查看openssh和openssl版本
# ssh -V # openssl version -a
一、升级openssl
1.下载openssl二进制安装包
# wget https://ftp.openssl.org/source/openssl-1.0.2t.tar.gz -P /opt/software # wget https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/openssl-fips-2.0.16.tar.gz -P /opt/software
2.安装依赖包
# yum install -y gcc gcc-c++ glibc make autoconf perl perl-devel pcre-devel pam-devel zlib-devel
3.备份openssl文件
# mv /usr/bin/openssl /usr/bin/openssl-old # mv /usr/include/openssl /usr/include/openssl-old //如报mv: cannot stat ‘/usr/include/openssl’: No such file or directory可忽略此步
4.编制安装openssl-fips
# cd /opt/software # tar -zxvf openssl-fips-2.0.16.tar.gz # cd openssl-fips-2.0.16 # ./config # make && make install
5.编译安装新版openssl
# cd /opt/software # tar -xf openssl-1.0.2t.tar.gz # cd openssl-1.0.2t # ./config -fPIC --prefix=/usr/local/openssl/ --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ enable-shared # make depend && make install 注:使用echo $? 命令查看make install是否有报错,0表示没有问题 # mkdir -p /usr/local/ssl/lib # cp lib* /usr/local/ssl/lib/ # ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl # ln -s /usr/local/openssl/include/openssl /usr/include/openssl # echo '/usr/local/ssl/lib' >> /etc/ld.so.conf # echo "include /usr/local/openssl/lib" >> /etc/ld.so.conf # ldconfig # openssl version -a OpenSSL 1.0.2t 10 Sep 2019 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/usr/local/openssl/ssl"
二、安装配置telnet服务
# yum install -y telnet-server xinetd # systemctl start telnet.socket # systemctl start xinetd # systemctl enable xinetd.service # systemctl enable telnet.socket 允许root用户直接登录telnet echo -e 'pts/0 pts/1 pts/2' >>/etc/securetty
注:如有防火墙要开启23端口并关闭selinx,开启telnet服务后使用telnet登录
三、升级openssh
1.下载openssh二进制安装包
# wget https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz -P /opt/software
2.备份ssh文件并删除原openssh程序
# systemctl stop sshd.service # cp -r /etc/ssh /etc/ssh-old # cp /etc/pam.d/sshd /etc/pam.d/sshd-old # rpm -e --nodeps `rpm -qa |grep openssh` # rm -rf /etc/ssh
3.编译新版本安装openssh
# cd /opt/software # tar -zxvf openssh-8.0p1.tar.gz # cd openssh-8.0p1 # ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam --with-tcp-wrappers # make && make install # cp -a /opt/software/openssh-8.0p1/contrib/redhat/sshd.init /etc/init.d/sshd # cp -a /opt/software/openssh-8.0p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam # chmod +x /etc/init.d/sshd # chkconfig --add sshd # chkconfig sshd on
4.配置sshd_config文件
# vi /etc/ssh/sshd_config修改内容如下: #Port 22 Port 22 #PermitRootLogin prohibit-password PermitRootLogin yes #UseDNS yes UseDNS no
5.验证配置
# service sshd start # ssh -V OpenSSH_8.0p1, OpenSSL 1.0.2t 28 May 2019