opensuse11sp3编译升级openssh

目录

1、安装包准备。

2、安装rpm包

3、备份openssl并编译升级zlib-1.2.11、openssl-fips以及openssl1.0.2p

4、编译安装openssh

---

1、安装包准备。

• 准备如下rpm包并上传至/home/admin/rpm/

hn-udbdb1:~ # cd /home/admin/rpm/
hn-udbdb1:/home/admin/rpm # ll
total 516
-rw-r--r-- 1 admin wheel 283101 Oct 29 14:04 libopenssl-devel-1.0.2j-25.1.x86_64.rpm
-rw-r--r-- 1 admin wheel  79617 Oct 29 14:05 pam-devel-1.3.0-10.1.x86_64.rpm
-rw-r--r-- 1 admin wheel  33597 Feb 21  2009 telnet-server-1.2-134.22.x86_64.rpm
-rw-r--r-- 1 admin wheel 109310 Oct 29 14:05 zlib-devel-1.2.8-14.3.1.x86_64.rpm

• 准备如下编译安装包，并上传至/usr/local/src

/usr/local/src
hn-udbdb1:/usr/local/src # ll
total 8832
-rw-r--r--  1 admin wheel 1565384 Oct 29 13:58 openssh-7.9p1.tar.gz
-rw-r--r--  1 admin wheel 5338192 Oct 29 13:59 openssl-1.0.2p.tar.gz
-rw-r--r--  1 admin wheel 1492654 Oct 29 13:59 openssl-fips-2.0.16.tar.gz
-rw-r--r--  1 admin wheel  607698 Oct 29 14:02 zlib-1.2.11.tar.gz

2.、安装rpm包，编译安装zlib-devel

• 关闭超时断开连接。
  sed -i 's/TMOUT=300/#TMOUT=300/g' /etc/profile && source /etc/profile
• rpm安装相关程序：

#  cd /home/admin/rpm/
#  rpm -ivh libopenssl-devel-1.0.2j-25.1.x86_64.rpm --nodeps 
# rpm -ivh pam-devel-1.3.0-10.1.x86_64.rpm --nodeps
# rpm -ivh zlib-devel-1.2.8-14.3.1.x86_64.rpm  --nodeps

3、备份openssl并编译升级openssl-fips以及openssl1.0.2p

3.1、查看系统自带的openssl的版本

 #  rpm -q openssl 
openssl-0.9.8h-30.27.11

3.2、查看openssl版本

#openssl version -a
OpenSSL 1.0.2h  3 May 2016
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/openssl/ssl"

3.3查看openssl的安装文件以及路径，并备份。

/home/admin/rpm # which openssl
/usr/bin/openssl
/home/admin/rpm # whereis openssl
openssl: /usr/bin/openssl /usr/bin/X11/openssl /usr/include/openssl /usr/local/openssl /usr/share/man/man1/openssl.1ssl.gz
/home/admin/rpm # mkdir /home/ssl_bak
/home/admin/rpm # mv /usr/bin/openssl /home/ssl_bak/ && mv /etc/ssl /home/ssl_bak/etc_ssl && mv /usr/include/openssl /home/ssl_bak/include_openssl

usr/bin/X11/openssl是/usr/bin/openssl的软链接

3.4安装 zlib-1.2.11

#cd /usr/local/src/ && tar -zxf zlib-1.2.11.tar.gz && cd zlib-1.2.11 && ./configure  && make && make install  && zypper search zlib-devel
S | Name       | Summary                                                | Type   
--+------------+--------------------------------------------------------+--------
i | zlib-devel | Development files for zlib, a data compression library | package

3.5编译升级openssl-fips-2.0.16以及openssl-1.0.2p

• 3.5.1编译升级openssl-fips-2.0.16

#cd .. && tar -zxf openssl-fips-2.0.16.tar.gz  && cd openssl-fips-2.0.16
#./config --prefix=/usr/local/openssl --openssldir=/etc/ssl shared
#make
#make install 

--prefix指定openssl的安装目录，记得加上shared参数，生成动态链接库

• 检查安装后的目录

/usr/local/src/openssl-fips-2.0.16 # ll /usr/local/openssl/{bin,include,lib}
/usr/local/openssl/bin:
total 712
-rwxr-xr-x 1 root root   5116 Jul 13  2017 c_rehash
-rwxr-xr-x 1 root root  37895 Oct 31 18:07 fips_standalone_sha1
-rwxr-xr-x 1 root root   6660 Oct 31 18:07 fipsld
-rwxr-xr-x 1 root root 664760 Jul 13  2017 openssl

/usr/local/openssl/include:
total 4
drwxr-xr-x 2 root root 4096 Oct 31 18:07 openssl

/usr/local/openssl/lib:
total 8824
drwxr-xr-x 2 root root    4096 Jul 13  2017 engines
-r--r--r-- 1 root root    5903 Apr 24  2017 fips_premain.c
-r--r--r-- 1 root root      68 Apr 24  2017 fips_premain.c.sha1
-r--r--r-- 1 root root  665588 Oct 31 18:07 fipscanister.o
-r--r--r-- 1 root root      68 Oct 31 18:07 fipscanister.o.sha1
-rwxr-xr-x 1 root root 4421922 Jul 13  2017 libcrypto.a
lrwxrwxrwx 1 root root      18 Jul 13  2017 libcrypto.so -> libcrypto.so.1.0.0
-rwxr-xr-x 1 root root 2588669 Jul 13  2017 libcrypto.so.1.0.0
-rwxr-xr-x 1 root root  780264 Jul 13  2017 libssl.a
lrwxrwxrwx 1 root root      15 Jul 13  2017 libssl.so -> libssl.so.1.0.0
-rwxr-xr-x 1 root root  517543 Jul 13  2017 libssl.so.1.0.0
drwxr-xr-x 2 root root    4096 Jul 13  2017 pkgconfig
/usr/local/src/openssl-fips-2.0.16 # 

• 3.5.2编译升级openssl-1.0.2p

#cd .. && tar -zxf openssl-1.0.2p.tar.gz && cd openssl-1.0.2p
#./config --prefix=/usr/local/openssl --openssldir=/etc/ssl shared
#make
#make install

• 检查安装后的目录，并配置升级后的openssl的相关目录（链接openssl的程序）

/usr/local/src/openssl-1.0.2p # ll /usr/local/openssl/{bin,include,lib}
/usr/local/openssl/bin:
total 716
-rwxr-xr-x 1 root root   5102 Oct 31 18:16 c_rehash
-rwxr-xr-x 1 root root  37895 Oct 31 18:07 fips_standalone_sha1
-rwxr-xr-x 1 root root   6660 Oct 31 18:07 fipsld
-rwxr-xr-x 1 root root 669279 Oct 31 18:16 openssl

/usr/local/openssl/include:
total 4
drwxr-xr-x 2 root root 4096 Oct 31 18:07 openssl

/usr/local/openssl/lib:
total 8860
drwxr-xr-x 2 root root    4096 Oct 31 18:16 engines
-r--r--r-- 1 root root    5903 Apr 24  2017 fips_premain.c
-r--r--r-- 1 root root      68 Apr 24  2017 fips_premain.c.sha1
-r--r--r-- 1 root root  665588 Oct 31 18:07 fipscanister.o
-r--r--r-- 1 root root      68 Oct 31 18:07 fipscanister.o.sha1
-rw-r--r-- 1 root root 4438552 Oct 31 18:16 libcrypto.a
lrwxrwxrwx 1 root root      18 Oct 31 18:16 libcrypto.so -> libcrypto.so.1.0.0
-r-xr-xr-x 1 root root 2597875 Oct 31 18:16 libcrypto.so.1.0.0
-rw-r--r-- 1 root root  785224 Oct 31 18:16 libssl.a
lrwxrwxrwx 1 root root      15 Oct 31 18:16 libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root  521668 Oct 31 18:16 libssl.so.1.0.0
drwxr-xr-x 2 root root    4096 Jul 13  2017 pkgconfig

/usr/local/src/openssl-1.0.2p # ll /etc/ssl
total 28
drwxr-x--- 2 root root  4096 Oct 31 18:16 certs
drwxr-x--- 6 root root  4096 Oct 31 18:15 man
drwxr-x--- 2 root root  4096 Oct 31 18:16 misc
-rw-r--r-- 1 root root 10835 Oct 31 18:16 openssl.cnf
drwxr-x--- 2 root root  4096 Oct 31 18:16 private
/usr/local/src/openssl-1.0.2p # 

• 软链接

#ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/openssl/include/openssl /usr/include/openssl

为了让openssh编译找到最新安装的openssl，需要进行编辑，并让其生效

vi /etc/ld.so.conf,并添加/usr/local/openssl/lib/
ldconfig

• 查看openssl升级的版本

/usr/local/src/openssl-1.0.2p # /usr/bin/openssl version -a
OpenSSL 1.0.2p  14 Aug 2018
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/ssl"

4、编译安装openssh

• 停止sshd服务，并卸载sshd

#service sshd stop && zypper rm -y openssh && rpm -qa | grep openssh

• 升级openssh

#tar -zxf openssh-7.9p1.tar.gz && cd openssh-7.9p1
 #./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl-1.0.2p --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/src/zlib-1.2.11 --without-openssl-header-check
#make
#make install 

• 查看升级后的版本，并拷贝启动脚本至/etc/init.d/sshd,并设置自开机启动

/usr/local/src/openssh-7.9p1 # ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2p  14 Aug 2018
#cd contrib/ && cp suse/rc.sshd /etc/init.d/sshd &&   chmod 755 /etc/init.d/sshd
 #chkconfig --add sshd &&chkconfig sshd on

• 修改sshd配置文件,并重启：

 #sed -i 's/#Port 22/Port 56000/g'  /etc/ssh/sshd_config
#sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g'  #/etc/ssh/sshd_config
#service sshd restart

port 22修改默认端口
#PasswordAuthentication yes远程密码认证登陆