zoukankan      html  css  js  c++  java

  • OpenSSH升级

    openssh升级

    系统版本:centos-7

    1. 安装依赖包

      yum install wget gcc -y
yum install zlib-devel openssl-devel  openssl -y
yum install pam-devel libselinux-devel glibc make autoconf pcre-devel -y

    2. 下载安装包

      wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz
wget http://prdownloads.sourceforge.net/libpng/zlib-1.2.11.tar.gz

    3. 编译安装zlib

      tar xf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install

    4. 编译安装openssl

      tar xf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v

#执行openssl version遇到下面为问题:
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
执行两条命令即可:
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

    5. 编译安装openssh

      tar xf openssh-8.6p1.tar.gz
cd openssh-8.6p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install

    6. 修改sshd_config文件

      echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

    7. 备份原有文件,修改新文件指向

      mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

    8. 复制配置文件

      cp -a contrib/redhat/sshd.init  /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod u+x /etc/init.d/sshd

    9. 配置开机自启

      chkconfig --add sshd
chkconfig sshd on
systemctl enable sshd
mv  /usr/lib/systemd/system/sshd.service{,.bak}

    10. 重启

      service sshd status

# 如果出现“Failed to get properties: Access denied”
执行:systemctl daemon-reexec

service sshd restart

    11. 查看结果

      [root@ct1 openssh-8.6p1]# ssh -V
OpenSSH_8.6p1, OpenSSL 1.1.1j  16 Feb 2021
  • 相关阅读:
    [WCF安全系列]从两种安全模式谈起
    为自定义配置的编辑提供”智能感知”的支持
    在Entity Framework中使用存储过程(二):具有继承关系实体的存储过程如何定义?
    [WCF安全系列]实例演示:TLS/SSL在WCF中的应用[HTTPS]
    [WCF安全系列]谈谈WCF的客户端认证[Windows认证]
    在Entity Framework中使用存储过程(三):逻辑删除的实现与自增长列值返回
    [转] Leaving patterns & practices
    两个简单的扩展方法:TrimPrefix和TrimSuffix
    Oracle 系统表
    让IoC动态解析自定义配置(提供基于Unity的实现)
  • 原文地址:https://www.cnblogs.com/os-linux/p/14959575.html
Copyright © 2011-2022 走看看