redhat 7.4从openssh7.6 离线升级到openssh8.3p1

1、安装telnet,防止ssh升级失败导致链接失败
rpm -ivh telnet-server-0.17-64.el7.x86_64.rpm
rpm -ivh telnet-0.17-64.el7.x86_64.rpm
2、在防火墙上开放telnet端口
firewall-cmd --zone=public --add-port=23/tcp --permanent
----加载配置生效
firewall-cmd --reload
—加入自启动
chkconfig telnet on
systemctl enable telnet.socket
systemctl start telnet.socket
----默认不允许root连接,所以新增了账号
useradd jtest
passwd jtest
3、安装依赖包
rpm -ivh libgcc-4.8.5-16.el7.x86_64.rpm
rpm -ivh glibc-headers-2.17-196.el7.x86_64.rpm
rpm -ivh glibc-devel-2.17-196.el7.x86_64.rpm
rpm -ivh compat-gcc-44-4.4.7-8.el7.x86_64.rpm
rpm -ivh compat-gcc-44-c+±4.4.7-8.el7.x86_64.rpm
rpm -ivh gcc-4.8.5-16.el7.x86_64.rpm
rpm -ivh gcc-c+±4.8.5-16.el7.x86_64.rpm
rpm -ivh glibc-2.17-196.el7.x86_64.rpm
rpm -ivh pcre-8.32-17.el7.x86_64.rpm
rpm -ivh pcre-devel-8.32-17.el7.x86_64.rpm
rpm -ivh pcre2-10.23-2.el7.x86_64.rpm
rpm -ivh openssl-1.0.2k-8.el7.x86_64.rpm
rpm -ivh zlib-1.2.7-17.el7.x86_64.rpm
rpm -ivh zlib-devel-1.2.7-17.el7.x86_64.rpm
rpm -ivh openssl-libs-1.0.2k-8.el7.x86_64.rpm
rpm -ivh glibc-devel-2.17-196.el7.x86_64.rpm
rpm -ivh libcom_err-devel-1.42.9-10.el7.x86_64.rpm
rpm -ivh libsepol-devel-2.5-6.el7.x86_64.rpm
rpm -ivh libselinux-devel-2.5-11.el7.x86_64.rpm
rpm -ivh keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm
rpm -ivh libverto-devel-0.2.5-4.el7.x86_64.rpm
rpm -ivh krb5-devel-1.15.1-8.el7.x86_64.rpm
rpm -ivh libverto-devel-0.2.5-4.el7.x86_64.rpm
rpm -ivh openssl-devel-1.0.2k-8.el7.x86_64.rpm
rpm -ivh pam-devel-1.1.8-18.el7.x86_64.rpm

rpm -ivh pam-1.1.8-18.el7.x86_64.rpm
rpm -ivh pam-devel-1.1.8-18.el7.x86_64.rpm
rpm -ivh pam_krb5-2.4.8-6.el7.x86_64.rpm
rpm -ivh pam_pkcs11-0.6.2-27.el7.x86_64.rpm
rpm -ivh spamassassin-3.4.0-2.el7.x86_64.rpm
rpm -ivh openssl-devel-1.0.2k-8.el7.x86_64.rpm
rpm -ivh libcryptui-3.12.2-1.el7.x86_64.rpm
rpm -ivh openssl-devel-1.0.2k-8.el7.x86_64.rpm
rpm -ivh openssl-libs-1.0.2k-8.el7.x86_64.rpm
rpm -ivh openssl-devel-1.0.2k-8.el7.x86_64.rpm
4、安装openssl
----备份
mv /usr/bin/openssl /usr/bin/openssl_bak11
mv /usr/include/openssl /usr/include/openssl_bak11
-----强制卸载
rpm -e rpm -qa | grep openssl --nodeps
-----进入openssl目录
cd openssl-1.0.2r
----编译并安装
./config shared && make && make install
—建link文件
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
----加入动态加载库
echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
—使的配置生效
/sbin/ldconfig
-----检查openssl 版本
openssl version
5、安装openssh
cd openssh-8.3p1
mv /etc/ssh /etc/ssh_bak11
----强制卸载

rpm -e rpm -qa | grep openssh --nodeps

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam --without-openssl-header-check
make
make install
----设置自启动
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
—默认权限不对,修正
chown root:root /etc/init.d/sshd
chkconfig --add sshd
/sbin/chkconfig sshd on
----重启ssh 服务
systemctl restart sshd
----检查ssh版本
ssh -v
6、设置sshd_config

vim /etc/ssh/sshd_config
----设置允许root登陆
PermitRootLogin yes
----设置默认密钥交换算法,否则会导致远程连接失败
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,[email protected]

7、-修改selinux配置,很重要,否则连接不成功
vi /etc/selinux/config
SELINUX=disabled
----使selinux配置生效
setenforce 0
8、检查ssh链接是否成功
9、如果成功,关闭telnet服务
chkconfig telnet off
systemctl disable telnet.socket
systemctl stop telnet.socket
10、从防火墙删除对应端口23的策略
firewall-cmd --permanent --zone=public --remove-port=23/tcp
重新加载防火墙配置
firewall-cmd --reload

你可能感兴趣的:(linux,linux,ssh,openssl)