Linux Centos7.9 OpenSSH升级到9.8p1最新版详细教程
前言
本次测试系统为Centos7.9 2009版本,升级前OpenSSH版本7.4p1,OpenSSL版本1.0.2k,其他系统及版本请自行测试。
一、升级前预备工作
1、查看操作系统版本号
2、备份现有配置
- cp -rf /etc/ssh /etc/ssh.bak
- cp -rf /usr/bin/openssl /usr/bin/openssl.bak
- cp -rf /etc/pam.d /etc/pam.d.bak
- cp -rf /usr/lib/systemd/system /system.bak
- #1.telnet安装
- yum install -y telnet telnet-server xinetd
- #2.启动telnet服务
- systemctl start xinetd && systemctl start telnet.socket
- #3.开放防火墙23端口
- firewall-cmd --zone=public --add-port=23/tcp --permanent
- #4.重新加载防火墙规则
- firewall-cmd --complete-reload
- #5.查询23端口放行情况
- firewall-cmd --query-port=23/tcp
- #6.开放telnet明文登录
- sed -i 's/^auth[[:space:]]\+required[[:space:]]\+pam_securetty.so/#&/' /etc/pam.d/remote
- #7.测试telnet登录
- telnet ip
- #8.加入开机启动
- systemctl enable telnet.socket
1、安装依靠和下载安装包
1.1 依靠及编译环境安装
- # 安装相关的依赖项,如有遗漏再次安装
- yum install -y vim gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers libedit-devel perl-IPC-Cmd wget tar lrzsz nano
- 或者
- # 安装相关的依赖项,如有遗漏再次安装
- yum -y install gcc pam-devel zlib-devel openssl-devel net-tools
- cd /usr/local/src
- wget https://www.zlib.net/zlib-1.3.1.tar.gz
- wget https://www.openssl.org/source/openssl-3.3.1.tar.gz
- wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
- cd /usr/local/src/
- tar -zxvf zlib-1.3.1.tar.gz
- tar -zxvf openssl-3.3.1.tar.gz
- tar -zxvf openssh-9.8p1.tar.gz
2、安装Zlib
- #1.进入zlib-1.3.1目录
- cd /usr/local/src/zlib-1.3.1
- #2.配置
- ./configure --prefix=/usr/local/src/zlib
- #3.编译及安装(编译时间预计几分钟,视机器而定)
- make -j 4 && make test && make install
- #1.进入openssl-3.3.1目录
- cd /usr/local/src/openssl-3.3.1
- #2.配置
- ./config --prefix=/usr/local/src/openssl
- #3.编译及安装(编译时间预计几分钟,视机器而定)
- make -j 4 && make install
- #4.配置
- mv /usr/bin/openssl /usr/bin/oldopenssl
- ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
- ln -s /usr/local/src/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
- ln -s /usr/local/src/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
- #5.更新动态库
- echo "/usr/local/src/openssl/lib64" >> /etc/ld.so.conf
- ldconfig
- #6.查看更新后的版本
- openssl version -v
4.1 卸载旧版本OpenSSH服务
- #1.卸载openssh7.4p1
- yum remove -y openssh
- #2.清理残余文件
- rm -rf /etc/ssh/*
- #1.进入openssh-9.8p1目录
- cd /usr/local/src/openssh-9.8p1
- #2.配置
- ./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
- #3.编译及安装
- make -j 4 && make install
- #4.查看目录版本
- /usr/local/src/ssh/bin/ssh -V
- #5.复制新ssh文件
- cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
- cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
- cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
- cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
- cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
- #6.允许root登录
- echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
- echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
- #重启sshd服务
- /etc/init.d/sshd restart
- #查看服务运行状态
- /etc/init.d/sshd status
- #添加开机启动
- chkconfig --add sshd
- #查看升级后ssh版本
- ssh -V
提示:这篇文章只作为学习记录,感谢原作者分享。
参考链接:https://blog.csdn.net/zt19820204/article/details/137877652
- https://blog.csdn.net/qq18346342939/article/details/140149193?spm=1001.2101.3001.6650.4&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EYuanLiJiHua%7EPosition-4-140149193-blog-131764681.235%5Ev43%5Epc_blog_bottom_relevance_base3&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EYuanLiJiHua%7EPosition-4-140149193-blog-131764681.235%5Ev43%5Epc_blog_bottom_relevance_base3&utm_relevant_index=9
|
