linux升級最新的ssl版本,CentOS7升級OpenSSL版本(1.1.1)
1.CentOS7.6默認安裝的openssl版本為
# 查看openssl版本
2.下載最新的openssl
網址:https://www.openssl.org/source/*
Wget https://www.openssl.org/source/openssl-1.1.1*.tar.gz
*代表小的版本號碼,當前為m
3.解壓並編譯安裝
tar -zxvf openssl-1.1.1c.tar.gz
cd openssl-1.1.1c
./config --prefix=/usr/local/openssl #如果此步驟報錯,需要安裝perl以及gcc包
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v # 設置生效
——————————————————————————————————————————————————————————————————————————————————
centos7 升級openssh8.8p1
因安全問題,需要把openssh升級到最新版。操作如下
yum install pam-devel libselinux-devel zlib-devel openssl-devel -y
wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
tar zxvf openssh-8.8p1.tar.gz
需要注意ssl文件路徑是否對,我服務器對應的是openssl,所以一直失敗
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
或者
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --mandir=/usr/share/man --without-hardening
make
make install
vi /etc/init.d/sshd
# 按下圖修改,需要注意,此路徑是你安裝新版本openssh的路徑,根據你的實際情況修改:
SSHD=/usr/local/openssh/sbin/sshd
sed -i 's#/usr/sbin/sshd#/usr/local/openssh/sbin/sshd#' /etc/init.d/sshd
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
#cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#chmod u+x /etc/init.d/sshd
rpm -aq | grep openssh
rpm -e 寫在舊版的openssh
配置sshd開機啟動
[root@localhost openssh-8.6p1]# chkconfig --add sshd
[root@localhost openssh-8.6p1]# chkconfig --level 2345 sshd on
[root@localhost openssh-8.6p1]# chkconfig --list
修改sshd配置文件/etc/ssh/sshd_config
[root@localhost openssh-8.6p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #直接用root登錄終端
[root@localhost openssh-8.6p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config #設置是否允許X11轉發
[root@localhost openssh-8.6p1]# echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config #是否允許密碼驗證
Subsystem sftp /usr/libexec/sftp-server
替換相關命令,並重啟sshd服務
[root@localhost openssh-8.6p1]# cp -arp /usr/local/openssh/bin/* /usr/bin/ #替換相關命令
[root@localhost openssh-8.6p1]# service sshd restart #重啟sshd服務
cp -arp /usr/local/openssh/bin/* /usr/bin/
重啟ssh
service sshd restart
查看版本號
ssh -V
報錯解決:
1、Jan 19 08:09:47 Centos7 sshd: /etc/ssh/sshd_config line 79: Unsupported option GSSAPIAuthentication
Jan 19 08:09:47 Centos7 sshd: /etc/ssh/sshd_config line 80: Unsupported option GSSAPICleanupCredentials
解決:注釋掉響應行
2、啟動SSH服務時若出現“Permissions ****。 for '/etc/ssh/ssh_host_rsa_key' are too open”問題
解決辦法正確設置文件的訪問權限,如 chmod 600 /etc/ssh/ssh_host_rsa_key
補充:
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --mandir=/usr/share/man --without-hardening
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps;done
sed -i 's#/usr/sbin/sshd#/usr/local/openssh/sbin/sshd#' /etc/init.d/sshd
cp -arp /usr/local/openssh/bin/* /usr/bin/
sshd文件增加
PermitRootLogin yes
X11Forwarding yes
PasswordAuthentication yes
Ciphers aes256-ctr
MACs hmac-sha2-512,hmac-sha2-256
HostKeyAlgorithms +ssh-rsa