SSH升级

查看ssh版本

╭─root@zxw18 ~  
╰─➤  ssh -V                                                                                                      
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

挂载

╭─root@zxw18 ~  
╰─➤  mount /dev/cdrom /mnt
mount: /dev/sr0 写保护,将以只读方式挂载

安装必要的软件包gcc、telnet、xinetd、make、pam-devel、zlib等

╭─root@zxw18 ~  
╰─➤  yum -y install gcc telnet  xinetd  make  pam-devel zlib vnc  libcap-devel   openssl-devel telnet-server

 centos7的telnet配置文件是:/etc/xinetd.conf。centos7以前的是/etc/xinetd.d/telnet

╭─root@zxw18 ~  
╰─➤  vim /etc/xinetd.conf  
        disabled        =  no

或者

╭─root@zxw18 ~
╰─➤ echo -e "pts/0 \npts/1 \npts/2 \npts/3" >>/etc/securetty

 

启动xinet,查看端口23

╭─root@zxw18 ~  
╰─➤  systemctl restart xinetd 

╭─root@zxw18 ~
╰─➤ systemctl start telnet.socket

╭─root@zxw18 /usr/local/src/openssh-8.2p1
╰─➤ ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::23

 

创建telnet远程用户

╭─root@zxw18 ~  
╰─➤  useradd user
╭─root@zxw18 ~  
╰─➤  echo "123" |passwd --stdin user
更改用户 user 的密码 。
passwd:所有的身份验证令牌已经成功更新。

停止当前ssh服务,并备份

╭─root@zxw18 ~  
╰─➤  systemctl stop sshd
╭─root@zxw18 ~  
╰─➤  mv /etc/ssh /etc/ssh.old

查询并卸载openssh

╭─root@zxw18 ~  
╰─➤  rpm -qa |grep openssh
openssh-server-6.6.1p1-31.el7.x86_64
openssh-6.6.1p1-31.el7.x86_64
openssh-clients-6.6.1p1-31.el7.x86_64
╭─root@zxw18 ~  
╰─➤  rpm -e --nodeps `rpm -qa |grep openssh`

下载openssh安装包

官方下载地址http://www.openssh.com/portable.html#http

上次ssh安装包并进入解压

╭─root@zxw18 ~  
╰─➤  rz                                                                       127 ↵
rz waiting to receive.
 zmodem trl+C ȡ

  100%    1661 KB 1661 KB/s 00:00:01       0 Errors.

╭─root@zxw18 ~  
╰─➤  tar -xzf openssh-8.2p1.tar.gz -C /usr/local/src/openssh-8.2p1

编译安装

╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ./configure --prefix=/usr 
--sysconfdir=/etc/ssh
--with-md5-passwords
--with-pam
--with-ssh1
--with-zlib
--with-openssl-includes=/usr
--with-privsep-path=/var/lib/sshd ╭─root@zxw18 /usr/local/src/openssh-8.2p1 ╰─➤ make && make install

安装后环境配置

╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  cp /usr/local/src/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd 
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  chmod +x /etc/init.d/sshd
chkconfig --add sshd                                                                
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  chkconfig --add sshd
chkconfig --level 2345 sshd on#                                                     
╭─root@zxw18 /usr/local/src/openssh-8.2p1 ╰─➤ chkconfig --level 2345 sshd on

必须禁用selinux,否则会导致无法连接

╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  cat /etc/sysconfig/selinux 
SELINUX=disabled

╭─root@zxw18 /usr/local/src/openssh-8.2p1
╰─➤ getenforce 0
Disabled

启动ssh服务,查看ssh端口

╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl start sshd
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ss -tnl
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN     0      128            *:111                        *:*                  
LISTEN     0      128            *:22                         *:*                  
LISTEN     0      128           :::111                       :::*                  
LISTEN     0      128           :::22                        :::*                  
LISTEN     0      128           :::23                        :::* 

验证是否升级成功

LISTEN     0      128           :::23                        :::*                  
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ssh -V
OpenSSH_8.2p1, OpenSSL 1.0.2k-fips  26 Jan 2017

验证完毕后,关闭telnet服务

╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl stop telnet.socket
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl stop xinetd.service

 

 报错

Key exchange failed.
No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

解决

╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/ssh_config 
  Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc   #打开注释
  MACs hmac-md5,hmac-sha1,umac-64@openssh.com                #打开注释    
╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/sshd_config        #最后一行添加
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-gr
oup-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
╭─root@zxw18 ~  
╰─➤  systemctl restart sshd

解决root用户不能登陆一直提示密码错误

╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/sshd_config
PasswordAuthentication yes     #取消这一行注释
PermitRootLogin yes                #添加PermitRootLogin yes行
╭─root@zxw18 ~  
╰─➤  vim /etc/init.d/sshd 
        echo -n $"Starting $prog:"
        OPTIONS="-f /etc/ssh/sshd_config"                  #添加一行
        $SSHD $OPTIONS && success || failure
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
        echo
}

在$SSHD $OPTIONS && success || failure这句话前面加一句:PTIONS="-f /etc/ssh/sshd_config"

╭─root@zxw18 ~  
╰─➤  systemctl restart sshd  
Warning: sshd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
╭─root@zxw18 ~  
╰─➤  systemctl daemon-reload
╭─root@zxw18 ~  
╰─➤  systemctl restart sshd 

 

posted on 2021-11-12 11:29  我就是我没毛病  阅读(270)  评论(0编辑  收藏  举报

导航