Suse11 sp3 下升级 openssh-7.1脚本

客户系统检测出openssh版本过旧存在漏洞,所以决定写个脚本,需要四个包:openssh-7.1p2.tar,openssl-1.0.1s.tar,telnet-server-1.2-149.1.x86_64,zlib-1.2.8.tar

telnet 配置
  1 # default: off
  2 # description: Telnet is the old login server which is INSECURE and should \
  3 #   therefore yest be used. Use secure shell (openssh).
  4 #   If you need telnetd yest to "keep-alives" (e.g. if it runs over a ISDN \
  5 #   uplink), add "-n".  See 'man telnetd' for more details.
  6 service telnet
  7 {
  8     socket_type = stream
  9     protocol    = tcp
 10     wait        = no
 11     user        = root
 12     server      = /usr/sbin/in.telnetd
 13     disable     = no
 14 }

 

脚本如下:(亲测,可用)

#!/bin/bash
#program : Server auto deploy
#author : shenjianyu@thinktrader.net
#version : latst
#function : update openssh


##当前路径
current_dir="$(pwd) "
zlib_version="zlib-1.2.8"
openssh_version="openssh-7.1p2"
openssl_version="openssl-1.0.1s"
DATE=`date +%Y%m%d`
Distributor=`lsb_release -i|cut -c 17-`
BLUE_COLOR='\E[1;34m' #蓝
RED_COLOR='\E[1;31m' #红
BLACK_COLOR='\E[1;30m' #黑

echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### openssh install -----[success] #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${BLACK_COLOR} ${RES}"
sleep 5

##检查系统当前用户
if [ `id -u` != 0 ]; then
echo "Error: if you want to run this script,please use root to execute;"
exit 1
fi

##安装telnet
cd $current_dir
rpm -ivh telnet-server-1.2-149.1.x86_64.rpm
sed -e 's/yes/no/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
chkconfig --list | grep telnet
if [ $? -eq 0 ]; then
echo "install telnet ---------------------------[success]"
fi
sleep 5

##记录当前openssh版本信息
cd $current_dir
touch openssh_version.txt > /dev/null
echo `ssh -V` &> $current_dir/openssh_version.txt

##安装zlib,构建共享库
cd $current_dir
tar -zxvf zlib-1.2.8.tar.gz
cd $zlib_version
./configure --shared
sleep 3
/usr/bin/make install
cp zutil.h /usr/local/include
cp zutil.c /usr/local/include
/sbin/ldconfig -v
sleep 2

##进入安装包上传目录,解压openssl
cd $current_dir
tar -zxvf openssl-1.0.1s.tar.gz
cd $openssl_version
./config shared zlib
sleep 3
/usr/bin/make
sleep 2
/usr/bin/make install
echo "install openssl --------------------------[success]"
sleep 5

##修改配置文件,显示正常版本信息
mv `which openssl` /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
echo `ssh -V` &> /$current_dir/openssh_version.txt
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig -v

##软件安装之-Openssh安装
##禁用sshd服务,卸载原来的openssh版本
/sbin/service sshd stop
cp /etc/init.d/sshd /root/
if rpm -qa | grep openssh &> /dev/null
then
rpm -qa | grep openssh &> $current_dir/openssh_version.txt
while read line
do
rpm -e $line --nodeps
echo "remove $line ------------------------------[success]"
done <$current_dir/openssh_version.txt
fi

##解压缩openssh安装包,并进入解压缩文件编译安装
cd $current_dir
tar -zxvf openssh-7.1p2.tar.gz
cd $openssh_version
./configure --prefix=/usr --with-zlib=/root/zlib-1.2.8 --with-md5-passwords
sleep 2
/usr/bin/make
sleep 2
/usr/bin/make install

##启动调试ssh
#OS type
if [ "$Distributor" == "SUSE LINUX" ]; then
cd contrib/suse
cp rc.sshd /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
else

cd contrib/redhat 
cp sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd

fi
sed -i '10a PermitRootLogin YES' /usr/etc/sshd_config
service sshd restart
chkconfig sshd on
if netstat -tnlp | grep -w 22 &> /dev/null; then
echo "Start debugging-----------------------------------[success]" 
echo -e "${BLUE_COLOR}########################################################################################${RES}"
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### openssh install -----[success] #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}########################################################################################${RES}"
sleep 3
sed -i 's/no/yes/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
fi
ssh -V
exit 0

 

posted @ 2017-02-14 13:03  沈剑宇  阅读(4023)  评论(0编辑  收藏  举报