aix6.1升级openssh&&openssl

 

scp root@10.0..0.5:/mnt/openssl-1.0.2.1801/openssl-1.0.2.1801/* /mnt/openssl
# ssh -V
OpenSSH_6.0p1, OpenSSL 0.9.8x 10 May 2012

# lslpp -l|grep open
openssh.base.client 6.0.0.6100 COMMITTED Open Secure Shell Commands
openssh.base.server 6.0.0.6100 COMMITTED Open Secure Shell Server
openssh.man.en_US 6.0.0.6100 COMMITTED Open Secure Shell
openssh.msg.en_US 6.0.0.6100 COMMITTED Open Secure Shell Messages -
openssl.base 0.9.8.2400 COMMITTED Open Secure Socket Layer
openssl.license 0.9.8.2400 COMMITTED Open Secure Socket License
openssl.man.en_US 0.9.8.2400 COMMITTED Open Secure Socket Layer
openssh.base.client 6.0.0.6100 COMMITTED Open Secure Shell Commands
openssh.base.server 6.0.0.6100 COMMITTED Open Secure Shell Server
openssl.base 0.9.8.2400 COMMITTED Open Secure Socket Layer
# oslevel
6.1.0.0

1 启动telnet
cat /etc/inetd.conf|grep -i telnet
startsrc -t telnet
cat /etc/inetd.conf|grep -i telnet

2 备份ssh信息
lslpp -l|grep -i openssh
lslpp -l|grep -i openssl
cp -pr /etc/ssh /etc/ssh_backup_20200527
vi /etc/ssh/sshd_config vi /etc/ssh/sshd_config 将PermitRootlogin Yes前面的#去掉并保存退出
3 查看升级前ssh服务进程号
lssrc -g ssh
4 查看gpfs运行状态
mmgetstate -aLs
5 升级openssl
cd /mnt/openssl
tar -xvf openssl-1.0.2.1801.tar
cd /mnt/openssl/*1801
smitty update_all
lslpp -l|grep -i openssl
errpt
6 升级openssh
cd /mnt/openssh
tar -xvf OpenSSH_7.5.102.1801.tar
cd /mnt/openssh/*1801
smitty update_all
lslpp -l|grep -i openssh
errpt
7 查看配置文件是否变化
ls -al /etc/ssh
ls -al /etc/ssh_backup_20200508
cat /etc/ssh/sshd_config|grep -v '#'
cat /etc/ssh_backup_20200508/sshd_config|grep -v '#'
8 重启ssh服务 lssrc -g ssh
stopsrc -s sshd;startsrc -s sshd
lssrc -g ssh
注意这一步 不要退出终端，并且要再打开一个新终端确认能正常登录，才可以
11 将打开的telnet关闭 stopsrc -t telnet
cat /etc/inetd.conf|grep -i telnet
系统运行几天确认无误后再关闭