openssh7.9依赖openssl1.1.1, openssl1.1.1依赖perl5.26(不太清楚具体依赖哪个版本, 反正不是5.16), zlib升级到最新的版本(目前是2.1.11)即可
首先我们来看下本地服务器这几个软件的版本, 我的是:
$ perl -v
This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
(with 33 registered patches, see perl -V for more detail)
Copyright 1987-2012, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
目标:
perl: 5.16.3 -> 5.26.3
openssl: 1.0.2k-fips -> 1.1.1a
openssh: 7.4p1 -> 7.9p1
zlib: 1.2.7-17.el7 -> 1.2.7-18.el7
准备安装包
开始安装
3.1 zlib升级
yum install gcc pam-devel zlib-devel -y
3.2 升级perl
$ tar -zxvf ActivePerl-5.26.3.2603-x86_64-linux-glibc-2.15-a701e55e0.tar.gz
$ cd ActivePerl-5.26.3.2603-x86_64-linux-glibc-2.15-a701e55e0
$ sh install.sh
Checking package...done
Welcome to ActivePerl
ActivePerl is ActiveState's quality-assured binary build of
Perl. In order to install ActivePerl you need to agree to
the ACTIVESTATE® COMMUNITY EDITION LICENSE AGREEMENT.
Did you read the LICENSE.txt file? [no] y
Do you agree to the ACTIVESTATE® COMMUNITY EDITION LICENSE AGREEMENT? [no] y
This installer can install ActivePerl in any location of your
choice. You do not need root privileges. However, please make sure
that you have write access to this location.
Enter top level directory for install? [/opt/ActivePerl-5.26] /usr/local/perl5.26
The ActivePerl documentation is available in HTML format. If installed
it will be available from file:///usr/local/perl5.26/html/index.html.
If not installed you will still be able to read all the basic perl and
module documentation using the man or perldoc utilities.
Install HTML documentation [yes] yes
Ok.
The typical ActivePerl software installation requires 200 megabytes.
Please make sure enough free space is available before continuing.
Proceed? [yes] yes
Ok.
Installing ActivePerl...
Copying files to /usr/local/perl5.26...done
Relocating...done (287 files relocated)
Generating HTML documentation...done
Syncing perl PPM database with .packlists...done
ActivePerl has been successfully installed at /usr/local/perl5.26.
Please modify your startup environment by adding:
/usr/local/perl5.26/site/bin:/usr/local/perl5.26/bin to PATH
/usr/local/perl5.26/site/man:/usr/local/perl5.26/man to MANPATH
For general questions or comments about ActivePerl, please
contact us at .
Thank you for using ActivePerl!
Do you want to download a free trial of Komodo IDE? [Y/n]
n
然后等着安装成功即可.
然后我们需要干掉老的perl
# 备份老的perl
$ mv /usr/bin/perl /usr/bin/perl.bak
# 创建软链接
$ ln -s /usr/local/perl5.26/bin/perl /usr/bin/perl
$ perl -v
This is perl 5, version 26, subversion 3 (v5.26.3) built for x86_64-linux-thread-multi
(with 2 registered patches, see perl -V for more detail)
Copyright 1987-2018, Larry Wall
Binary build 2603 [a701e55e0] provided by ActiveState http://www.ActiveState.com
Built Dec 17 2018 10:07:49
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
perl升级成功
接下来我们升级openssl
# 备份当前的openssl
$ cp -r /usr/lib64/openssl /usr/lib64/openssl.old
$ cp -r /usr/bin/openssl /usr/bin/openssl.old
$ cp -r /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
# 备份系统内部工具
$ cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
$ cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
# 卸载当前openssl
$ rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
安装新版openssl
$ tar -zxvf openssl-1.1.1a.tar.gz
$ ./config --prefix=/usr/local/ssl --openssldir=/etc/ssl --shared zlib
$ make
$ make test
$ make install
到这儿还没有结束
$ openssl version
-bash: /usr/bin/openssl: No such file or directory
我们查看openssl版本报错, 因为我们没有创建软链接, openssl被我们安装在了/usr/local/ssl, 我们进入这个目录看看openssl version能不能成功执行
$ cd /usr/local/ssl/bin/
$ ./openssl version
./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
还是报错, 报错原因是/usr/lib64位置找不到libssl.so.1.1, libssl.so.1.1的源文件在/usr/local/ssl/lib/位置, 我们来创建下软连接
$ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
# 实际上还需要创建下面这个软链接
$ ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
# 这时候运行下面指令便不会报错了, 并且也得到了我们想要的版本
$ ./openssl version
OpenSSL 1.1.1a 20 Nov 2018
还差最后一步, 为openssl创建软链接
$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# 我们再来运行下面指令, 发现openssl已成功升级了
$ openssl version
OpenSSL 1.1.1a 20 Nov 2018
至此. openssl便完成了升级
接下俩我们升级openssh
# 先备份原来的openssh
$ cp -r /etc/ssh /etc/ssh.old
# 卸载
$ rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
# 运行下列指令, 要保证都正常运行
$ install -v -m700 -d /var/lib/sshd
$ chown -v root:sys /var/lib/sshd
$ groupadd -g 51 sshd
$ useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 51 sshd
安装openssh
$ tar -zxvf openssh-7.9p1.tar.gz
$ cd openssh-7.9p1
# 这儿不要出问题
$ ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
$ make
$ make install
$ ssh -V
OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018
至此 openssh升级成功!