openssh升级笔记

openssl升级
查看openssl版本
openssl version

yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
下载openssl最新版本
https://www.openssl.org/source/
tar xf openssl-1.0.2r.tar.gz
cd openssl-1.0.2r/
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
./config shared && make && make install
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ll /usr/bin/openssl
ll /usr/include/openssl -ld
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig
openssl version
openssh升级
查看openssh版本
ssh -V
检查安装的openssh
rpm -qa|grep openssh

避免openssh升级失败无法登录,需安装telnet
yum install -y telnet-server xinetd
echo -e "pts/0\npts/1\npts/2\npts/3" >>/etc/securetty
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
卸载旧的openssh
rpm -e rpm -qa | grep openssh --nodeps
如果之前就是源码安装的,找到之前的安装包,在里面执行
make uninstall
安装必要的软件
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
rm -rf /etc/ssh/*
解压编译
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam
make && make install
vim /etc/ssh/sshd_config
PermitRootLogin yes
/etc/init.d/sshd restart
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
chkconfig sshd on
/etc/init.d/sshd restart
systemctl status sshd

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
ssh -V
验证完毕后关闭telnet服务
删除增加的4行:
pts/0
pts/1
pts/2
pts/3
停止telnet服务
systemctl stop telnet.socket
systemctl disable telnet.socket
systemctl stop xinetd.service
systemctl disable xinetd.service

禁用scp命令
rpm -qa|grep openssh-*
yum remove openssh-clients -y
删除了openssh-clients后,就会报下面的错误: -bash: scp: command not found

posted @ 2021-01-22 17:09  霸都运维  阅读(128)  评论(0编辑  收藏  举报