openssh升级到7.9

  1. 先列举一下相关的软件
    1. openssh
    2. openssl
    3. zlib
    4. perl

openssh7.9依赖openssl1.1.1, openssl1.1.1依赖perl5.26(不太清楚具体依赖哪个版本, 反正不是5.16), zlib升级到最新的版本(目前是2.1.11)即可

首先我们来看下本地服务器这几个软件的版本, 我的是:

$ perl -v
This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
(with 33 registered patches, see perl -V for more detail)

Copyright 1987-2012, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
$ openssl version
 OpenSSL 1.0.2k-fips  26 Jan 2017
  $ ssh -V
 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
  1. 目标:
    perl: 5.16.3 -> 5.26.3
    openssl: 1.0.2k-fips -> 1.1.1a
    openssh: 7.4p1 -> 7.9p1
    zlib: 1.2.7-17.el7 -> 1.2.7-18.el7

  2. 准备安装包

  3. 开始安装
    3.1 zlib升级

yum  install gcc pam-devel zlib-devel -y

3.2 升级perl

$ tar -zxvf ActivePerl-5.26.3.2603-x86_64-linux-glibc-2.15-a701e55e0.tar.gz
$ cd ActivePerl-5.26.3.2603-x86_64-linux-glibc-2.15-a701e55e0
$ sh install.sh
Checking package...done

Welcome to ActivePerl

    ActivePerl is ActiveState's quality-assured binary build of
    Perl.  In order to install ActivePerl you need to agree to
    the ACTIVESTATE® COMMUNITY EDITION LICENSE AGREEMENT.

Did you read the LICENSE.txt file? [no] y
Do you agree to the ACTIVESTATE® COMMUNITY EDITION LICENSE AGREEMENT? [no] y

    This installer can install ActivePerl in any location of your
    choice. You do not need root privileges.  However, please make sure
    that you have write access to this location.

Enter top level directory for install? [/opt/ActivePerl-5.26] /usr/local/perl5.26

    The ActivePerl documentation is available in HTML format.  If installed
    it will be available from file:///usr/local/perl5.26/html/index.html.
    If not installed you will still be able to read all the basic perl and
    module documentation using the man or perldoc utilities.

Install HTML documentation [yes] yes
Ok.

    The typical ActivePerl software installation requires 200 megabytes.
    Please make sure enough free space is available before continuing.

Proceed? [yes] yes
Ok.

Installing ActivePerl...
Copying files to /usr/local/perl5.26...done
Relocating...done (287 files relocated)
Generating HTML documentation...done
Syncing perl PPM database with .packlists...done

ActivePerl has been successfully installed at /usr/local/perl5.26.

Please modify your startup environment by adding:

   /usr/local/perl5.26/site/bin:/usr/local/perl5.26/bin to PATH
   /usr/local/perl5.26/site/man:/usr/local/perl5.26/man to MANPATH

For general questions or comments about ActivePerl, please
contact us at .

Thank you for using ActivePerl!

Do you want to download a free trial of Komodo IDE? [Y/n] 
n

然后等着安装成功即可.

然后我们需要干掉老的perl

    # 备份老的perl
    $ mv /usr/bin/perl /usr/bin/perl.bak
    # 创建软链接
	$ ln -s /usr/local/perl5.26/bin/perl /usr/bin/perl
	$ perl -v
	This is perl 5, version 26, subversion 3 (v5.26.3) built for x86_64-linux-thread-multi
	(with 2 registered patches, see perl -V for more detail)
	
	Copyright 1987-2018, Larry Wall
	
	Binary build 2603 [a701e55e0] provided by ActiveState http://www.ActiveState.com
	Built Dec 17 2018 10:07:49
	
	Perl may be copied only under the terms of either the Artistic License or the
	GNU General Public License, which may be found in the Perl 5 source kit.
	
	Complete documentation for Perl, including FAQ lists, should be found on
	this system using "man perl" or "perldoc perl".  If you have access to the
	Internet, point your browser at http://www.perl.org/, the Perl Home Page.

perl升级成功

接下来我们升级openssl

# 备份当前的openssl
$ cp -r /usr/lib64/openssl /usr/lib64/openssl.old
$ cp -r /usr/bin/openssl  /usr/bin/openssl.old
$ cp -r /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old
# 备份系统内部工具
$ cp  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old
$ cp  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old
# 卸载当前openssl
$ rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}

安装新版openssl

$ tar -zxvf openssl-1.1.1a.tar.gz
$ ./config --prefix=/usr/local/ssl --openssldir=/etc/ssl --shared zlib
$ make
$ make test
$ make install

到这儿还没有结束

$ openssl version
-bash: /usr/bin/openssl: No such file or directory

我们查看openssl版本报错, 因为我们没有创建软链接, openssl被我们安装在了/usr/local/ssl, 我们进入这个目录看看openssl version能不能成功执行

$ cd /usr/local/ssl/bin/
$ ./openssl version
./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

还是报错, 报错原因是/usr/lib64位置找不到libssl.so.1.1, libssl.so.1.1的源文件在/usr/local/ssl/lib/位置, 我们来创建下软连接

$ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
# 实际上还需要创建下面这个软链接
$ ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
# 这时候运行下面指令便不会报错了, 并且也得到了我们想要的版本
$ ./openssl version
OpenSSL 1.1.1a  20 Nov 2018

还差最后一步, 为openssl创建软链接

$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# 我们再来运行下面指令, 发现openssl已成功升级了
$ openssl version
OpenSSL 1.1.1a  20 Nov 2018

至此. openssl便完成了升级

接下俩我们升级openssh

# 先备份原来的openssh
$ cp -r /etc/ssh /etc/ssh.old
# 卸载
$ rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
# 运行下列指令, 要保证都正常运行
$ install  -v -m700 -d /var/lib/sshd
$ chown  -v root:sys /var/lib/sshd
$ groupadd -g 51 sshd
$ useradd  -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 51 sshd

安装openssh

$ tar -zxvf openssh-7.9p1.tar.gz
$ cd openssh-7.9p1
# 这儿不要出问题
$ ./configure --prefix=/usr  --sysconfdir=/etc/ssh  --with-md5-passwords  --with-pam  --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
$ make
$ make install
$  ssh -V
OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018

至此 openssh升级成功!

你可能感兴趣的:(openssh升级到7.9)