linux openssh升级

一.先安装telnet服务

a、以防卸载openssh后连接不到服务器

yum install telnet-serveryum install telnetyum install -y telnet-serveryum install -y xinetd systemctl enable xinetd.servicesystemctl enable telnet.socketsystemctl start telnet.socketsystemctl start xinetd

b、默认情况下，系统是不允许root用户telnet远程登录的。如果要使用root用户直接登录，需设置如下内容:

echo 'pts/0' >>/etc/securettyecho 'pts/1' >>/etc/securetty

systemctl restart xinetd.service

c、测试

[root@localhost ~]#telnet

二.升级开始:(注意 : 关闭SELinux)

先把openssh-7.9p1.tar.gz传到服务器上 , 在进行升级的一系列操作.

1.yum安装依赖

yum install -y gcc openssl openssl-devel pam-devel rpm-build pam-devel

2.卸载openssh

[root@localhost src]# rpm -qa | grep openssh[root@localhost src]# rpm -e `rpm -qa | grep openssh` --nodeps[root@localhost src]# rpm -qa | grep openssh

3.安装openssh7.9

(参考,包在这里下载/blfs/view/svn/postlfs/openssh.html)

install -v -m700 -d /var/lib/sshd && chown -v root:sys /var/lib/sshd && groupadd -g 50 sshd && useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

[root@localhost src]# tar -zxvf openssh-7.9p1.tar.gz [root@localhost src]# cd openssh-7.9p1

[root@localhost src]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_rsa_key[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ecdsa_key[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ed25519_key[root@localhost src]# make && make install

4.执行如下命令

install -v -m755 contrib/ssh-copy-id /usr/bin && install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 && install -v -m755 -d /usr/share/doc/openssh-7.9p1 && install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1

[root@localhost openssh-7.9p1]# ssh -VOpenSSH_7.9p1, OpenSSL 1.0.2k-fips 26 Jan

5.允许root远程登录 , 开机自启

[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config[root@localhost openssh-7.9p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd[root@localhost openssh-7.9p1]# chkconfig --add sshd[root@localhost openssh-7.9p1]# chkconfig sshd on[root@localhost openssh-7.9p1]# service sshd startStarting sshd (via systemctl): [ OK ][root@localhost openssh-7.9p1]# service sshd restartRestarting sshd (via systemctl): [ OK ][root@localhost openssh-7.9p1]# chkconfig --list sshd

三.把telnet关掉

[root@localhost openssh-7.9p1]# rpm -qa telnet-servertelnet-server-0.17-64.el7.x86_64[root@localhost openssh-7.9p1]# systemctl stop telnet.socket [root@localhost openssh-7.9p1]# systemctl stop xinetd[root@localhost openssh-7.9p1]# systemctl disable xinetd.service Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.[root@localhost openssh-7.9p1]# systemctl disable telnet.socketRemoved symlink /etc/systemd/system/sockets.target.wants/telnet.socket.

[root@RHEL5 ~]# rpm -qa | grep telnettelnet-0.17-38.el5telnet-server-0.17-38.el5[root@RHEL5 ~]# rpm -e telnet-0.17-38.el5 # -e参数表示删除rpm包[root@RHEL5 ~]# rpm -e telnet-server-0.17-38.el5