Linux升級openssh過程
之前由於有需要升級到openssh,現在整理下。
1.先安裝telnet-server,防止升級openssh過程中出現意外再也無法使用ssh遠程。
2.升級openssl。
3.升級openssh過程。
下文詳解。
4.確定沒問題后禁用telnet-server等服務。
openssh升級
官網下載:http://www.openssh.com/ 點左下角的鏈接下載:For other systems:Linux
安裝依賴包:
前邊升級openssl已經安裝過了。
yum install -y gcc gcc-c++ glibc make autoconf pcre-devel pam-devel automake makedepend perl-Test-Simple perl zlib zlib-devel
備份openssh:
mv /usr/bin/ssh /usr/bin/ssh.bak mv /usr/sbin/sshd /usr/sbin/sshd.bak mv /etc/ssh /etc/ssh.bak [root@dm8 ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 [root@dm8 ~]# mv /usr/bin/ssh /usr/bin/ssh.bak [root@dm8 ~]# mv /usr/sbin/sshd /usr/sbin/sshd.bak [root@dm8 ~]# mv /etc/ssh /etc/ssh.bak
解壓編譯和安裝:
tar -zxvf openssh-8.7p1.tar.gz cd openssh-8.7p1 ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam --with-ssl-engine make make install echo $? ssh -V vi /etc/ssh/sshd_config 添加或修改: PermitRootLogin yes PasswordAuthentication yes UseDNS no cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam systemctl stop sshd.service ##不會影響已經連接的會話 mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak systemctl daemon-reload /etc/init.d/sshd start cp /run/systemd/generator.late/sshd.service /usr/lib/systemd/system/sshd.service systemctl daemon-reload systemctl restart sshd systemctl status sshd systemctl enable sshd [root@dm8 soft]# tar -zxvf openssh-8.7p1.tar.gz [root@dm8 soft]# cd openssh-8.7p1 [root@dm8 openssh-8.7p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam --with-ssl-engine [root@dm8 openssh-8.7p1]# make [root@dm8 openssh-8.7p1]# make install [root@dm8 openssh-8.7p1]# echo $? [root@dm8 openssh-8.7p1]# ssh -V OpenSSH_8.7p1, OpenSSL 1.1.1k 25 Mar 2021 [root@dm8 openssh-8.7p1]# vi /etc/ssh/sshd_config 添加或修改: PermitRootLogin yes PasswordAuthentication yes UseDNS no [root@dm8 openssh-8.7p1]# cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd [root@dm8 openssh-8.7p1]# cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam [root@dm8 openssh-8.7p1]# systemctl stop sshd.service [root@dm8 openssh-8.7p1]# mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak [root@dm8 openssh-8.7p1]# systemctl daemon-reload [root@dm8 openssh-8.7p1]# /etc/init.d/sshd start [root@dm8 openssh-8.7p1]# cp /run/systemd/generator.late/sshd.service /usr/lib/systemd/system/sshd.service [root@dm8 openssh-8.7p1]# systemctl daemon-reload [root@dm8 openssh-8.7p1]# systemctl restart sshd [root@dm8 openssh-8.7p1]# systemctl status sshd [root@dm8 openssh-8.7p1]# systemctl enable sshd
注意:cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd這條指令運行后同時會產生/etc/rc.d/init.d/sshd文件,實際這個是同一個文件。
若正常升級,則停止telnet服務並移除。
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd
systemctl disable telnet.socket
參考鏈接:
https://www.cnblogs.com/wangyang0210/p/12552040.html
https://blog.csdn.net/f4112cd/article/details/111151709