Centos6.6升级ssh5.3版本到ssh8.3版本

下载所需要的源码包:

]#wget https://files-cdn.cnblogs.com/files/luckjinyan/zlib-1.2.11.tar.gz

]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssh-8.3p1.tar.gz

]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssl-1.1.1g.tar.gz

 

备份当前openssh

# cp/etc/ssh /etc/ssh.bak

# cp /etc/init.d/sshd /etc/init.d/sshd.abk

 

 

卸载旧的版本

# rpm -e –nodeps openssh-xxx(使用这条命令逐个卸载)

rpm -e –nodeps openssh-askpass-5.3p1-104.el6.x86_64

rpm -e –nodeps openssh-server-5.3p1-104.el6.x86_64

rpm -e –nodeps openssh-5.3p1-104.el6.x86_64

rpm -e –nodeps openssh-clients-5.3p1-104.el6.x86_64

 

卸载时报错,解决:

rpm -e –noscripts openssh-server-5.3p1-104.el6.x86_64

 

配置阿里yum源

curl -O http://mirrors.aliyun.com/repo/Centos-6.repo

curl -O http://mirrors.aliyun.com/repo/epel-6.repo

yum clean all && yum makecache

 

yum -y install gcc gcc-c++ vim pam* openssl-devel   (先安装要使用的工具)

 

注:pam*测试时未安装    若安装在进行openssh配置时需加上–with-pam=enable

 

 

解压   (-C 可以指定解压到指定的目录)

]#tar zxf zlib-1.2.11.tar.gz

]#tar zxf openssl-1.1.1g.tar.gz

]#tar zxf openssh-8.3p1.tar.gz

 

编译安装zlib

cd zlib-1.2.11

./configure –prefix=/usr/local/zlib

make && make install

 

编译安装openssl

 

cd openssl-1.1.1g
./config --prefix=/usr/local/openssl -d shared
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl  
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so  //目前发现这一步有错误,可不做
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version

 

安装openssh

cd openssh-8.3p1
./configure --prefix=/usr  --sysconfdir=/etc/ssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make && make install

 

sshd_config文件修改

echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
 
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
 
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
 
解===>>>
PermitRootLogin yes         #允许root认证登录
PasswordAuthentication yes  #允许密码认证

RSAAuthentication yes       #秘钥认证
PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys  #默认公钥存放的位置
 

 

备份原有文件,并将新的配置复制到指定目录

cp -p /root/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd

cp -p /root/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam(使用pam需拷贝)

 

启动sshd

service sshd restart
 
centos7可直接使用systemctl进行管理

查看信息版本

ssh -V   或者 sshd -v


 


 


 


 


ubuntu升级ssh到8.3版本


更改apt源为阿里源


vi /etc/apt/sources.list         添加以下内容


deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse


deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse


deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse


deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse


deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse


deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse


deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse


deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse


deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse


deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse


——————————————————————————————————————–


更新一下apt库:


apt update


 


解压   (-C 可以指定解压到指定的目录)


]#tar zxf zlib-1.2.11.tar.gz


]#tar zxf openssl-1.1.1g.tar.gz


]#tar zxf openssh-8.3p1.tar.gz


 


 


安装gcc编译工具


apt-get install gcc make libpam0g-dev


 


编译zlib


./configure –prefix=/usr/local/zlib


make


make install


 


编译安装openssl


cd openssl-1.1.1g


./config --prefix=/usr/local/openssl -d shared


make && make install


mv /usr/bin/openssl /usr/bin/openssl.bak


mv /usr/include/openssl /usr/include/openssl.bak


ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl  


ln -s /usr/local/openssl/include/openssl /usr/include/openssl


ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so  //目前发现执行这一步有错误,可跳过


echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf  //这一步与centos有一些区别


ldconfig  


openssl version    //查看版本



# 备份原openssh文件


mv /etc/ssh /etc/ssh.bak


mv /etc/init.d/ssh  /etc/init.d/ssh.bak


 


# 卸载原openssh


apt-get remove

openssh-server openssh-client


cd openssh-8.3p1 


./configure

–prefix=/usr –sysconfdir=/etc/ssh –with-md5-passwords –with-pam –with-zlib=/usr/local/zlib

–with-ssl-dir=/usr/local/openssl –with-privsep-path=/var/lib/sshd #需要指定openssl的安装路径和zlib的安装路径


make && make

install


 


1. 修改默认配置文件

根据之前配置修改,保证配置相同


2. 也可使用原来的配置文件

cd /etc/ssh

mv sshd_config sshd_config.default

cp ../ssh.old/sshd_config ./


# 使用原来的/etc/init.d/ssh

mv /etc/init.d/ssh.old /etc/init.d/ssh


 


# 取消注销指定服务

systemctl unmask ssh           


 


# 重启服务

systemctl restart ssh


 


 



———————————报错——————————————-


# 报错  checking whether OpenSSL’s PRNG is internally

seeded… yes


#      

configure: error: PAM headers not found


# 解决:ubuntu: apt-get install libpam0g-dev   centos: yum -y install pam-devel


 



———————————报错——————————————————————-


# 报错: Privilege

separation user sshd does not exist


vim /etc/passwd


sshd:x:74:74:Privilege-separated

SSH:/var/empty/sshd:/sbin/nologin 


# 注册名:口令:用户标识号:组标识号:用户名:用户主目录:命令解释程序


# /etc/passwd文件是Linux/UNIX安全的关键文件之一.该文件用于用户登录时校验 用户的口令,当然应当仅对root可写.


——————————————————————————————————–


 


 


 


 


 


Centos6(限6版本) ssh升级到8.3p脚本(超菜的写法,大神勿看)


 


#!/bin/bash


curl -o /opt/zlib-1.2.11.tar.gz

http://www.zlib.net/zlib-1.2.11.tar.gz > /dev/null


if [ $? == ‘0’ ]; then


       

echo “zlib源码包下载完成!!”


       

else


       

exit 1


fi


curl -o /opt/openssh-8.3p1.tar.gz

http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz

>/dev/null


if [ $? == ‘0’ ]; then


       

echo “openssh源码包下载完成!!”


       

else


       

exit 1


fi


curl -o /opt/openssl-1.1.1g.tar.gz https://www.openssl.org/source/openssl-1.1.1g.tar.gz  >/dev/null


if [ $? == ‘0’ ]; then


       

echo “openssl源码包下载完成!!”


       

else


       

exit 1


fi


 


#rpm -q openssh > /dev/null &&

cat /etc/redhat-release |grep 6.* > /dev/null


 


if [ -d /etc/ssh ]; then


        mv /etc/ssh /etc/ssh.bak


       

echo “备份ssh OK”


fi


 


if [ -f /etc/init.d/sshd ]; then


       

mv /etc/init.d/sshd /etc/init.d/sshd.bak


       

echo “备份sshd OK”


fi


 


rpm -qa |grep openssh-askpass >

/dev/null


if [ $? == ‘0’ ]; then


                rpm -e –nodeps

openssh-askpass-5.3p1-104.el6.x86_64 && echo “成功卸载openssh-askpass”


fi


 


rpm -qa |grep openssh-server > /dev/null


if [ $? == ‘0’ ]; then


                rpm -e –noscripts

openssh-server-5.3p1-104.el6.x86_64 && echo “成功卸载openssh-server”


fi


 


rpm -qa |grep openssh-5.3p1 > /dev/null


if [ $? == ‘0’ ]; then


                rpm -e –nodeps

openssh-5.3p1-104.el6.x86_64 && echo “成功卸载openssh-5.3p1”


fi


 


rpm -qa |grep openssh-clients >

/dev/null


if [ $? == ‘0’ ]; then


                rpm -e –nodeps openssh-clients-5.3p1-104.el6.x86_64

&& echo “成功卸载openssh-clients”


fi


 


curl -o /etc/yum.repos.d/Centos-6.repo

http://mirrors.aliyun.com/repo/Centos-6.repo >/dev/null  && echo “pull Centos-6.repo

yes”


curl -o /etc/yum.repos.d/epel-6.repo

http://mirrors.aliyun.com/repo/epel-6.repo >/dev/null  && echo “pull epel-6.repo

yes”


yum clean all > /dev/null && yum

makecache > /dev/null && echo “repo clan yes”


 


yum -y install gcc gcc-c++ vim pam*

openssl-devel > /dev/null


 


if [ $? == ‘0’ ];then


       

echo “install依赖 yes”


       

else


       

exit 1


fi


 


tar zxf /opt/zlib-1.2.11.tar.gz -C /opt/

&& cd /opt/zlib-1.2.11 && ./configure –prefix=/usr/local/zlib

>/dev/null && make >/dev/null && make install >

/dev/null && echo “install zlib succeed”


 


if [ $? == ‘0’ ];then


     

  tar zxf

/opt/openssl-1.1.1g.tar.gz -C /opt/ && cd /opt/openssl-1.1.1g

&& ./config –prefix=/usr/local/openssl -d shared >/dev/null

&& make >/dev/null && make install >/dev/null


       

echo “install openssl succeed”


              else


       

exit 1


fi


 


if [ $? == ‘0’ ];then


       

mv /usr/bin/openssl /usr/bin/openssl.bak && mv

/usr/include/openssl /usr/include/openssl.bak && ln -s

/usr/local/openssl/bin/openssl /usr/bin/openssl && ln -s

/usr/local/openssl/include/openssl /usr/include/openssl


       

else


       

exit 1


fi


 


if [ $? == ‘0’ ];then


       

echo ‘/usr/local/openssl/lib’ >> /etc/ld.so.conf &&

ldconfig -v > /dev/null && echo $(openssl version)


       

else


       

exit 1


fi


 


if [ $? == ‘0’ ];then


       

cd /opt/ && tar zxf openssh-8.3p1.tar.gz -C /opt/ && cd

openssh-8.3p1 && ./configure –prefix=/usr  –sysconfdir=/etc/ssh

–with-zlib=/usr/local/zlib –with-ssl-dir=/usr/local/openssl

–with-md5-passwords –with-pam=enable > /dev/null && make >

/dev/null && make install > /dev/null


       

echo “install openssh succeed”


              else


       

exit 1


fi


 


echo ‘PermitRootLogin yes’

>>/etc/ssh/sshd_config


echo ‘PubkeyAuthentication yes’

>>/etc/ssh/sshd_config


echo ‘PasswordAuthentication yes’

>>/etc/ssh/sshd_config


cp -p

/opt/openssh-8.3p1/contrib/redhat/sshd.init 

/etc/init.d/sshd


cp -p

/opt/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam


 


service sshd restart && ssh -V


 


 ******人生若只如初见******


 













    































							

   
版权声明:本文为AISF原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。



本文链接:https://www.cnblogs.com/AISF/p/13767088.html