#!/bin/sh
CHECK_RUN()
{
if [ "$?" = "0" ]; then
echo "=============== Run [$1] succeed! ==============="
sleep 3
else
echo "Error, abort!"
exit 2
fi
}
./telnet_restart.sh start
./telnet_restart.sh status
sleep 3
echo " "
echo " "
USER=`whoami`
if [ $USER != root ]; then
echo "Must be root to run this script, please login as root and re-try"
exit
fi
# see if configuration is already being applied
if [ -f "/etc/updatessh_6.7.conf" ]; then
sshd -v
echo
echo "*******************************************************"
echo -n "Update openssh has already been applied, do you want to update(Y/N)?"
read RET_SURE
if [ "$RET_SURE" != "Y" ] && [ "$RET_SURE" != "y" ]; then
echo "Abort upate!"
exit;
fi
else
echo "Starting to update openssh..."
fi
if [ "$1" != "OK" ]; then
echo "parameter error, abort!"
exit 1
fi
cat /etc/issue | grep -i 'centos release 6.4' > /dev/null
if [ $? = "0" ]; then
PAM_RPM="./pam-devel-1.1.1-13.el6.x86_64.rpm"
fi
WORK_DIR=`pwd`
if [ ! -f $PAM_RPM ]; then
echo "No find pam-devel package, abort!"
exit 1
fi
rpm -ivh $PAM_RPM
cat /etc/issue | grep -i 'centos release 6' > /dev/null
if [ $? = "0" ]; then
rpm -qa | grep pam-devel > /dev/null
if [ $? != "0" ]; then
echo "Warning: NO install pam-devel RPM package, abort!"
exit 1
fi
fi
umask 0022
tar xvzf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure --prefix=/usr/local/zlib
CHECK_RUN "configure_zlib"
make
CHECK_RUN "make_zlib"
make install
CHECK_RUN "install_zlib"
cd $WORK_DIR
tar xvzf openssl-1.0.1j.tar.gz
cd openssl-1.0.1j
./config shared zlib --prefix=/usr/local/openssl
CHECK_RUN "configure_openssl"
make
CHECK_RUN "make_openssl"
make install
CHECK_RUN "install_openssl"
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -sf /usr/local/openssl/lib/libcrypto.so.1.0.0 /lib/libcrypto.so.6
echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
ldconfig -v
CHECK_RUN "ldconfig"
cd $WORK_DIR
tar xvzf openssh-6.7p1.tar.gz
cd openssh-6.7p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl/ --with-md5-passwords
CHECK_RUN "configure_openssh"
make
CHECK_RUN "make_openssh"
make install
CHECK_RUN "install_openssh"
# modify configuration
sed -i -e "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g" /etc/ssh/sshd_config
sed -i -e "s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g" /etc/ssh/sshd_config
sed -i -e "s/##GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g" /etc/ssh/sshd_config
sed -i -e "s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g" /etc/ssh/ssh_config
echo
ssh -V
date >> /etc/updatessh.conf
if [ "$2" = "restart" ]; then
/sbin/service sshd restart
fi
sshd -vesion
echo ""
echo "**********************************************"
echo "**********************************************"
echo " All succeed!"
echo "**********************************************"
echo "**********************************************"