CentOS7升级openssh8.0

脚本升级

#!/bin/bash
#script to upgrade OpenSSH(8.0)


#backup SSH conf
mkdir -p /tmp/ssh-backup
mv /etc/ssh/* /tmp/ssh-backup
#backup pam
cp /etc/pam.d/sshd{,.old}
#尽量yum升级至默认版本,OpenSSH_7.4p1
yum update openssh -y


#为防止万一,先安装配置telnet
yum -y install telnet telnet-server xinetd
#在/etc/securetty文件末尾添加内容:
echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
echo "pts/3" >> /etc/securetty
#启动telnet服务并设置开机自动启动
systemctl enable xinetd
systemctl enable telnet.socket 
systemctl start telnet.socket
if [ $? -eq 0 ]; then
     echo "succeed for telent" >> /tmp/update-openssl.log
else
     echo "failed" for telnet >> /tmp/update-openssl.log
fi
systemctl start xinetd
netstat -lntp|grep 23


#安装依赖组件,注意将编译安装的高版本剔除出yum列表
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
#安装zlib和pam
yum install  -y pam* zlib*
#升级openssl
#https://www.cnblogs.com/suminem/p/13625172.html


#upgrade OpenSSH
cd /usr/src
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar xfz openssh-8.0p1.tar.gz 
cd openssh-8.0p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/   --with-zlib   --with-md5-passwords   --with-pam && make && make install
if [ $? -eq 0 ]; then
     echo "succeed for install openssh" >> /tmp/update-openssl.log
else
     echo "failed for install openssh" >> /tmp/update-openssl.log
fi
#Modify sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin\ yes/g' /etc/ssh/sshd_config
sed -i 's/#StrictModes yes/StrictModes\ no/g' /etc/ssh/sshd_config
#复制配文件并配置开机启动
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /tmp/ssh-backup
chkconfig sshd on
systemctl restart sshd
if [ $? -eq 0 ]; then
     echo "succeed for start sshd" >> /tmp/update-openssl.log
else
     echo "failed for start sshd" >> /tmp/update-openssl.log
fi


#检验成功后关闭telent
systemctl stop xinetd
yum remove -y telnet-server
systemctl start xinetd

  

posted @ 2020-09-18 10:01  suminem  阅读(258)  评论(0编辑  收藏  举报