Openssl&Openssh升级至最新版本

Openssl升级至最新版本

升级前备份
mkdir /mnt/ssl.bak/
cp /usr/lib64/libcrypto.so.10 /mnt/ssl.bak/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /mnt/ssl.bak/libssl.so.10.old

yum install -y gcc openssl-devel pam-devel zlib zlib-devel

find / -name openssl

mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
mv /usr/include/openssl /usr/include/openssl.old

卸载：
rpm -qa | grep openssl
rpm -e rpm -qa | grep openssl --nodeps

升级：
wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz

tar -zxvf openssl-1.0.1h.tar.gz -C /opt/

cd openssl-1.0.1h

./config --prefix=/usr --openssldir=/etc/ssl --shared zlib

make
make install
openssl version -a

D、恢复共享库 (……)

cp /mnt/ssl.bak/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
cp /mnt/ssl.bak/libssl.so.10.old /usr/lib64/libssl.so.10

=============================================================
不卸载老版本，则需要

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl

echo "/usr/local/lib64/" >> /etc/ld.so.conf

ldconfig

openssl version -a

===================================================================================

Openssh升级至最新版本

1.防止openssh升级失败
rpm -qa | grep telnet

yum install -y telnet-server

yum install -y xinetd

sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet

service xinetd restart

lsof -i :23

测试 (这用普通用户)

telnet localhost

升级
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

yum install -y gcc openssl-devel pam-devel zlib zlib-devel

mv /etc/ssh /mnt/ssh.bak 备份原有密钥信息

rpm -qa | grep openssh
rpm -e rpm -qa | grep openssh --nodeps

tar -xzf openssh-8.0p1.tar.gz -C /opt

cd openssh-8.0p1

./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh

make && make install

cp /mnt/ssh.bak/* /etc/ssh/

echo 'PermitRootLogin yes' >>/etc/ssh/sshd_config
sed -i 's/^UsePAM/#&/' /etc/ssh/sshd_config
sed -i 's/^GSSAPICleanupCredentials/#&/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication/#&/' /etc/ssh/sshd_config

cp /etc/init.d/sshd /mnt/sshd.bak

cp contrib/redhat/sshd.init /etc/init.d/sshd

which sshd 与 /etc/init.d/sshd中sshd的路径需要相同
which ssh-keygen 与 /etc/init.d/sshd中ssh-keygen的路径需要相同

chkconfig --add sshd

chkconfig sshd on

ls /usr/libexec/openssh || mkdir //usr/libexec/openssh
ls /usr/libexec/openssh/sftp-server || cp /opt/openssh-8.0p1/sftp-server /usr/libexec/openssh/

service sshd reload 重载后会断开ssh，请务必之前把telnet配置好，否则无法远程，开启sshd

ssh -V