Redhat7.3升级OpenSSH
创建本地YUM源
cd /mnt
mkdir cdrom
mount -o loop -t iso9660 /dev/cdrom /mnt/cdrom/
cd /etc/yum.repos.d/
vi redhat7.repo
[redhat7]
name=redhat7
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=0
再输入yum repolist 查看可用yum源
再输入yum makecache 缓存本地源
注意:
如果想永久挂载的话就需要编辑vi /etc/fstab 这个文件在末尾添加一行,本次不需要
/dev/sr0 /mnt/cdrom udf defaults 0 0
cd /usr/local/src/
mv /openssh-7.9p1.tar.gz ./
tar -zxvf *
安装telnet服务,防止ssh升级后登录不上,如果以安装跳过
rpm -qa|grep telnet
rpm -qa|grep xinetd
telnet的安装和启动
1. 安装telent服务端
yum -y install telnet-server*
2.安装telnet客户端
yum install telnet.*
3.安装telnet守护进程xinetd
yum install xinetd.x86_64
4、启动telnet服务
vi /etc/xinetd.d/telnet,将disable=yes改成disable=no;
systemctl start telnet.socket
关闭telnet服务
vi /etc/xinetd.d/telnet,将disable=no改成disable=yes
systemctl stop telnet.socket
5、关闭防火墙
systemctl stop firewalld
安装编译所需工具包
yum -y install gcc pam-devel zlib-devel
yum -y install openssl-devel
find / -name openssl
find / -name ssh
whereis ssh
备份当前openssh
# 备份启动脚本以及配置文件
cp -rf /etc/init.d/ssh /etc/init.d/ssh.old
cp -rf /etc/ssh /etc/ssh.old
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
tar -zxf openssh-7.9p1.tar.gz
cd openssh-7.9p1
yum install -y gcc openssl-devel pam-devel rpm-build
make && make install
---------------------------------------------
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so
make && make install
---------------------------------------------
修改配置文件,允许root登录
/bin/sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
/bin/sed -i 's_#PermitRootLogin yes_PermitRootLogin yes_g' /etc/ssh/sshd_config
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
编译OpenSSH可能遇到的报错
# 报错: configure: error: PAM headers not found
# 解决: ubuntu: apt-get install libpam0g-dev
# centos: yum -y install pam-devel
# 报错: configure: error: *** OpenSSL headers missing - please install first or check config.log ***
# 解决: ubuntu: apt-get install libssl-dev
# centos: yum -y install openssl-devel
恢复
cp -rf /etc/ssh.old /etc/ssh