Centos7 离线升级openssh到9.3p1

参考:https://blog.csdn.net/qq_29768197/article/details/125048720

参考:https://blog.csdn.net/weixin_46739058/article/details/129189927

 参考:https://blog.csdn.net/vipee1/article/details/127264883

 

1、官方下载地址: http://www.zlib.net/        zlib-1.2.12.tar.gz

wget http://www.zlib.net/zlib-1.2.13.tar.gz

 2、官方下载地址:https://www.openssl.org/source/        openssl-1.1.1u.tar.gz

wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz

3、官方下载地址:http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/                   openssh-9.3p1.tar.gz

wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz

 4、解压

tar zxvf /root/zlib-1.2.13.tar.gz
tar zxvf /root/openssl-1.1.1u.tar.gz
tar zxvf /root/openssh-9.3p1.tar.gz

5、安装gcc(没有就安装)下载地址参考:https://blog.csdn.net/vipee1/article/details/127264883

tar zxvf  /root/gcc-c++-4.8.5-39.el7.x86_64.tar.gz
cd /root/cd gcc-c++-4.8.5-39.el7.x86_64
rpm -Uvh *.rpm --nodeps --force

 

 6、编译安装zlib

cd /root/zlib-1.2.13
 
./configure --prefix=/usr/local/zlib
 
 
make && make install
 
echo '/usr/local/zlib/lib' >> /etc/ld.so.conf  
ldconfig -v

7、编译安装openssl

cd  /root/openssl-1.1.1u 
 
./config --prefix=/usr/local/ssl -d shared
 
make && make install   (时间比较长,切勿打断)
 
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v

8、编译安装openssh

cd /root/openssh-9.3p1
 
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
 
make && make install

9、卸载系统里原有Openssh(一般有三个包,全部卸载)

rpm -qa | grep openssh
根据上面查询出的结果,卸载系统里原有Openssh(一般有三个包,只卸载openssh和openssh-server,  openssh-clients不用删除)
rpm -e --nodeps  xxxxxxxxxx
rpm -e --nodeps openssh-server-7.4p1-21.el7.x86_64
rpm -e --nodeps openssh-7.4p1-21.el7.x86_64

卸载完成后执行rpm -qa | grep openssh
rpm -qa | grep openssh
openssh-clients-7.4p1-21.el7.x86_64

10、配置ssh,备份原有文件,并将新的配置复制到指定目录

echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
 
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
 
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
 
mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
 
scp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
 
mv -f /usr/sbin/sshd /usr/sbin/sshd.bak
 
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
 
mv -f /usr/bin/ssh /usr/bin/ssh.bak
 
scp /usr/local/openssh/bin/ssh /usr/bin/ssh
 
mv -f /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
 
scp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
 
mv -f /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
 
scp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
 
scp  /root/openssh-9.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
 
chmod +x /etc/init.d/sshd
 
chkconfig --add sshd
 
chkconfig sshd on
 
chmod 600 /etc/ssh/ssh_host_rsa_key
 
chmod 600 /etc/ssh/ssh_host_ecdsa_key
 
chown -R root.root /var/empty/sshd
 
chmod 744 /var/empty/sshd

11、重启服务,验证

重启sshd服务
systemctl restart sshd

验证ssh版本
ssh -V

 

一键升级脚本:(需要在脚本和包放在/root目录下)

vim /root/update_openssh.sh
chmod a+x /root/update_openssh.sh
#! /bin/bash

echo "---解压包---"
tar zxvf /root/zlib-1.2.13.tar.gz
tar zxvf /root/openssl-1.1.1u.tar.gz
tar zxvf /root/openssh-9.3p1.tar.gz

echo "---安装gcc---"
tar zxvf /root/gcc-c++-4.8.5-39.el7.x86_64.tar.gz
cd /root/gcc-c++-4.8.5-39.el7.x86_64 && rpm -Uvh *.rpm --nodeps --force

echo "---安装zlib---"
cd /root/zlib-1.2.13 && ./configure --prefix=/usr/local/zlib && make && make install
echo '/usr/local/zlib/lib' >> /etc/ld.so.conf 
ldconfig -v

echo "---安装openssl---"
cd /root/openssl-1.1.1u && ./config --prefix=/usr/local/ssl -d shared && make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v

echo "---安装openssh---"
cd /root/openssh-9.3p1 && ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
cd /root/openssh-9.3p1 && make && make install

echo "---卸载系统里原有Openssh---"
rpm -qa | grep openssh | grep -v client | xargs  rpm -e --nodeps

echo "---配置ssh---"
echo 'PermitRootLogin yes' >> /usr/local/openssh/etc/sshd_config
 
echo 'PubkeyAuthentication yes' >> /usr/local/openssh/etc/sshd_config
 
echo 'PasswordAuthentication yes' >> /usr/local/openssh/etc/sshd_config
 
mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
 
scp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
 
mv -f /usr/sbin/sshd /usr/sbin/sshd.bak
 
scp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
 
mv -f /usr/bin/ssh /usr/bin/ssh.bak

scp /usr/local/openssh/bin/ssh /usr/bin/ssh
 
mv -f /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
 
scp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
 
mv -f /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
 
scp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
 
scp /root/openssh-9.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
 
chmod +x /etc/init.d/sshd
 
chkconfig --add sshd
 
chkconfig sshd on
 
chmod 600 /etc/ssh/ssh_host_rsa_key
 
chmod 600 /etc/ssh/ssh_host_ecdsa_key
 
chown -R root.root /var/empty/sshd
 
chmod 744 /var/empty/sshd

echo "---重启sshd---"
systemctl restart sshd

ssh -V

 

posted @ 2023-07-27 16:46  苦逼yw  阅读(1238)  评论(0编辑  收藏  举报