version/bin/ssh -V echo "" echo -e "\033[32m======================================================= \033[0m" echo ""echo -e "\033[33m 正在迁移Openssh配置文件.............. \033[0m"sleep 2echo ""#迁移sshd if [ -f "/etc/init.d/sshd" ];then mv /etc/init.d/sshd /etc/init.d/sshd_$date_time.bak else echo -e " /etc/init.d/sshd不存在 " "\033[31m Not backed up(可忽略)\033[0m" fi cp -rf $file_install/$openssh_version/contrib/redhat/sshd.init /etc/init.d/sshd; chmod u+x /etc/init.d/sshd; chkconfig --add sshd ##自启动 chkconfig --list |grep sshd; chkconfig sshd on#备份启动脚本,不一定有 if [ -f "/usr/lib/systemd/system/sshd.service" ];then mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak else echo -e " sshd.service不存在" "\033[31m Not backed up(可忽略)\033[0m" fi#备份复制sshd.pam文件 if [ -f "/etc/pam.d/sshd.pam" ];then mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam_$date_time.bak else echo -e " sshd.pam不存在" "\033[31m Not backed up(可忽略)\033[0m" fi cp -rf $file_install/$openssh_version/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam#迁移ssh_config cp -rf $file_install/$openssh_version/sshd_config /etc/ssh/sshd_config sed -i 's/Subsystem/#Subsystem/g' /etc/ssh/sshd_config echo 'Subsystem sftp internal-sftp'>> /etc/ssh/sshd_config cp -rf $default/$openssh_version/sbin/sshd /usr/sbin/sshd cp -rf /$default/$openssh_version/bin/ssh /usr/bin/ cp -rf $default/$openssh_version/bin/ssh-keygen /usr/bin/ssh-keygen sed -i 's/#PasswordAuthentication\ yes/PasswordAuthentication\ yes/g' /etc/ssh/sshd_config #grep -v "[[:space:]]*#" /etc/ssh/sshd_config |grep "PubkeyAuthentication yes" echo 'PermitRootLogin no' >> /etc/ssh/sshd_config#重启sshd service sshd start > /dev/null 2>&1 if [ $? -eq 0 ];then echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 启动OpenSSH服务成功" "\033[32m Success\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo "" sleep 2 echo -e "\033[32m==================== OpenSSH veriosn =================== \033[0m" echo "" ssh -V echo "" echo -e "\033[32m======================================================== \033[0m" else echo -e "\033[33m--------------------------------------------------------------- \033[0m" echo -e " 启动OpenSSH服务失败,脚本退出中......" "\033[31m Error\033[0m" echo -e "\033[33m--------------------------------------------------------------- \033[0m" sleep 4 exit fi echo ""#}#删除源码包(可修改)rm -rf $file/*.tar.gz#rm -rf $file_install##sshd状态 echo "" echo -e "\033[33m输出sshd服务状态: \033[33m" sleep 1 echo "" systemctl status sshd.service echo "" echo "" echo "" sleep 1 echo -e "\033[33m==================== OpenSSH file =================== \033[0m"echo "" echo -e " Openssh升级安装目录请前往: " cd $file_install && pwd cd ~ echo "" echo -e " Openssh升级备份目录请前往: " cd $file_backup && pwd cd ~ echo "" echo -e " Openssh升级日志目录请前往: " cd $file_log && pwd cd ~ echo ""echo -e "\033[33m======================================================= \033[0m" |
3.5: 检查是否升级成功,查看是否为最新版本的ssh
1 | ssh -V |
3.6:如果升级成功之后,需要检查是否可以使用sftp,如果不可以使用,请检查自己的sftp-server的服务包的位置,查找到之后把位置替换到ssh的配置文件中后,重启ssh 命令如下:
1 | find / -name sftp-server |
1 2 3 4 5 6 | vi /etc/ssh/sshd_config找到Subsystem sftp internal-sftp 替换为 Subsystem sftp 刚刚查找到的位置保存后重启sshservice sshd restart |
3.7:善后工作: 关闭telnet服务
1 | systemctl stop telnet.socket |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构