zoukankan      html  css  js  c++  java

  • SSH升级

    查看ssh版本

    ╭─root@zxw18 ~  
╰─➤  ssh -V                                                                                                      
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

    挂载

    ╭─root@zxw18 ~  
╰─➤  mount /dev/cdrom /mnt
mount: /dev/sr0 写保护,将以只读方式挂载

    安装必要的软件包gcc、telnet、xinetd、make、pam-devel、zlib等

    ╭─root@zxw18 ~  
╰─➤  yum -y install gcc telnet  xinetd  make  pam-devel zlib vnc  libcap-devel   openssl-devel telnet-server

     centos7的telnet配置文件是:/etc/xinetd.conf。centos7以前的是/etc/xinetd.d/telnet

    ╭─root@zxw18 ~  
╰─➤  vim /etc/xinetd.conf  
        disabled        =  no

    或者

    ╭─root@zxw18 ~
    ╰─➤ echo -e "pts/0 \npts/1 \npts/2 \npts/3" >>/etc/securetty

    启动xinet,查看端口23

    ╭─root@zxw18 ~  
╰─➤  systemctl restart xinetd

    ╭─root@zxw18 ~
    ╰─➤ systemctl start telnet.socket

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1
    ╰─➤ ss -tnl
    State Recv-Q Send-Q Local Address:Port Peer Address:Port
    LISTEN 0 128 *:111 *:*
    LISTEN 0 128 :::111 :::*
    LISTEN 0 128 :::23 

     

    创建telnet远程用户

    ╭─root@zxw18 ~  
╰─➤  useradd user
╭─root@zxw18 ~  
╰─➤  echo "123" |passwd --stdin user
更改用户 user 的密码 。
passwd:所有的身份验证令牌已经成功更新。

    停止当前ssh服务,并备份

    ╭─root@zxw18 ~  
╰─➤  systemctl stop sshd
╭─root@zxw18 ~  
╰─➤  mv /etc/ssh /etc/ssh.old

    查询并卸载openssh

    ╭─root@zxw18 ~  
╰─➤  rpm -qa |grep openssh
openssh-server-6.6.1p1-31.el7.x86_64
openssh-6.6.1p1-31.el7.x86_64
openssh-clients-6.6.1p1-31.el7.x86_64
╭─root@zxw18 ~  
╰─➤  rpm -e --nodeps `rpm -qa |grep openssh`

    下载openssh安装包

    官方下载地址http://www.openssh.com/portable.html#http

    上次ssh安装包并进入解压

    ╭─root@zxw18 ~  
╰─➤  rz                                                                       127 ↵
rz waiting to receive.
 zmodem trl+C ȡ

  100%    1661 KB 1661 KB/s 00:00:01       0 Errors.

╭─root@zxw18 ~  
╰─➤  tar -xzf openssh-8.2p1.tar.gz -C /usr/local/src/openssh-8.2p1

    编译安装

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ./configure --prefix=/usr 
    --sysconfdir=/etc/ssh 
    --with-md5-passwords
    --with-pam
    --with-ssh1 
    --with-zlib 
    --with-openssl-includes=/usr 
    --with-privsep-path=/var/lib/sshd
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  make && make install

    安装后环境配置

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  cp /usr/local/src/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd 
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  chmod +x /etc/init.d/sshd
chkconfig --add sshd                                                                
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  chkconfig --add sshd
chkconfig --level 2345 sshd on#                                                     
    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  chkconfig --level 2345 sshd on

    必须禁用selinux,否则会导致无法连接

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  cat /etc/sysconfig/selinux 
SELINUX=disabled

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1
    ╰─➤ getenforce 0
    Disabled

    启动ssh服务,查看ssh端口

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl start sshd
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ss -tnl
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN     0      128            *:111                        *:*                  
LISTEN     0      128            *:22                         *:*                  
LISTEN     0      128           :::111                       :::*                  
LISTEN     0      128           :::22                        :::*                  
LISTEN     0      128           :::23                        :::*

    验证是否升级成功

    LISTEN     0      128           :::23                        :::*                  
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  ssh -V
OpenSSH_8.2p1, OpenSSL 1.0.2k-fips  26 Jan 2017

    验证完毕后,关闭telnet服务

    ╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl stop telnet.socket
╭─root@zxw18 /usr/local/src/openssh-8.2p1  
╰─➤  systemctl stop xinetd.service

     报错

    Key exchange failed.
No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

    解决

    ╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/ssh_config 
  Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc   #打开注释
  MACs hmac-md5,hmac-sha1,umac-64@openssh.com                #打开注释    
    ╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/sshd_config        #最后一行添加
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-gr
oup-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    ╭─root@zxw18 ~  
╰─➤  systemctl restart sshd

    解决root用户不能登陆一直提示密码错误

    ╭─root@zxw18 ~  
╰─➤  vim /etc/ssh/sshd_config
PasswordAuthentication yes     #取消这一行注释
PermitRootLogin yes                #添加PermitRootLogin yes行
    ╭─root@zxw18 ~  
╰─➤  vim /etc/init.d/sshd 
        echo -n $"Starting $prog:"
        OPTIONS="-f /etc/ssh/sshd_config"                  #添加一行
        $SSHD $OPTIONS && success || failure
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
        echo
}

    在$SSHD $OPTIONS && success || failure这句话前面加一句:PTIONS="-f /etc/ssh/sshd_config"

    ╭─root@zxw18 ~  
╰─➤  systemctl restart sshd  
Warning: sshd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
╭─root@zxw18 ~  
╰─➤  systemctl daemon-reload
╭─root@zxw18 ~  
╰─➤  systemctl restart sshd
  • 相关阅读:
    CSS 文本换行及指定行数显示
    JavaScript随机生成六位数
    Vue 添加评论,node作后台保存到MongoDB数据库中
    详情页面中根据ID请求数据
    多线程学习笔记
    串口 PLC 编程FAQ
    NI CWGraph 显示波形图
    华为企业级AS111-S,比较垃圾的地方
    jqmobile FAQ
    给easyui datebox扩展一个清空按钮,无侵入
  • 原文地址:https://www.cnblogs.com/itzhao/p/15543705.html
Copyright © 2011-2022 走看看