zoukankan      html  css  js  c++  java
  • centos7 升级openssh到openssh-8.3p1版本

    安装脚本

    #!/bin/bash
    
    if [ ! -d /home/data ];then
          mkdir /home/data
    fi
    cd /home/data
    yum install wget -y
    
    wget -O openssh-8.3p1.tar.gz https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
    wget -O zlib-1.2.11.tar.gz https://zlib.net/zlib-1.2.11.tar.gz
    wget -O openssl-1.1.1g.tar.gz https://www.openssl.org/source/openssl-1.1.1g.tar.gz
    ######保证下载的文件在/home/data里,且文件名相同
    tar -zxf openssl-1.1.1g.tar.gz
    tar -zxf zlib-1.2.11.tar.gz
    tar -zxf openssh-8.3p1.tar.gz
    chown -R root:root /home/data
    #######################0end----------############################
    
    ##1---配置Telnet,以防SSH配置过程中出现问题,可以使用Telnet登录----
    setenforce 0                      
    #关闭selinux
    systemctl stop firewalld         
    #关闭
    systemctl disable firewalld
    
    yum install telnet telnet-server xinetd -y
    #vi /etc/xinetd.conf                   
    #修改disabled = no  ,即可以使用telnet服务
    cp /etc/xinetd.conf   /home/data/xinetd.comfbk
    sed -i '14a      disabled = no ' /etc/xinetd.conf          
    #在第14行增加 disabled = no
    echo -e 'pts/0
    pts/1
    pts/2
    pts/3'  >>/etc/securetty
    
    systemctl start telnet.socket  #开启服务
    systemctl start xinetd        #开启服务
    systemctl enable telnet.socket   #开机自起服务
    systemctl enable xinetd
    ##1end---------------------------------------------------------------
    
    ##2 升级 OpenZlib-----------------------------------------
    
    yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
    yum install  -y pam* zlib*
    
    
    cd /home/data/zlib-1.2.11/
    ./configure --prefix=/usr/local/zlib
    make && make install
    ##2end---------------------
    
    ##3升级openssl-------------
    cd /home/data/openssl-1.1.1g/
    ./config --prefix=/usr/local/ssl -d shared
    make && make install 
    echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
    ldconfig
    mv /usr/bin/openssl /home/data/opensslbk
    ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
    
    ##3end--and start update SSH------------------------
    
    ##4-----安装OpenSSH 8.3p1-------
    cd /home/data/openssh-8.3p1/
    ./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib
     make && make install
    
    mv /etc/ssh/sshd_config /home/data/sshd_config.bak
    cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
    mv /usr/sbin/sshd /home/data/sshd.bak
    cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
    mv /usr/bin/ssh /home/data/ssh.bak
    cp /usr/local/openssh/bin/ssh /usr/bin/ssh
    mv /usr/bin/ssh-keygen /home/data/ssh-keygen.bak
    cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
    mv /etc/ssh/ssh_host_ecdsa_key.pub /home/data/ssh_host_ecdsa_key.pub.bak
    cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
    
    for  i   in  $(rpm  -qa  |grep  openssh);do  rpm  -e  $i  --nodeps ;done
    
    mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
    mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
    
    
    cp /home/data/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
    chmod u+x   /etc/init.d/sshd
    #-------------修改配置文件------------
    cp /etc/init.d/sshd /home/data/sshdnewbk
    sed -i '/SSHD=/cSSHD=/usr/local/openssh/sbin/sshd'  /etc/init.d/sshd
    sed -i '//usr/bin/ssh-keygen/c         /usr/local/openssh/bin/ssh-keygen -A'  /etc/init.d/sshd
    sed -i '/ssh_host_rsa_key.pub/i                /sbin/restorecon /etc/ssh/ssh_host_key.pub'  /etc/init.d/sshd  
    sed -i '/$SSHD $OPTIONS && success || failure/i        OPTIONS="-f /etc/ssh/sshd_config"' /etc/rc.d/init.d/sshd
    #---------操作sshd_config-------
    sed -i '/PasswordAuthentication/cPasswordAuthentication yes' /etc/ssh/sshd_config
    sed -i '/X11Forwarding/cX11Forwarding yes' /etc/ssh/sshd_config
    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    
    cp -arp /usr/local/openssh/bin/* /usr/bin/
    service sshd restart
    
    ##3end------------------------------------------
    
    
    #----------配置开机项---------------
    chkconfig --add sshd
    chkconfig --level 2345 sshd on
    chkconfig --list
    #----------关闭Telnet服务--------------- 
    systemctl stop telnet.socket  
    systemctl stop xinetd
    systemctl disable xinetd.service
    systemctl disable telnet.socket
    
    #--------清理安装过程文件---------------------
    rm -fr /home/data
  • 相关阅读:
    Squid-Squid 多层Cache 如何设置实现墙内直连,墙外域名走国外Proxy
    利用win2008虚拟化hyper-v 和squid反向代理,自己做个IDC
    再次分享 pyspider 爬虫框架
    刘宇:我如何5分钟拿到李书福的投资?
    刘宇:2014年投资感悟
    刘宇(正和磁系资本创始人)_百度百科
    python编写的自动获取代理IP列表的爬虫-chinaboywg-ChinaUnix博客
    采集爬虫中,解决网站限制IP的问题?
    Web 应用性能和压力测试工具 Gor
    dnspod-sr内网轻量级DNS首选方案
  • 原文地址:https://www.cnblogs.com/faberbeta/p/13452603.html
Copyright © 2011-2022 走看看