#!/bin/bash
########################################################################################################
#This script is created by KaShing at 2022-01-04
#upgrade openssh to version 8.5 and rename it OpenSSH_Stable , which date of manufacture is 2021-03-03
#upgrade openssl to version 1.1.1j , which date of manufacture is 2021-02-16
#######################################################################################################
install_ssh()
{
NOW=`date +%Y%m%d`
setenforce 0
cd /usr/local/
#Decompression installation package
tar -xvf /usr/local/openssh-8.5p1.tar.gz
tar -xvf /usr/local/openssl-1.1.1j.tar.gz
openssh_dir=/usr/local/openssh
if [ -d $openssh_dir ];then
rm -rf $openssh_dir
fi
mv /usr/local/openssh-8.5p1/ /usr/local/openssh/
#Back up original files
mv -f /etc/init.d/sshd /etc/init.d/sshd_$NOW
mv -f /usr/bin/ssh /usr/bin/ssh_$NOW
mv -f /usr/sbin/sshd /usr/sbin/sshd_$NOW
mv -f /etc/ssh /etc/ssh_$NOW
mv -f /etc/ssl /etc/ssl_$NOW
mv -f /usr/bin/openssl /usr/local/openssl_$NOW
mv -f /usr/include/openssl /usr/include/openssl_$NOW
mv -f /usr/lib/openssl /usr/lib/openssl_$NOW
#Install the package of openssl
cd /usr/local/openssl-1.1.1j/
./config --prefix=/usr/ssl --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
#Add shared libraries libssl.so.1.1 and add command
ln -s /usr/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/ssl/include/openssl /usr/include/openssl
echo "/usr/ssl/lib64/" > /etc/ld.so.conf.d/ssl.conf
ldconfig
#Install the package of openssh and hidden version
sed -i 's/OpenSSH_8.5/OpenSSH_Stable/' /usr/local/openssh/version.h
sed -i 's/p1//' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/ssl --with-md5-passwords --with-pam=enable --mandir=/usr/share/man --without-openssl-header-check
make
make install
#Copy system files
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
#The solution to Centos 7
if [ `cat /etc/redhat-release | awk -F . '{print $1}' | awk '{print $NF}'` -eq 7 ];then
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.bak
mv /usr/lib/systemd/system/sshd.socket /usr/lib/systemd/system/sshd.bak_1
systemctl daemon-reload
fi
#Login to other server configurations
cat >> /etc/ssh/ssh_config << EOF
IPQoS lowdelay throughput
StrictHostKeyChecking no
EOF
#Complete the installation and restart the service
chkconfig sshd on
rm -rf /usr/local/openssh-8.5p1.tar.gz
rm -rf /usr/local/openssl-1.1.1j.tar.gz
service sshd restart
}
check_depend_pack()
{
#Check for dependent packages
NUM=`rpm -qa gcc zlib-devel perl pam-devel | wc -l`
if [[ $NUM -lt 4 ]];then
echo -e "\033[43;31mSorry Sir. You need to install package gcc and zlib-devel and perl and pam-devel.\033[0m"
else
install_ssh
fi
}
#Program entry
check_depend_pack
