客户系统检测出openssh版本过旧存在漏洞,所以决定写个脚本,需要四个包:openssh-7.1p2.tar,openssl-1.0.1s.tar,telnet-server-1.2-149.1.x86_64,zlib-1.2.8.tar
telnet 配置
1 # default: off
2 # description: Telnet is the old login server which is INSECURE and should
3 # therefore yest be used. Use secure shell (openssh).
4 # If you need telnetd yest to "keep-alives" (e.g. if it runs over a ISDN
5 # uplink), add "-n". See 'man telnetd' for more details.
6 service telnet
7 {
8 socket_type = stream
9 protocol = tcp
10 wait = no
11 user = root
12 server = /usr/sbin/in.telnetd
13 disable = no
14 }
脚本如下:(亲测,可用)
#!/bin/bash
#program : Server auto deploy
#author : shenjianyu@thinktrader.net
#version : latst
#function : update openssh
##当前路径
current_dir="$(pwd) "
zlib_version="zlib-1.2.8"
openssh_version="openssh-7.1p2"
openssl_version="openssl-1.0.1s"
DATE=`date +%Y%m%d`
Distributor=`lsb_release -i|cut -c 17-`
BLUE_COLOR='E[1;34m' #蓝
RED_COLOR='E[1;31m' #红
BLACK_COLOR='E[1;30m' #黑
echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### openssh install -----[success] #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${BLACK_COLOR} ${RES}"
sleep 5
##检查系统当前用户
if [ `id -u` != 0 ]; then
echo "Error: if you want to run this script,please use root to execute;"
exit 1
fi
##安装telnet
cd $current_dir
rpm -ivh telnet-server-1.2-149.1.x86_64.rpm
sed -e 's/yes/no/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
chkconfig --list | grep telnet
if [ $? -eq 0 ]; then
echo "install telnet ---------------------------[success]"
fi
sleep 5
##记录当前openssh版本信息
cd $current_dir
touch openssh_version.txt > /dev/null
echo `ssh -V` &> $current_dir/openssh_version.txt
##安装zlib,构建共享库
cd $current_dir
tar -zxvf zlib-1.2.8.tar.gz
cd $zlib_version
./configure --shared
sleep 3
/usr/bin/make install
cp zutil.h /usr/local/include
cp zutil.c /usr/local/include
/sbin/ldconfig -v
sleep 2
##进入安装包上传目录,解压openssl
cd $current_dir
tar -zxvf openssl-1.0.1s.tar.gz
cd $openssl_version
./config shared zlib
sleep 3
/usr/bin/make
sleep 2
/usr/bin/make install
echo "install openssl --------------------------[success]"
sleep 5
##修改配置文件,显示正常版本信息
mv `which openssl` /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
echo `ssh -V` &> /$current_dir/openssh_version.txt
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig -v
##软件安装之-Openssh安装
##禁用sshd服务,卸载原来的openssh版本
/sbin/service sshd stop
cp /etc/init.d/sshd /root/
if rpm -qa | grep openssh &> /dev/null
then
rpm -qa | grep openssh &> $current_dir/openssh_version.txt
while read line
do
rpm -e $line --nodeps
echo "remove $line ------------------------------[success]"
done <$current_dir/openssh_version.txt
fi
##解压缩openssh安装包,并进入解压缩文件编译安装
cd $current_dir
tar -zxvf openssh-7.1p2.tar.gz
cd $openssh_version
./configure --prefix=/usr --with-zlib=/root/zlib-1.2.8 --with-md5-passwords
sleep 2
/usr/bin/make
sleep 2
/usr/bin/make install
##启动调试ssh
#OS type
if [ "$Distributor" == "SUSE LINUX" ]; then
cd contrib/suse
cp rc.sshd /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
else
cd contrib/redhat
cp sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
fi
sed -i '10a PermitRootLogin YES' /usr/etc/sshd_config
service sshd restart
chkconfig sshd on
if netstat -tnlp | grep -w 22 &> /dev/null; then
echo "Start debugging-----------------------------------[success]"
echo -e "${BLUE_COLOR}########################################################################################${RES}"
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### openssh install -----[success] #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}########################################################################################${RES}"
sleep 3
sed -i 's/no/yes/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
fi
ssh -V
exit 0