linux系统openssh升级
说明
整个过程不需要卸载原先的openssl包和openssh的rpm包。本文的环境都是系统自带的openssh,没有经历过手动编译安装方式。如果之前有手动编译安装过openssh,请参照本文自行测试是否能成功。
如果严格参照本文操作,保证你升级没问题
一、安装依赖包
[root@localhost ~]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
二、下载openssh对应得安装包并上传
openssh-8.0p1.tar.gz此包需要在csdn上面下载
openssl-1.0.2.tar.gz可以在我给得地址进行下载
https://ftp.openssl.org/source/
下载完成之后将这两个包上传到虚拟机喜欢的位置当中。
[root@localhost local]# ls
openssh-8.0p1.tar.gz openssl-1.0.2.tar.gz
[root@localhost local]#
三、安装openssl
解压
[root@localhost local]# tar xf openssl-1.0.2.tar.gz
[root@localhost local]#
备份下面两个文件(存在就执行,不存在忽略)
[root@localhost openssl-1.0.2]# mv /usr/bin/openssl /usr/bin/openssl_bak
[root@localhost openssl-1.0.2]# mv /usr/include/openssl/ /usr/include/openssl_bak
[root@localhost openssl-1.0.2]#
编译安装openssl
[root@localhost local]# cd openssl-1.0.2/
[root@localhost openssl-1.0.2]# ls
ACKNOWLEDGMENTS CHANGES.SSLeay doc GitConfigure INSTALL.DJGPP INSTALL.W32 libcrypto.so libssl.so.1.0.0 Makefile.org NEWS perl rehash.time tools
apps config engines GitMake INSTALL.MacOS INSTALL.W64 libcrypto.so.1.0.0 LICENSE Makefile.shared openssl.doxy PROBLEMS shlib util
bugs Configure e_os2.h include INSTALL.NW INSTALL.WCE libssl.a MacOS makevms.com openssl.pc README ssl VMS
certs crypto e_os.h INSTALL INSTALL.OS2 libcrypto.a libssl.pc Makefile ms openssl.spec README.ASN1 test
CHANGES demos FAQ install.com INSTALL.VMS libcrypto.pc libssl.so Makefile.bak Netware os2 README.ENGINE times
[root@localhost openssl-1.0.2]# ./config shared && make && make install
编译安装完后查看是否编译成功,0代表没有问题
[root@localhost openssl-1.0.2]# echo $?
0
[root@localhost openssl-1.0.2]#
刚刚前面备份的文件做软连接,没有备份的忽略
[root@localhost openssl-1.0.2]# ln -s /usr/local/ssl/bin//openssl /usr/bin/openssl
[root@localhost openssl-1.0.2]# ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl
[root@localhost openssl-1.0.2]#
执行下面两个命令加载新配置
[root@localhost openssl-1.0.2]# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
[root@localhost openssl-1.0.2]# /sbin/ldconfig
[root@localhost openssl-1.0.2]#
查看版本,确定版本
[root@localhost openssl-1.0.2]# openssl version
OpenSSL 1.0.2 22 Jan 2015
[root@localhost openssl-1.0.2]#
四、升级安装openssh
命令方式删除原先ssh得配置
[root@localhost ~]# rm -rf /etc/ssh/*
[root@localhost ~]#
解压openssh-8.0p1.tar.gz并编译安装
[root@localhost local]# tar xf openssh-8.0p1.tar.gz
[root@localhost local]# cd openssh-8.0p1/
[root@localhost openssh-8.0p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
检查结果
[root@localhost openssh-8.0p1]# echo $?
0
[root@localhost openssh-8.0p1]#
修改配置文件并查看
[root@localhost openssh-8.0p1]# echo " PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-8.0p1]# echo " UseDNS no" >> /etc/ssh/sshd_config
[root@localhost openssh-8.0p1]# grep "PermitRootLogin" /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# the setting of "PermitRootLogin without-password".
PermitRootLogin yes
[root@localhost openssh-8.0p1]# grep "UseDNS" /etc/ssh/sshd_config
#UseDNS no
UseDNS no
[root@localhost openssh-8.0p1]#
从解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖)文章来源:https://www.toymoban.com/news/detail-634213.html
[root@localhost openssh-8.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-8.0p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@localhost openssh-8.0p1]# chmod +x /etc/init.d/sshd
检查升级成功文章来源地址https://www.toymoban.com/news/detail-634213.html
[root@localhost ssh]# chkconfig sshd on
Note: Forwarding request to 'systemctl enable sshd.service'.
[root@localhost ssh]# systemctl enable sshd
[root@localhost ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2 22 Jan 2015
[root@localhost ~]#
注意必须关闭将selinux设置成disabled
到了这里,关于linux系统openssh升级的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
