zoukankan      html  css  js  c++  java
  • centos升级openssl方法及步骤

    1.下载要升级到的openssl包
    https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz

    2.升级openssh前开通telnet
    1)查看telnet包
    rpm -qa|grep telnet
    --如未安装,则yum安装
    # yum install telnet
    # yum install telnet-server

    2)启动telnet
    --编辑telnet文件,将disable改成no
    # vi /etc/xinetd.d/telnet
    # default: on
    # description: The telnet server serves telnet sessions; it uses
    # unencrypted username/password pairs for authentication.
    service telnet
    {
    flags = REUSE
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/in.telnetd
    log_on_failure += USERID
    disable = no
    }

    --重启xinetd服务
    service xinetd restart
    or
    /etc/rc.d/init.d/xinetd restart

    --通过telnet连接服务器

    c:> telnet 192.168.5.5
    --默认telnet只能连接普通用户,然后,跳转到root用户

    3.备份原openssh相关文件
    # cp /usr/sbin/sshd /usr/sbin/sshd.bak
    # cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak
    # cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    # cp /etc/ssh/moduli /etc/ssh/moduli.bak
    --删除掉下面三个文件,否则安装的时候会报错.
    rm -rf /etc/ssh/ssh_config
    rm -rf /etc/ssh/sshd_config
    rm -rf /etc/ssh/moduli
    --安装编译所需包
    yum install gcc
    yum install pam-devel
    yum install zlib-devel
    yum install openssl-devel

    4.解压并安装新版本openssh
    # tar -zxvf openssh-7.4p1.tar.gz
    # cd openssh-7.4p1
    #./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --mandir=/usr/share/man
    --configure报错终止,重新编译前先清理之前的编译信息.
    # make clean
    # ldconfig
    # ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --mandir=/usr/share/man
    # make && make install

    # /etc/init.d/sshd restart

    5.覆盖旧的文件
    # cp -p /softs/openssh-7.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
    # hmod u+x /etc/init.d/sshd
    # chkconfig --add sshd
    # cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

    # cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
    cp: overwrite `/usr/sbin/sshd'? y
    cp: cannot create regular file `/usr/sbin/sshd': Text file busy
    文件正在被使用
    # ps -ef|grep sshd

    # kill -9 77777
    # ps -ef|grep sshd

    --重新覆盖:
    # cp /usr/local/openssh/bin/ssh /usr/bin/ssh
    # service sshd restart

    Stopping sshd: [ OK ]
    ssh-keygen: illegal option -- A
    usage: ssh-keygen [options]
    Options:
    ...

    # cat /etc/init.d/sshd
    start()
    {
    # Create keys if necessary
    /usr/bin/ssh-keygen -A
    if [ -x /sbin/restorecon ]; then
    /sbin/restorecon /etc/ssh/ssh_host_key.pub
    /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
    /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
    /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
    fi

    echo -n $"Starting $prog:"
    $SSHD $OPTIONS && success || failure
    RETVAL=$?
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
    echo
    }
    --因低版本的ssh-keygen没有-A参数,因此,如下解决。
    # cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

    --重启sshd服务:
    # service sshd restart

    # vi /etc/ssh/sshd_config

    --去掉如下条目注释,允许root通过ssh登录
    PermitRootLogin yes

    --注释掉下面三个参数
    #GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    #UsePAM yes

    6.重启sshd服务,并通过ssh连接服务器
    # service sshd restart
    c:> ssh 192.168.5.5

    # ssh -V

    7.禁用telnet
    # vi /etc/xinetd.d/telnet

    # default: on
    # description: The telnet server serves telnet sessions; it uses
    # unencrypted username/password pairs for authentication.
    service telnet
    {
    flags = REUSE
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/in.telnetd
    log_on_failure += USERID
    disable = yes
    }

    --停止xinetd服务
    # service xinetd stop
    # chkconfig --list xinetd
    # chkconfig xinetd off
    # chkconfig --list xinetd

    --如winscp登录linux报错,可如下解决
    # vi /etc/ssh/sshd_config
    --注释掉如下条目
    #Subsystem sftp /usr/libexec/openssh/sftp-server
    --添加如下条目
    Subsystem sftp internal-sftp

    --重启sshd服务:
    # service sshd restart

  • 相关阅读:
    update数据从一个表到另外一个表中
    数据泵导出
    导入库
    看函数
    导库中的一个表
    一个表的字段存在或者不存在另一表里
    语句2
    语句
    word 内容被锁定,无法修改
    gridview自带分页
  • 原文地址:https://www.cnblogs.com/lhdz_bj/p/10791329.html
Copyright © 2011-2022 走看看