Linux升级OpenSSH 和 OpenSSL 详细步骤

升级所需的安装包都应提前放到服务器，以免后面无法连接

#####准备工作#####

一、配置更新 yum源 (是为了可以在线下载更新需要的安装包)
1.删除当前所有yum源文件
cd /etc/yum.repos.d
rm -rf 文件名
2.编辑新的yum源文件
vi rhel6.7.repo

粘贴如下信息保存 若这个粘贴出现错误就用CentOS-Base.repo文件里面的

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/6/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/6/updates/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/6/extras/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirrors.163.com/centos/6/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirrors.163.com/centos/6/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

3.清除yum缓存，使当前配置生效
yum clean all
4.新建yum缓存 （如果无法执行确定服务器是否能联网，需要配置网关）
yum makecache
5.更新yum库
yum -y update
6.查看是否配置成功
yum list

安装编译所需工具包
yum -y install gcc pam-devel zlib-devel

yum install -y openssl-devel

二、开启telnet远程登录（怕ssh无法连接，可以用telnet登陆重新配置）
1.查看是否安装了telnet
rpm -qa telnet-server
2.若未安装先xinetd
rpm -ivh xinetd-2.3.14-34.el6.x86_64.rpm

3.安装telnet-server
rpm -ivh telnet-server-0.17-47.el6.x86_64.rpm
或 yum install telnet-server

4.重新启动xinetd守护进程
service xinetd restart

5.测试
netstat -tnl | grep 23

6.上一步测试没有返回信息，则需要配置xinetd
vi /etc/xinetd.d/telnet
改disable为no
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}

7.重新启动xinetd守护进程
service xinetd restart

9.root是无法远程telnet登录的，所以要使用其他用户先登录然后使用
useradd jstuser 创建用户testuser
passwd jstuser 给已创建的用户testuser设置密码
su - root
输入密码登录

三、正式开始升级
1.安装zlib-1.2.11.tar.gz依赖
wget -c http://zlib.net/zlib-1.2.11.tar.gz 在线下载的，不行就直接用下好安装包放进去
tar zxvf zlib-1.2.11.tar.gz

cd zlib-1.2.11

./configure --prefix=/usr/local/zlib && make && make install

2.安装ssl依赖包
wget https://openssl.org/source/openssl-1.0.2t.tar.gz
tar -zxvf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config --prefix=/usr/local/openssl --openssldir=/etc/ssl --shared zlib
安装 测试 编译
make
make test
make install
检查安装是否成功
openssl version -a

3.安装ssh包
wget -c http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz

tar -zxvf openssh-8.1p1.tar.gz

cd openssh-8.1p

./configure --prefix=/usr/local/openssh --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl/bin --with-zlib=/usr/local/zlib --with-md5-passwords && make && make install

复制启动脚本到/etc/init.d
cp -p /etc/init.d/sshd /etc/init.d/sshd.lod_$(date +%Y-%m-%d_%H-%M)
删除旧的
rm /etc/init.d/sshd
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
赋予执行权限
chmod u+x /etc/init.d/sshd

加入开机启动
chkconfig --add sshd

chkconfig sshd on

解决root用户不能登陆的问题
修改配置文件/etc/ssh/sshd_config，添加下面的设置
PermitRootLogin yes
X11Forwarding yes -- 核实配置文件有没有
PubkeyAuthentication yes

/etc/init.d/sshd restart

ssh -V 查看是否更新成功


四、卸载telnet服务，因为telnet是不安全的
查找已经安装的telnet
rpm -qa | grep telnet

根据查出的，指定卸载
rpm -e telnet-0.17-48.el6.x86_64
rpm -e telnet-server-0.17-48.el6.x86_64