升级ssh和ssl

一、查看ssh版本和ssl版本

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ssh -V

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# openssl version

二、下载安装包上传并解压

下载安装包

下载openssh地址:https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

下载openssl地址:https://ftp.openssl.org/source/

以下面版本为例:

 

上传安装包到服务器

安装lrzsz,方便上传文件到服务器(可不用此方式上传文件)。

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# yum install lrzsz

rz 上传文件

sz 下载文件

-y 参数表示覆盖原文件

例如:[root@iZe3e0601c6zlmi2ilbh7iZ ~]# rz -y

上传文件会保存到当前路径下。

解压

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# tar -zxvf openssh-8.0p1.tar.gz

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# tar -zxvf openssl-1.1.1h.tar.gz

三、安装ssh

检查openssh

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# rpm -qa|grep openssh

openssh-clients-7.4p1-16.el7.x86_64

openssh-server-7.4p1-16.el7.x86_64

openssh-7.4p1-16.el7.x86_64

避免openssh失败无法登陆安装telnet

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# yum install -y telnet-server xinetd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# echo -e 'pts/0\pts/1\npts/2\pts/3'  >>/etc/securetty

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl enable xinetd.service

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl enable telnet.socket

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl start telnet.socket

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl start xinetd

卸载旧的openssh

rpm -e `rpm -qa | grep openssh` --nodeps

安装必要软件

yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel

安装ssh

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ll

total 11164

drwxr-xr-x  5 1000 1000   12288 Apr 18  2019 openssh-8.0p1

-rw-r--r--  1 root root 1597697 Sep 29 14:38 openssh-8.0p1.tar.gz

drwxrwxr-x 18 root root    4096 Sep 22 20:55 openssl-1.1.1h

-rw-r--r--  1 root root 9810045 Sep 30 10:14 openssl-1.1.1h.tar.gz

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# cd openssh-8.0p1

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# make

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# make install

若出现以下报错。

 

执行命令

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# chmod 600 /etc/ssh/ssh_host_*

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# install -v -m755 contrib/ssh-copy-id /usr/bin

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# install -v -m755 -d /usr/share/doc/openssh-8.0p1

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# echo 'UsePAM yes' >> /etc/ssh/sshd_config

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# chmod +x /etc/init.d/sshd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# chkconfig --add sshd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# chkconfig sshd on

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# chkconfig --list sshd

 

重启验证

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl restart sshd

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ssh -V

 

验证完毕后,关闭telnet服务

vi /etc/securetty

删除增加的4行:

pts/0

pts/1

pts/2

pts/3

停止telnet服务

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl stop telnet.socket

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl disable telnet.socket

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl stop xinetd.service

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# systemctl disable xinetd.service

四、安装ssl

查看ssl版本

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# openssl version

 

cdopenssl-1.1.1h

 

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# cd openssl-1.1.1h

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ./config --prefix=/usr/local/openssl

 

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# make && make install

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# mv /usr/bin/openssl /usr/bin/openssl.bak

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf

设置使生效

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# ldconfig -v                 

验证

[root@iZe3e0601c6zlmi2ilbh7iZ ~]# openssl version

 

 

posted @ 2020-10-22 14:32  1769987233  阅读(558)  评论(0编辑  收藏  举报