openssh升级7.9p1
openssh
安装Zlib
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --shared
make -j 8
make test
make install
安装OpenSSL
查看当前openssl版本:
[root@i-1E2B5395 ~]# which openssl
/usr/bin/openssl
[root@i-1E2B5395 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
wegt https://www.openssl.org/source/openssl-1.0.2r.tar.gz
tar zxvf openssl-1.0.2r.tar.gz
cd openssl-1.0.2r
#(默认安装路径/usr/local/ssl)
./config shared
make -j 8
make test
make install
把老的openssl文件进行备份
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
做链接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
vi /etc/ld.so.conf #在第一行加/usr/local/ssl/lib
/usr/local/ssl/lib
include ld.so.conf.d/*.conf
让配置文件生效
[root@i-1E2B5395 openssl-1.0.2r]# ldconfig
[root@i-1E2B5395 openssl-1.0.2r]# openssl version -a
OpenSSL 1.0.2r 26 Feb 2019
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/ssl"
升级装OpenSSH
保险起见,升级前请开启telnet
yum -y install telnet telnet-server
vi /etc/xinetd.d/telnet
把disable修改为 no
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
启动服务
service xinetd restart
测试telnet 登录
[root@i-1E2B5395 openssh-7.9p1]# lsof -i:23
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 14283 root 5u IPv6 114815438 0t0 TCP *:telnet (LISTEN)
查看当前版本:
[root@i-1E2B5395 ~]# which ssh
/usr/bin/ssh
[root@i-1E2B5395 ~]# ssh -version
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Bad escape character 'rsion'.
安装:
卸载当前版本的ssh
[root@i-1E2B5395 ~]# rpm -e --nodeps `rpm -qa | grep openssh`
warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave
安装:
wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
tar zxvf openssh-7.9p1.tar.gz
cd openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/src/openssl-1.0.2r/ --with-zlib --with-md5-passwords
make -j 8
make install
替换新版本
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
cp contrib/redhat/sshd.init /etc/init.d/sshd
修改配置文件 允许root远程,注释#AuthorizedKeysFile
vim /etc/ssh/sshd_config
AuthorizedKeysFile .ssh/authorized_keys
PermitRootLogin yes
KexAlgorithms=+diffie-hellman-group1-sha1
service sshd restart
验证成功后关闭telnet
service xinetd stop