RHEL5.8升级openssh版本

经过同事验证,RHEL5.8自带的openssh版本是4.3, 能升级到的较高版本为7.6.  本文基于内网,如政府网络条件进行的升级.能访问互联网进行yum的就不需要自行创建源等操作了.

创建源

1、创建文件夹

mkdir -p /media/RHEL5

 

2、挂载ISO镜像

 mount -t iso9660 -o loop /App/Software/RHEL5.10.iso /media/RHEL5

 

建议把ISO文件内容拷贝到本地。

 

3、创建文件：/etc/yum.repos.d/RHEL5.repo

[rhel5]

name=rhel5

baseurl=file:///media/RHEL_5.10%20x86_64%20DVD/

enabled=1

gpgcheck=0

 

 

4、清除yum缓存

yum clean all

 

yum makecache

 

开启telnet

本步骤用于预防ssh安装失败导致系统无法ssh访问时,还能用telnet进入系统进行恢复.

主要参考 https://blog.csdn.net/yygg329405/article/details/80387759

 

yum install telnet-server

 

vi /etc/xinetd.d/telnet

把 disable = no改成 disable = yes

 

 

chkconfig telnet on

加入开机启动

chkconfig --add telnet

调整telnet登陆限制

vi /etc/securetty

添加

 

pts/1

pts/2

pts/3

pts/4

pts/5

 

 

激活telnet服务

/etc/init.d/xinetd restart

 

telnet成功.

 

 

安装依赖包

Rpm形式安装

rpm -ivh libstdc++-devel-4.1.2-52.el5.x86_64.rpm

rpm -ivh kernel-headers-2.6.18-308.el5.x86_64.rpm

rpm -ivh glibc-headers-2.5-81.x86_64.rpm

rpm -ivh glibc-devel-2.5-81.x86_64.rpm

rpm -ivh e2fsprogs-devel-1.39-33.el5.x86_64.rpm

rpm -ivh keyutils-libs-devel-1.2-1.el5.x86_64.rpm

rpm -ivh libsepol-devel-1.15.2-3.el5.x86_64.rpm

rpm -ivh libselinux-devel-1.33.4-5.7.el5.x86_64.rpm

rpm -ivh krb5-devel-1.6.1-70.el5.x86_64.rpm

rpm -ivh zlib-devel-1.2.3-4.el5.x86_64.rpm

rpm -ivh openssl-devel-0.9.8e-22.el5.x86_64.rpm

rpm -ivh pam-devel-0.99.6.2-6.el5_5.2.x86_64.rpm

 

 

 

yum 形式安装

 

yum install libstdc++-devel

yum install kernel-headers

yum install glibc-headers

yum install glibc-devel

yum install e2fsprogs-devel

yum install keyutils-libs-devel

yum install libsepol-devel

yum install libselinux-devel

yum install krb5-devel

yum install zlib-devel

yum install openssl-devel

yum install pam-devel

yum install gcc*

安装及配置openssl

安装

(http://blog.csdn.net/maryzhao1985/article/details/8874483、https://wenku.baidu.com/view/3763581a1711cc7931b716dd.html)

说明：貌似RHEL5.8版本最高只能安装“openssl-1.0.2m”这个版本的openssl，安装“openssl-1.1.0g”这个高版本的需要perl的版本是5.10及以上。

 

./config --prefix=/opt/openssl --shared

make

make test

make install

 

配置

cd /usr/bin/

 

mv openssl openssl.old.backup.20171128

ln –s /opt/openssl/bin/openssl openssl

ln -s /opt/openssl/bin/openssl openssl

验证：

执行：openssl version

 

表示已经安装完成。

安装zlib

./configure --prefix=/opt/zlib

make

make install

echo "/opt/openssl/lib/" >> /etc/ld.so.conf

ldconfig

安装及配置openssh

安装

Cd /usr/local/software/ssh/openssh-7.6p1

 

./configure --prefix=/opt/openssh  --without-openssl-header-check --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/opt/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/opt/zlib

make clean

make

make test

make install

配置

service sshd stop

cd /usr/bin/

mv ssh ssh.old.backup.20171128

ln -s /opt/openssh/bin/ssh ssh

mv ssh-keygen ssh-keygen.old.backup.20171128

ln -s /opt/openssh/bin/ssh-keygen ssh-keygen

cd /usr/sbin/

mv sshd sshd.old.backup.20171128

ln -s /opt/openssh/sbin/sshd sshd

cp /etc/ssh/ssh_config            /etc/ssh/ssh_config.20171128          

cp /etc/ssh/sshd_config           /etc/ssh/sshd_config.20171128      

cp /etc/ssh/moduli                /etc/ssh/moduli.20171128              

cp /etc/ssh/ssh_host_key          /etc/ssh/ssh_host_key.20171128        

cp /etc/ssh/ssh_host_dsa_key      /etc/ssh/ssh_host_dsa_key.20171128    

cp /etc/ssh/ssh_host_rsa_key      /etc/ssh/ssh_host_rsa_key.20171128    

cp /etc/ssh/ssh_host_ed25519_key  /etc/ssh/ssh_host_ed25519_key.20171128

vi /etc/ssh/sshd_config

PermitRootLogin yes

service sshd restart

清除多余配置

  恢复telnet的配置.

关闭telnet服务,