openssh升级
###获取安装包
wget -q ftp://10.56.81.253/openssh/* /root/
###7系统版本
安装telnet后,使用telnet链接另开一个窗口进行升级,因为升级ssh会stop服务。
yum install xinetd telnet-server -y
echo "service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}" > /etc/xinetd.d/telnet
echo "pts/0
pts/1
pts/2
pts/3" >> /etc/securetty
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
netstat -lntp|grep 23
###6系统版本
yum -y install xinetd telnet telnet-server
sed -i "s/auth required pam_securetty.so/#auth required pam_securetty.so/g" /etc/pam.d/remote
sed -i "s/yes/no/g" /etc/xinetd.d/telnet
service xinetd restart
netstat -lntp|grep 23
###安装依赖包
yum -y install gcc gcc-c++ kernel-devel
###解压安装包
tar -xf /root/openssh-8.4p1.tar.gz -C /usr/local/src/
tar -xf /root/openssl-1.1.1i.tar.gz -C /usr/local/src/
tar -xf /root/zlib-1.2.11.tar.gz -C /usr/local/src/
chown root:root /usr/local/src/* -R
###编译安装zlib-1.2.11
cd /usr/local/src/zlib-1.2.11/
./configure --prefix=/usr/local/zlib
make -j 4
make install
###编译安装openssl-1.1.1i
cd /usr/local/src/openssl-1.1.1i/
./config --prefix=/usr/local/ssl -d shared
make -j 4
make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
###编译安装openssh-8.4p1
yum install -y pam-devel
cd /usr/local/src/openssh-8.4p1/
mv /etc/ssh /etc/ssh.bak
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib --with-pam
make -j 4
make install
###sshd_config文件修改
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo 'X11UseLocalhost no' >> /etc/ssh/sshd_config
echo 'XAuthLocation /usr/bin/xauth' >> /etc/ssh/sshd_config
echo 'UseDNS no' >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
echo 'UsePAM yes' >> /etc/ssh/sshd_config
###复制新文件
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
vim /etc/pam.d/sshd
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
文件添加到末尾
###重启sshd服务
7版本:
systemctl stop sshd
rm -rf /lib/systemd/system/sshd.service
cp -rf /usr/local/src/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
systemctl daemon-reload
/etc/init.d/sshd restart
systemctl status sshd
6系统版本:
service sshd stop
rm -rf /lib/systemd/system/sshd.service
cp -rf /usr/local/src/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart
service sshd status
###添加开机启动
chkconfig --add sshd
chkconfig --list sshd
###关闭telnet服务
7版本系统
systemctl disable xinetd.service
systemctl stop xinetd.service
systemctl disable telnet.socket
systemctl stop telnet.socket
yum remove telnet-server xinetd -y
6版本系统
sed -i "s/#auth required pam_securetty.so/auth required pam_securetty.so/g" /etc/pam.d/remote
service xinetd stop
yum -y remove xinetd telnet telnet-server
###清理安装包
rm -rf /root/openssh-8.4p1.tar.gz
rm -rf /root/openssl-1.1.1i.tar.gz
rm -rf /root/zlib-1.2.11.tar.gz
###查看openssh版本
ssh -V
开启sha1(可选):
KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1