zoukankan      html  css  js  c++  java
  • openssh一键升级脚本(测试成功)

    1 ssh版本检查

    本文档针对于ssh版本低于7.0的系统,升级为openssh7.5 p1。

    ssh –V
    [root@kuajing-db3 ~]# ssh -V
    OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
    

      

     

    2  OPENssh7.5安装步骤

    卸载原有openssh

    yum remove openssh -y

    准备编译环境:

    yum install gcc openssl-devel zlib-devel

    上传openssh安装包到/mnt并解压进行编译:

    tar zxvf openssh-7.5p1.tar.gz
    cd openssh-7.5p1
    ./configure
    make && make install

    拷贝ssh服务文件

    cp /usr/local/bin/ssh /usr/bin/ssh
    cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
    cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
    cp ./contrib/redhat/sshd.init /etc/init.d/sshd

    修改配置文件

    修改/etc/ssh/sshd_config

    将#PermitRootLogin修改为PermitRootLogin yes

    修改/usr/libexec/sftp-server为/usr/local/libexec/sftp-server

    修改 /etc/init.d/sshd

    将SSHD=/usr/sbin/sshd 改为 SSHD=/usr/local/sbin/sshd

    将/usr/sbin/ssh-keygen -A 改为 /usr/local/bin/ssh-keygen -A

    在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’

    加入系统服务 

    chkconfig --add sshd
    chkconfig sshd on

    检查服务

    chkconfig --list |grep sshd
    sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off

    启动服务

    service sshd start

    检查ssh版本

    [root@oracle ~]# ssh -V
    OpenSSH_7.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

     

     

    3 OPENssh升级脚本

    根据以上升级过程编写了脚本自动执行操作,脚本内容如下

    #!/bin/bash
    sshInst()
    {
           yum remove openssh -y
           yum install gcc openssl-devel zlib-devel -y
           cd /mnt
           tar zxvf openssh-7.5p1.tar.gz -C /mnt/
           cd ./openssh-7.5p1
           ./configure
           make && make install
     
    }
     
    CHG_SSHD()
    {
           chmod +x /etc/init.d/sshd
           OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'
           OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`
            if [ -z "${OPT_EXIST}" ];then
                    sed -i '/$SSHD $OPTIONS &&/i\t'"${OPT_VALUE}"'' /etc/init.d/sshd
            else
                    echo ${OPT_EXIST}
            fi
            PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`
            if [ -n "${PATH_EXIST}"  ];then
                    echo "${PATH_EXIST}"
            else
                    sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd
            fi
                  echo "/etc/init.d/sshd file changes completed."
    }
    CHG_CONF()
    {
    ##Chenge /etc/ssh/sshd_config 
           cp sshd_config /etc/ssh/sshd_config
           sed -i '/#PermitRootLogin/iPermitRootLogin yes' /etc/ssh/sshd_config
           PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`
           if [ -z "${PATH_EXIST}" ];then
                  sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config
           else
                  echo "${PATH_EXIST}"
           fi
           echo "/etc/ssh/sshd_config file changes completed."
    }
     
    OPATH=/usr/
    NPATH=/usr/local/
    echo -n "The SSH current version is:" 
    ssh -V 
    while true;do
        echo -n "Continue to update?(yes/no)"
        read INPUT
        case $INPUT in
            Y|y|YES|yes)
                sshInst
          echo -n "Press any key to continue....."
          read AnyKey
     
          cp /usr/local/bin/ssh /usr/bin/ssh
          echo "Copying ssh....Done."
          cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
          echo "Copying ssh_host_ecdsa_key.pub....Done."
          cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
          echo "Copying sshd....Done."
          CHG_SSHD
          CHG_CONF
          break;;
            N|n|NO|no)
              echo exited
              exit ;;
            "")
          break;;
      esac
    done
    
    ssh -V
    
    chkconfig --add sshd
    
    #解决root用户无法登陆
    echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
    echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
    chkconfig sshd on
    service sshd start
    echo "Operation is completed."
    
    #centos7重启ssh操作
    #systemctl daemon-reload
    #systemctl restart sshd

    注意:代码copy可能出现编译错误,需要先进行如下处理

    sed -i 's/
    $//' XXX.sh

            会把 XXX.sh 中的 替换成空白!

            再次编译!成功!!

    如果没有安装zlib,需要先安装zlib,再行脚本:

    yum install zlib
  • 相关阅读:
    树线段hdu 4508 美素数(线段树)
    自定义context自定义Dialog之Progress(二)
    实现语言C语言简单实现五子棋
    调用博客paip.基于HTML gui界面的javascript JS实现SLEEP。。
    水印控件windows phone中,制作一个自定义的密码输入框控件,含图片,有水印,星号显示
    请求网络网络编程
    调试网页PAIP HTML的调试与分析工具
    输出流输入输入输出流
    标记协议http协议与XML书写规范及解析技术
    描述算法10673 Play with Floor and Ceil
  • 原文地址:https://www.cnblogs.com/windy-xmwh/p/11484404.html
Copyright © 2011-2022 走看看