手动升级openssh至7.5
[ 回目录 ]软件准备:
从官网下载openssh openssl zlib pam软件
下载链接如下:
http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/
https://www.openssl.org/source/
https://www.zlib.net/
http://linux-pam.org/library/Linux-PAM-1.3.0.tar.bz2
[ 回目录 ]升级步骤:
1. 上传准备好的四个源码包到TD服务器/opt目录
tdsysapp:/opt # ll *tar.*
-rw------- 1 root root 1302820 May 26 18:07Linux-PAM-1.3.0.tar.bz2
-rw------- 1 root root 1510857 May 26 16:28 openssh-7.5p1.tar.gz
-rw------- 1 root root 5365054 May 26 17:25 openssl-1.0.2l.tar.gz
-rw------- 1 root root 607698 May 26 17:57zlib-1.2.11.tar.gz
2. 分别解压软件,并修改解压后文件夹及子文件夹和文件的用户属组
# cd /opt
# tar xf openssh-7.5p1.tar.gz
# tar xf openssl-1.0.2l.tar.gz
# tar xf zlib-1.2.11.tar.gz
# tar xf Linux-PAM-1.3.0.tar.bz2
# chown root:root -R zlib-1.2.11/
# chown root:root -R openssl-1.0.2l/
# chown root:root -R openssh-7.5p1/
# chown root:root -R Linux-PAM-1.3.0/
3. 编译安装zlib
# cd /opt/zlib-1.2.11/
# ./configure
# make && make install
4. 编译安装openssl
# cd /opt/openssl-1.0.2l/
# ./config --prefix=/usr--shared
# make
# make test
# make install
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# ldconfig
5. 编译安装PAM
# cd Linux-PAM-1.3.0/
# ./configure
# make && make install
6. 编译安装openssh
# cd /opt/openssh-7.5p1/
# ./configure --prefix=/usr --sysconfdir=/etc/ssh--with-md5-passwords --with-pam --with-tcp-wrappers--with-ssl-dir=/usr/local/ssl --without-hardening
# service sshd stop
# mv /etc/ssh /opt/ssh_bak/
# make && make install
# cp /etc/init.d/sshd /etc/init.d/sshd_old
# cp /etc/pam.d/sshd /etc/pam.d/sshd_old
# cp ./contrib/suse/rc.sshd /etc/init.d/sshd
修改/etc/ssh/sshd_config中 UsePAMyes
修改/etc/ssh/sshd_config中PermitRootLoginyes(如果一线操作系统禁用root直接登录,该步骤可以忽略)
# chmod +x /etc/init.d/sshd
# chkconfig --add sshd
# chkconfig sshd on
# ssh -V
如果回显为“OpenSSH_7.5p1,OpenSSL 1.0.2l 25 May 2017”表示升级成功
# ssh-keygen
#service sshd start