#!/bin/sh


CHECK_RUN()

{

if [ "$?" = "0" ]; then

  echo "=============== Run [$1] succeed! ==============="

  sleep 3

else

  echo "Error, abort!"

  exit 2

fi 

}


./telnet_restart.sh  start

./telnet_restart.sh  status

sleep 3

echo " "

echo  " "



USER=`whoami`

if [ $USER != root ]; then

  echo "Must be root to run this script, please login as root and re-try"

  exit

fi

# see if configuration is already being applied

if [ -f "/etc/updatessh_6.7.conf" ]; then

  sshd -v

  echo

  echo "*******************************************************"

  echo -n "Update openssh has already been applied, do you want to update(Y/N)?"

  read RET_SURE

  if [ "$RET_SURE" != "Y" ] && [ "$RET_SURE" != "y" ]; then

echo "Abort upate!"

exit;

  fi 

else

  echo "Starting to update openssh..."

fi

 

if [ "$1" != "OK" ]; then

echo "parameter error, abort!"

exit 1

fi



cat /etc/issue | grep -i 'centos release 6.4' > /dev/null

if [ $? = "0" ]; then

PAM_RPM="./pam-devel-1.1.1-13.el6.x86_64.rpm"

fi 



WORK_DIR=`pwd`


if [ ! -f $PAM_RPM ]; then

echo "No find pam-devel package, abort!"

exit 1

fi


rpm -ivh $PAM_RPM


cat /etc/issue | grep -i 'centos release 6' > /dev/null

if [ $? = "0" ]; then

  rpm -qa | grep pam-devel > /dev/null

  if [ $? != "0" ]; then

     echo "Warning: NO install pam-devel RPM package, abort!"

     exit 1

  fi

fi 


umask 0022


tar xvzf zlib-1.2.8.tar.gz

cd zlib-1.2.8

./configure --prefix=/usr/local/zlib

CHECK_RUN "configure_zlib"

make

CHECK_RUN "make_zlib"

make install

CHECK_RUN "install_zlib"


cd $WORK_DIR

tar xvzf openssl-1.0.1j.tar.gz

cd openssl-1.0.1j

./config shared zlib  --prefix=/usr/local/openssl

CHECK_RUN "configure_openssl"

make

CHECK_RUN "make_openssl"

make install

CHECK_RUN "install_openssl"


mv /usr/bin/openssl /usr/bin/openssl.old

mv /usr/include/openssl /usr/include/openssl.old

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/openssl/include/openssl /usr/include/openssl

ln -sf /usr/local/openssl/lib/libcrypto.so.1.0.0 /lib/libcrypto.so.6

echo "/usr/local/openssl/lib" >>/etc/ld.so.conf 

ldconfig -v

CHECK_RUN "ldconfig"


cd $WORK_DIR

tar xvzf openssh-6.7p1.tar.gz 

cd openssh-6.7p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl/ --with-md5-passwords

CHECK_RUN "configure_openssh"

make 

CHECK_RUN "make_openssh"

make install 

CHECK_RUN "install_openssh"


# modify configuration

sed -i -e "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"  /etc/ssh/sshd_config

sed -i -e "s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g"  /etc/ssh/sshd_config

sed -i -e "s/##GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g"  /etc/ssh/sshd_config


sed -i -e "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g"  /etc/ssh/ssh_config


echo

ssh -V


date >> /etc/updatessh.conf


if [ "$2" = "restart" ]; then

/sbin/service sshd restart

fi


sshd -vesion


echo ""

echo "**********************************************"

echo "**********************************************"

echo "              All succeed!"

echo "**********************************************"

echo "**********************************************"