升級所需的安裝包都應提前放到服務器,以免后面無法連接
#####准備工作#####
一、配置更新 yum源 (是為了可以在線下載更新需要的安裝包)
1.刪除當前所有yum源文件
cd /etc/yum.repos.d
rm -rf 文件名
2.編輯新的yum源文件
vi rhel6.7.repo
粘貼如下信息保存 若這個粘貼出現錯誤就用CentOS-Base.repo文件里面的
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/6/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/6/updates/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/6/extras/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirrors.163.com/centos/6/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirrors.163.com/centos/6/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
3.清除yum緩存,使當前配置生效
yum clean all
4.新建yum緩存 (如果無法執行確定服務器是否能聯網,需要配置網關)
yum makecache
5.更新yum庫
yum -y update
6.查看是否配置成功
yum list
安裝編譯所需工具包
yum -y install gcc pam-devel zlib-devel
yum install -y openssl-devel
二、開啟telnet遠程登錄(怕ssh無法連接,可以用telnet登陸重新配置)
1.查看是否安裝了telnet
rpm -qa telnet-server
2.若未安裝先xinetd
rpm -ivh xinetd-2.3.14-34.el6.x86_64.rpm
3.安裝telnet-server
rpm -ivh telnet-server-0.17-47.el6.x86_64.rpm
或 yum install telnet-server
4.重新啟動xinetd守護進程
service xinetd restart
5.測試
netstat -tnl | grep 23
6.上一步測試沒有返回信息,則需要配置xinetd
vi /etc/xinetd.d/telnet
改disable為no
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
7.重新啟動xinetd守護進程
service xinetd restart
9.root是無法遠程telnet登錄的,所以要使用其他用戶先登錄然后使用
useradd jstuser 創建用戶testuser
passwd jstuser 給已創建的用戶testuser設置密碼
su - root
輸入密碼登錄
三、正式開始升級
1.安裝zlib-1.2.11.tar.gz依賴
wget -c http://zlib.net/zlib-1.2.11.tar.gz 在線下載的,不行就直接用下好安裝包放進去
tar zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib && make && make install
2.安裝ssl依賴包
wget https://openssl.org/source/openssl-1.0.2t.tar.gz
tar -zxvf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config --prefix=/usr/local/openssl --openssldir=/etc/ssl --shared zlib
安裝 測試 編譯
make
make test
make install
檢查安裝是否成功
openssl version -a
3.安裝ssh包
wget -c http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
tar -zxvf openssh-8.1p1.tar.gz
cd openssh-8.1p
./configure --prefix=/usr/local/openssh --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl/bin --with-zlib=/usr/local/zlib --with-md5-passwords && make && make install
復制啟動腳本到/etc/init.d
cp -p /etc/init.d/sshd /etc/init.d/sshd.lod_$(date +%Y-%m-%d_%H-%M)
刪除舊的
rm /etc/init.d/sshd
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
賦予執行權限
chmod u+x /etc/init.d/sshd
加入開機啟動
chkconfig --add sshd
chkconfig sshd on
解決root用戶不能登陸的問題
修改配置文件/etc/ssh/sshd_config,添加下面的設置
PermitRootLogin yes
X11Forwarding yes -- 核實配置文件有沒有
PubkeyAuthentication yes
/etc/init.d/sshd restart
ssh -V 查看是否更新成功
四、卸載telnet服務,因為telnet是不安全的
查找已經安裝的telnet
rpm -qa | grep telnet
根據查出的,指定卸載
rpm -e telnet-0.17-48.el6.x86_64
rpm -e telnet-server-0.17-48.el6.x86_64