zoukankan      html  css  js  c++  java

  • centos7 升级openssh到openssh-8.3p1版本

    安装脚本

    #!/bin/bash

if [ ! -d /home/data ];then
      mkdir /home/data
fi
cd /home/data
yum install wget -y

wget -O openssh-8.3p1.tar.gz https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
wget -O zlib-1.2.11.tar.gz https://zlib.net/zlib-1.2.11.tar.gz
wget -O openssl-1.1.1g.tar.gz https://www.openssl.org/source/openssl-1.1.1g.tar.gz
######保证下载的文件在/home/data里,且文件名相同
tar -zxf openssl-1.1.1g.tar.gz
tar -zxf zlib-1.2.11.tar.gz
tar -zxf openssh-8.3p1.tar.gz
chown -R root:root /home/data
#######################0end----------############################

##1---配置Telnet,以防SSH配置过程中出现问题,可以使用Telnet登录----
setenforce 0                      
#关闭selinux
systemctl stop firewalld         
#关闭
systemctl disable firewalld

yum install telnet telnet-server xinetd -y
#vi /etc/xinetd.conf                   
#修改disabled = no  ,即可以使用telnet服务
cp /etc/xinetd.conf   /home/data/xinetd.comfbk
sed -i '14a      disabled = no ' /etc/xinetd.conf          
#在第14行增加 disabled = no
echo -e 'pts/0
pts/1
pts/2
pts/3'  >>/etc/securetty

systemctl start telnet.socket  #开启服务
systemctl start xinetd        #开启服务
systemctl enable telnet.socket   #开机自起服务
systemctl enable xinetd
##1end---------------------------------------------------------------

##2 升级 OpenZlib-----------------------------------------

yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
yum install  -y pam* zlib*


cd /home/data/zlib-1.2.11/
./configure --prefix=/usr/local/zlib
make && make install
##2end---------------------

##3升级openssl-------------
cd /home/data/openssl-1.1.1g/
./config --prefix=/usr/local/ssl -d shared
make && make install 
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig
mv /usr/bin/openssl /home/data/opensslbk
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

##3end--and start update SSH------------------------

##4-----安装OpenSSH 8.3p1-------
cd /home/data/openssh-8.3p1/
./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib
 make && make install

mv /etc/ssh/sshd_config /home/data/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /home/data/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /home/data/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /home/data/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /home/data/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

for  i   in  $(rpm  -qa  |grep  openssh);do  rpm  -e  $i  --nodeps ;done

mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config


cp /home/data/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x   /etc/init.d/sshd
#-------------修改配置文件------------
cp /etc/init.d/sshd /home/data/sshdnewbk
sed -i '/SSHD=/cSSHD=/usr/local/openssh/sbin/sshd'  /etc/init.d/sshd
sed -i '//usr/bin/ssh-keygen/c         /usr/local/openssh/bin/ssh-keygen -A'  /etc/init.d/sshd
sed -i '/ssh_host_rsa_key.pub/i                /sbin/restorecon /etc/ssh/ssh_host_key.pub'  /etc/init.d/sshd  
sed -i '/$SSHD $OPTIONS && success || failure/i        OPTIONS="-f /etc/ssh/sshd_config"' /etc/rc.d/init.d/sshd
#---------操作sshd_config-------
sed -i '/PasswordAuthentication/cPasswordAuthentication yes' /etc/ssh/sshd_config
sed -i '/X11Forwarding/cX11Forwarding yes' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

cp -arp /usr/local/openssh/bin/* /usr/bin/
service sshd restart

##3end------------------------------------------


#----------配置开机项---------------
chkconfig --add sshd
chkconfig --level 2345 sshd on
chkconfig --list
#----------关闭Telnet服务--------------- 
systemctl stop telnet.socket  
systemctl stop xinetd
systemctl disable xinetd.service
systemctl disable telnet.socket

#--------清理安装过程文件---------------------
rm -fr /home/data
  • 相关阅读:
    《不完美的她》开播,网友:周公子对「白帽子」有点误会吧?
    【Web安全】浅谈缓存XSS漏洞
    十分钟教你轻松掌握「移动PE导出表」,快来学习!
    干货分享丨表哥带你学习导入表及导入表注入
    「原创」萌新也能看懂的ThinkPHP3.2.3漏洞分析
    精选好文丨简析对称加密、非对称加密和混合加密
    工程师成长道路语录(转)
    在线画UML图的工具
    6种有效的开发模型(转)
    空降经理人的挑战 (原创)
  • 原文地址:https://www.cnblogs.com/faberbeta/p/13452603.html
Copyright © 2011-2022 走看看