0%

Linux升级openssh

升级前的准备

查看当前openssh版本

1
2
[root@localhost ~]# ssh -V    
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

上传新版本openssh

1
2
3
4
5
[root@localhost software]# ls -ltrh    
total 9.2M
-rw-r--r--. 1 root root 1.5M Jun 28 09:14 openssh-7.2p2.tar.gz
-rw-r--r--. 1 root root 5.1M Jun 28 09:14 openssl-1.0.2h.tar.gz
-rw-r--r--. 1 root root 2.7M Jun 28 09:14 zlib-1.2.8.tar.gz

安装依赖包

1
yum -y install gcc* make perl pam pam-devel zlib zlib-devel openssl openssl-devel telnet-server

安装telnet并启用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# vi /etc/xinetd.d/telnet
disable=no

# vi /etc/securetty
pst/1
pst/2
pst/3
pst/4
pst/5
pst/6
pst/7
pst/8
pst/9
pst/10
pst/11

# service xinetd start

升级openssh

通过telnet连接并卸载openssh

1
2
3
4
rpm -e --nodeps openssh-askpass-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-clients-5.3p1-84.1.el6.x86_64
rpm -e --nodeps openssh-server-5.3p1-84.1.el6.x86_64

安装zlib

1
2
# tar -xvf zlib-1.2.8.tar.gz
# ./configure --prefix=/usr/local/zlib && make && make install

安装openssl

1
2
3
4
# tar -xvf openssl-1.0.2h.tar.gz
# ./config --prefix=/usr/local/openssl
# make depend
# make && make install

安装openssh

1
2
3
4
# tar -xvf openssh-7.2p2.tar.gz
# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh \
-with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib \
--with-md5-passwords --without-hardening && make && make install

拷贝sshd服务到/etc/init.d下

1
2
# cp /software/openssh-7.2p2/contrib/redhat/sshd.init /etc/init.d/sshd
# chmod +x /etc/init.d/sshd

修改sshd配置

1
2
3
# vi /etc/init.d/sshd
SSHD=/usr/local/openssh/sbin/sshd
# /usr/local/openssh/bin/ssh-keygen -A

sshd自启动

1
2
3
4
# chkconfig --add sshd  
# chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# service sshd start

Tips:安装完成默认不允许root用户远程登陆,需要修改PermitRootLogin为yes

修改环境变量

1
# echo "export PATH=$PATH:/usr/local/openssh/bin" >> /etc/profile

查看ssh版本并卸载telnet

1
2
3
4
5
# ssh -V    
OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016

# service stop xinetd
# rpm -e --nodeps telnet*