1 ssh版本检查
本文档针对于ssh版本低于7.0的系统,升级为openssh7.5 p1。
ssh –V [root@kuajing-db3 ~]# ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
2 OPENssh7.5安装步骤
卸载原有openssh
yum remove openssh -y
准备编译环境:
yum install gcc openssl-devel zlib-devel
上传openssh安装包到/mnt并解压进行编译:
tar zxvf openssh-7.5p1.tar.gz cd openssh-7.5p1 ./configure make && make install
拷贝ssh服务文件
cp /usr/local/bin/ssh /usr/bin/ssh cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd cp ./contrib/redhat/sshd.init /etc/init.d/sshd
修改配置文件
修改/etc/ssh/sshd_config
将#PermitRootLogin修改为PermitRootLogin yes
修改/usr/libexec/sftp-server为/usr/local/libexec/sftp-server
修改 /etc/init.d/sshd
将SSHD=/usr/sbin/sshd 改为 SSHD=/usr/local/sbin/sshd
将/usr/sbin/ssh-keygen -A 改为 /usr/local/bin/ssh-keygen -A
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
加入系统服务
chkconfig --add sshd
chkconfig sshd on
检查服务
chkconfig --list |grep sshd sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
启动服务
service sshd start
检查ssh版本
[root@oracle ~]# ssh -V OpenSSH_7.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013
3 OPENssh升级脚本
根据以上升级过程编写了脚本自动执行操作,脚本内容如下
#!/bin/bash sshInst() { yum remove openssh -y yum install gcc openssl-devel zlib-devel -y cd /mnt tar zxvf openssh-7.5p1.tar.gz -C /mnt/ cd ./openssh-7.5p1 ./configure make && make install } CHG_SSHD() { chmod +x /etc/init.d/sshd OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"' OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd` if [ -z "${OPT_EXIST}" ];then sed -i '/$SSHD $OPTIONS &&/i\t'"${OPT_VALUE}"'' /etc/init.d/sshd else echo ${OPT_EXIST} fi PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd` if [ -n "${PATH_EXIST}" ];then echo "${PATH_EXIST}" else sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd fi echo "/etc/init.d/sshd file changes completed." } CHG_CONF() { ##Chenge /etc/ssh/sshd_config cp sshd_config /etc/ssh/sshd_config sed -i '/#PermitRootLogin/iPermitRootLogin yes' /etc/ssh/sshd_config PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config` if [ -z "${PATH_EXIST}" ];then sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config else echo "${PATH_EXIST}" fi echo "/etc/ssh/sshd_config file changes completed." } OPATH=/usr/ NPATH=/usr/local/ echo -n "The SSH current version is:" ssh -V while true;do echo -n "Continue to update?(yes/no)" read INPUT case $INPUT in Y|y|YES|yes) sshInst echo -n "Press any key to continue....." read AnyKey cp /usr/local/bin/ssh /usr/bin/ssh echo "Copying ssh....Done." cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub echo "Copying ssh_host_ecdsa_key.pub....Done." cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd echo "Copying sshd....Done." CHG_SSHD CHG_CONF break;; N|n|NO|no) echo exited exit ;; "") break;; esac done ssh -V chkconfig --add sshd #解决root用户无法登陆 echo "PermitRootLogin yes" >> /etc/ssh/sshd_config echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config chkconfig sshd on service sshd start echo "Operation is completed." #centos7重启ssh操作 #systemctl daemon-reload #systemctl restart sshd
注意:代码copy可能出现编译错误,需要先进行如下处理
sed -i 's/ $//' XXX.sh
会把 XXX.sh 中的 替换成空白!
再次编译!成功!!
如果没有安装zlib,需要先安装zlib,再行脚本:
yum install zlib