當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

linx6.7 update openssh to 7.7p1

發(fā)布時間：2023/10/11 编程问答 62 如意码农

生活随笔收集整理的這篇文章主要介紹了 linx6.7 update openssh to 7.7p1 小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

升級之前需要注意幾點：

1 必須要有自己的鏡像，必須自己做好本地yum源（可以連接外網(wǎng)，能夠有網(wǎng)絡(luò)yum源也可以）

2 配置好基本的升級環(huán)境。在升級openssh時需要依賴openssl和zlib。一般系統(tǒng)自帶的版本都比較低，而要升級到較高版本的openssh,就對依賴軟件的版本有要求

一般試用源碼編譯的方式進行升級。需要編譯則必須要有編譯環(huán)境

3 依次按順序升級zlib,openssl和openssh

4 在安裝zlib之前，需要試用telnet連接到服務(wù)器，并且需要驗證ftp是否可以正常上傳文件（使用的匿名方式）。這兩種途徑是解決openssh升級失敗的唯一方法。

5 待所有軟件升級完畢之后，需要在telnet連接的服務(wù)端哪里啟動sshd服務(wù)，注意不要直接試用restart。需要先試用start,然后在次試用restart。否則服務(wù)器會斷開。

6 環(huán)境及依賴版本：openssh-7.7p1.tar.gz openssl-1.0.2o.tar.gz zlib-1.2.11.tar.gz

對應軟件下載地址：

zlib下載地址：鏈接：https://pan.baidu.com/s/1Ez10B_16pOytBZMQ9JueKQ 提取碼：yr98

openssl下載地址：鏈接：https://pan.baidu.com/s/1oJKL77ZB1n6kzQQYMDOsaQ 提取碼：9x0a

openssh下載地址：鏈接：https://pan.baidu.com/s/1Lr4Ww_2NDBLwaQAvSB-7jw 提取碼：fpg5

7 下面是不成熟的腳本，沒有邏輯判斷，假設(shè)的是所有的命令執(zhí)行成功的情況下進行的，如果要試用下面的腳本，需要謹慎試用。

#!/bin/bash

#Describle:update openssh to 7.7p1 on linux6.7

#Tue Oct  9 17:15:19 CST 2018

#Mail:Michael92@126.com

#Before updating openssh,you need to be ready for some environments.

#In order to avoid downloading too many rpm packages,the best way is downloading the right iso images and make a local yum repository.

#After that,you can use the yum install some local servers,such as perl,vsftpd,telnet,telnet-server,pam-devel,gcc,gcc-c++.

#Then,you have to update the zlib to 1.2.11 and update openssl to 1.0.2o(This is the lowest version that openssh7.7p1 have dependence)

#The last but not the least,update openssh to 7.7p1 and clean up your environment.

#1 Now,the next is building a local repository

mkdir /iso

#$1 is the directory of your iso images

mount -o loop $1 /iso

cat >>/etc/yum.repos.d/local.repo<<EOF

[localrepo]

name = localrepo

baseurl = file:///iso

enabled = 1

gpgcheck = 0

EOF

yum clean all

yum repolist

# 2 Try to use yum install some basical environment

yum -y install perl vsftpd telnet telnet-server pam-devel gcc gcc-c++

#Check whether install successfully

gcc -v

perl -v

# 3 install telnet and vsftpd. telnet is the last way to link you server and vsftp is the last way to transfer files

echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf

echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd.conf

echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd.conf

echo "anonymous_enable=YES" >> /etc/vsftpd/vsftpd.conf

echo "anon_umask=022" >> /etc/vsftpd/vsftpd.conf

echo "no_anon_password=YES" >> /etc/vsftpd/vsftpd.conf

chown ftp /var/ftp -R

/etc/init.d/vsftpd restart

echo "You have 60 seconds to check whether you can use telnet"

for ((i=30;i>0;i--));do

        echo -e "\033[31m$i\033[0m"

        sleep 1

done

# Modify telnet configure file and check it

sed -i 's/yes/no/g' /etc/xinetd.d/telnet

mv /etc/securetty /etc/securetty.old

chkconfig xinetd on

echo "You have 30 seconds to check whether you can use telnet"

for ((i=30;i>0;i--));do

        echo -e "\033[31m$i\033[0m"

        sleep 1

done

#4 Update zlib to use resource way

tar -zxvf ./zlib-1.2.11.tar.gz || exit 6

cd zlib-1.2.11

./configure --prefix=/usr

make || exit 6

rpm -e --nodeps zlib

make install

echo '/usr/lib' >> /etc/ld.so.conf

ldconfig

cd ..

ZlibDirectory=`find /usr/ -name zlib.pc`

cat $ZlibDirectory

#5 Update openssl
tar -zxvf ./openssl-1.0.2o.tar.gz || exit 7
mv  /usr/lib64/openssl /usr/lib64/openssl.old

mv  /usr/bin/openssl  /usr/bin/openssl.old

mv  /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old

cp  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old

cp  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old

rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}

cd openssl-1.0.2o

./config --prefix=/usr --openssldir=/etc/ssl --shared zlib   #必須加上--shared，否則編譯時會找不到新安裝的openssl的庫而報錯

make

make test       #必須執(zhí)行這一步結(jié)果為pass才能繼續(xù)，否則即使安裝完成，ssh也無法使用

make install

openssl version -a

cd ..

sleep 10

mv  /usr/lib64/libcrypto.so.10.old  /usr/lib64/libcrypto.so.10

mv  /usr/lib64/libssl.so.10.old  /usr/lib64/libssl.so.10

#6 Update openssh
tar -zxvf ./openssh-7.7p1.tar.gz || exit 8
mv /etc/ssh /etc/ssh.old

rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

install  -v -m700 -d /var/lib/sshd

chown  -v root:sys /var/lib/sshd

groupadd -g 50 sshd

useradd  -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

cd openssh-7.7p1

./configure --prefix=/usr  --sysconfdir=/etc/ssh  --with-pam --with-md5-passwords  --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd --with-tcp-wrappers

make

make install

install -v -m755    contrib/ssh-copy-id /usr/bin

install -v -m644    contrib/ssh-copy-id.1 /usr/share/man/man1

install -v -m755 -d /usr/share/doc/openssh-7.7p1

install -v -m644    INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.7p1

ssh -V

for ((i=10;i>0;i--));do

    echo -e "\033[31m$i\033[0m"

    sleep 1

done

echo 'X11Forwarding yes' >> /etc/ssh/sshd_config

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config   #允許root用戶通過ssh登錄

cp -p contrib/redhat/sshd.init /etc/init.d/sshd

chmod +x /etc/init.d/sshd

chkconfig  --add  sshd

chkconfig  sshd  on

# The last you have to use telnet to link the server and reboot the sshd

/etc/init.d/sshd start

/etc/init.d/sshd restart

tar -zxvf ./openssl-1.0.2o.tar.gz

總結(jié)

以上是生活随笔為你收集整理的linx6.7 update openssh to 7.7p1的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。