通过rpm方式手动升级linux的ssh版本

前沿:

此处以centos6.5为例进行升级
使用ssh -V查看当前版本,默认centos6.5的ssh版本为5.3
在附件中下载rpm包

rpm安装:

  1. 安装telnet并开启(防止ssh升级失败后无法连接服务器,可通过telnet方式连接服务器默认端口是23)
rpm -ivh xinetd-2.3.14-39.el6_4.x86_64.rpm
rpm -ivh telnet-server-0.17-47.el6_3.1.x86_64.rpm
service iptables stop
chkconfig iptables off

将其中disable字段的yes改为no以启用telnet服务

sed -i 's/\(.*\)disable\(.*\)/\ \ \ \ \ \ \ \ disable\ \ \ \ \ \ \ \ \ =\ no/g' /etc/xinetd.d/telnet 

允许root用户通过telnet登录

mv /etc/securetty /etc/securetty.old
service xinetd start
chkconfig xinetd on

检查环境

openssl version
  1. gcc-c++安装步骤(顺序不能颠倒,否则会报错)
rpm -ivh ppl-0.10.2-11.el6.x86_64.rpm 
rpm -ivh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm 
rpm -ivh mpfr-2.4.1-6.el6.x86_64.rpm 
rpm -ivh cpp-4.4.7-17.el6.x86_64.rpm
rpm -Uvh kernel-headers-2.6.32-642.el6.x86_64.rpm
rpm -Uvh tzdata-2016c-1.el6.noarch.rpm
rpm -Uvh glibc-devel-2.12-1.192.el6.x86_64.rpm glibc-2.12-1.192.el6.x86_64.rpm glibc-2.12-1.192.el6.i686.rpm glibc-headers-2.12-1.192.el6.x86_64.rpm glibc-common-2.12-1.192.el6.x86_64.rpm
rpm -Uvh libgcc-4.4.7-17.el6.x86_64.rpm
rpm -Uvh libgomp-4.4.7-17.el6.x86_64.rpm
rpm -ivh gcc-4.4.7-17.el6.x86_64.rpm
rpm -Uvh libstdc++-4.4.7-17.el6.x86_64.rpm
rpm -ivh libstdc++-devel-4.4.7-17.el6.x86_64.rpm
rpm -ivh gcc-c++-4.4.7-17.el6.x86_64.rpm
  1. zlib安装步骤
rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm
  1. OpenSSL安装步骤(顺序不能颠倒,否则会报错)
rpm -Uvh keyutils-1.4-5.el6.x86_64.rpm keyutils-libs-1.4-5.el6.x86_64.rpm keyutils-libs-devel-1.4-5.el6.x86_64.rpm
rpm -Uvh krb5-libs-1.10.3-57.el6.x86_64.rpm krb5-workstation-1.10.3-57.el6.x86_64.rpm
rpm -Uvh libselinux-2.0.94-7.el6.x86_64.rpm libselinux-utils-2.0.94-7.el6.x86_64.rpm libselinux-python-2.0.94-7.el6.x86_64.rpm
rpm -ivh libsepol-devel-2.0.41-4.el6.x86_64.rpm
rpm -ivh libselinux-devel-2.0.94-7.el6.x86_64.rpm
rpm -Uvh e2fsprogs-libs-1.41.12-22.el6.x86_64.rpm e2fsprogs-1.41.12-22.el6.x86_64.rpm libss-1.41.12-22.el6.x86_64.rpm libcom_err-1.41.12-22.el6.x86_64.rpm
rpm -ivh krb5-devel-1.10.3-57.el6.x86_64.rpm libcom_err-devel-1.41.12-22.el6.x86_64.rpm
rpm -Uvh openssl-devel-1.0.1e-48.el6.x86_64.rpm openssl-1.0.1e-48.el6.x86_64.rpm
  1. pam安装步骤
rpm -Uvh pam-devel-1.1.1-22.el6.x86_64.rpm pam-1.1.1-22.el6.x86_64.rpm
  1. OpenSSL源码安装(暂时不升级)
tar zxf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config --prefix=/usr/local/openssl --shared
make depend
make
make test
make install

备份当前openssl

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

配置使用新版本

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl

更新动态链接库数据

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

重新加载动态链接库

ldconfig -v

重新查看版本号

openssl version
  1. 源码安装OpenSSH
rpm -qa | grep openssh

删除低版本的openssh

rpm -e `rpm -qa | grep openssh` --nodeps
cd /usr/local/src/
tar zxvf openssh-7.9p1.tar.gz
cd openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make
make install

手动修改PermitRootLogin no 修改为 PermitRootLogin yes 允许root远程登陆

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin\ yes/g' /etc/ssh/sshd_config

禁止空密码

sed -i 's/#PermitEmptyPasswords\(.*\)/PermitEmptyPasswords\ no/g' /etc/ssh/sshd_config

重点:禁止selinux 否则重启后会登录失败

sed -i 's/^SELINUX\(.*\)/SELINUX=disabled/g' /etc/selinux/config
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
service sshd start
service sshd restart
chkconfig --list sshd
ssh -V

关闭telnet
禁止root用户通过telnet登录

mv /etc/securetty.old /etc/securetty
service xinetd stop
chkconfig xinetd off
service iptables start
chkconfig iptables on

将之前的disable字段的no改为yes

vi /etc/xinetd.d/telnet

随后再将修改iptables将23端口关闭,并重启iptables服务
至此,可以再开ssh登录,用ssh -V查看版本号

你可能感兴趣的:(通过rpm方式手动升级linux的ssh版本)