下载相应的包,并从相应目录中解压。升级ssh方便远程管理的安全!
#cp /home/sysman/openssh-5.3p1.tar.gz /data/tools/
--------------------------------------------------------------------------------
#安装zlib
wget http://google-desktop-for-linux-mirror.googlecode.com/files/zlib-1.2.3.tar.gz
# tar -xvfz zlib-1.2.3.tar.gz
# cd zlib-1.2.3
# ./configure --shared
# vi Makefile
# make && make install
----------------------------------------------------------
#升级安装Openssl 不要卸载系统自带的Openssl,否则很多服务都起不来.
wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
# tar -xzvf openssl-0.9.8l.tar.gz
# cd openssl-0.9.8l
# ./config shared #注意这里是用./config 会安装到/usr/local/ssl
# make && make install
#配置库文件搜索路径
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# ldconfig -v
# ldconfig
# openssl version -a
------------------------------------------------------------------------------------------
wget http://www.sfr-fresh.com/fresh/unix/misc/openssh-5.3p1.tar.gz
# 首先卸载系统自带的Openssh
#rpm -qa openssh
# rpm -e --nodeps openssh-4.3p2-36.el5
# tar xzvf openssh-5.3p1.tar.gz
# rm -rf /etc/ssh/*
# cd openssh-5.3p1
# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib
# make
# make install
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#修改配置文件
#vi /etc/ssh/sshd_config
Protocol 2
#选择协议
PermitRootLogin no
#禁止root用户使用ssh登录
PermitEmptyPasswords no
#不允许空密码登录
PasswordAuthentication yes
#设置是否使用口令验证。
#PrintLastLog no
#可酌情配置
MaxAuthTries 2
#将MaxAuthTries注释去掉
MaxAuthTries 2(登录次数,限制ssh用户登录次数(防止别人使用密码穷举)
Subsystem sftp /usr/libexec/openssh/sftp-server
#找相应的目录
#DenyUsers 禁用用户
DenyUsers bin
DenyUsers daemon
DenyUsers adm
DenyUsers lp
DenyUsers sync
DenyUsers mail
DenyUsers news
DenyUsers uucp
DenyUsers operator
DenyUsers games
DenyUsers gopher
DenyUsers ftp
DenyUsers nobody
DenyUsers dbus
DenyUsers vcsa
DenyUsers rpm
DenyUsers haldaemon
DenyUsers netdump
DenyUsers ident
DenyUsers nscd
DenyUsers sshd
DenyUsers rpc
DenyUsers mailnull
DenyUsers smmsp
DenyUsers rpcuser
DenyUsers nfsnobody
DenyUsers pcap
DenyUsers apache
DenyUsers squid
DenyUsers webalizer
DenyUsers xfs
DenyUsers ntp
DenyUsers gdm
DenyUsers pegasus
DenyUsers htt
DenyUsers pvm
DenyUsers canna
DenyUsers wnn
DenyUsers quagga
DenyUsers cyrus
DenyUsers mysql
DenyUsers postgres
DenyUsers amanda
DenyUsers oracle
DenyUsers foglight
#AllowUsers 只允许指定的用户登录
AllowUsers nbadv(指定的用户名)
---------------------------------------------------------------------
只允许某个网段的用户登录
# vi /etc/hosts.deny
增加
sshd:ALL EXCEPT 192.168.1.0/255.255.255.0(只允许192.168.1.0的网段访问ssh)
----------------------------------------------------------------------------
------------------------------------------------------------------------
重启ssh服务
#service sshd restart 或
service sshd stop
service sshd start
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#sshd -v
[root@testserver openssh-5.3p1]# sshd -v
sshd: illegal option -- v
OpenSSH_5.3p1, OpenSSL 0.9.8l 5 Nov 2009
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]
[-g login_grace_time] [-h host_key_file] [-k key_gen_time]
[-o option] [-p port] [-u len]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------
FAQ
卸载时遇见 specifies multiple packages
使用rpm -e --allmatches