linx6.7 update openssh to 7.7p1

升級以前須要注意幾點：

1 必需要有本身的鏡像，必須本身作好本地yum源（能夠鏈接外網，可以有網絡yum源也能夠）

2 配置好基本的升級環境。在升級openssh時須要依賴openssl和zlib。通常系統自帶的版本都比較低，而要升級到較高版本的openssh,就對依賴軟件的版本有要求

通常試用源碼編譯的方式進行升級。須要編譯則必需要有編譯環境

3 依次按順序升級zlib,openssl和openssh

4 在安裝zlib以前，須要試用telnet鏈接到服務器，而且須要驗證ftp是否能夠正常上傳文件（使用的匿名方式）。這兩種途徑是解決openssh升級失敗的惟一方法。

5 待全部軟件升級完畢以後，須要在telnet鏈接的服務端哪裏啓動sshd服務，注意不要直接試用restart。須要先試用start,而後在次試用restart。不然服務器會斷開。

6 環境及依賴版本：openssh-7.7p1.tar.gz    openssl-1.0.2o.tar.gz          zlib-1.2.11.tar.gz 

對應軟件下載地址：

zlib下載地址：連接：https://pan.baidu.com/s/1Ez10B_16pOytBZMQ9JueKQ  提取碼：yr98

openssl下載地址：連接：https://pan.baidu.com/s/1oJKL77ZB1n6kzQQYMDOsaQ  提取碼：9x0a

openssh下載地址：連接：https://pan.baidu.com/s/1Lr4Ww_2NDBLwaQAvSB-7jw  提取碼：fpg5

7 下面是不成熟的腳本，沒有邏輯判斷，假設的是全部的命令執行成功的狀況下進行的，若是要試用下面的腳本，須要謹慎試用。

#!/bin/bash
#Describle:update openssh to 7.7p1 on linux6.7 #Tue Oct 9 17:15:19 CST 2018 #Mail:Michael92@126.com #Before updating openssh,you need to be ready for some environments. #In order to avoid downloading too many rpm packages,the best way is downloading the right iso images and make a local yum repository. #After that,you can use the yum install some local servers,such as perl,vsftpd,telnet,telnet-server,pam-devel,gcc,gcc-c++. #Then,you have to update the zlib to 1.2.11 and update openssl to 1.0.2o(This is the lowest version that openssh7.7p1 have dependence) #The last but not the least,update openssh to 7.7p1 and clean up your environment. #1 Now,the next is building a local repository mkdir /iso #$1 is the directory of your iso images mount -o loop $1 /iso cat >>/etc/yum.repos.d/local.repo<<EOF [localrepo] name = localrepo baseurl = file:///iso enabled = 1 gpgcheck = 0 EOF yum clean all yum repolist # 2 Try to use yum install some basical environment yum -y install perl vsftpd telnet telnet-server pam-devel gcc gcc-c++ #Check whether install successfully gcc -v perl -v # 3 install telnet and vsftpd. telnet is the last way to link you server and vsftp is the last way to transfer files echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anonymous_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_umask=022" >> /etc/vsftpd/vsftpd.conf echo "no_anon_password=YES" >> /etc/vsftpd/vsftpd.conf chown ftp /var/ftp -R /etc/init.d/vsftpd restart echo "You have 60 seconds to check whether you can use telnet" for ((i=30;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done # Modify telnet configure file and check it sed -i 's/yes/no/g' /etc/xinetd.d/telnet mv /etc/securetty /etc/securetty.old chkconfig xinetd on echo "You have 30 seconds to check whether you can use telnet" for ((i=30;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done #4 Update zlib to use resource way tar -zxvf ./zlib-1.2.11.tar.gz || exit 6 cd zlib-1.2.11 ./configure --prefix=/usr make || exit 6 rpm -e --nodeps zlib make install echo '/usr/lib' >> /etc/ld.so.conf ldconfig cd .. ZlibDirectory=`find /usr/ -name zlib.pc` cat $ZlibDirectory #5 Update openssl
tar -zxvf ./openssl-1.0.2o.tar.gz || exit 7
mv /usr/lib64/openssl /usr/lib64/openssl.old mv /usr/bin/openssl /usr/bin/openssl.old mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}  cd openssl-1.0.2o ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib #必須加上--shared，不然編譯時會找不到新安裝的openssl的庫而報錯 make make test #必須執行這一步結果爲pass才能繼續，不然即便安裝完成，ssh也沒法使用 make install openssl version -a cd .. sleep 10 mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10 mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10 #6 Update openssh
tar -zxvf ./openssh-7.7p1.tar.gz || exit 8
mv /etc/ssh /etc/ssh.old rpm -qa |grep openssh|xargs -i rpm -e --nodeps {} install -v -m700 -d /var/lib/sshd chown -v root:sys /var/lib/sshd groupadd -g 50 sshd useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd cd openssh-7.7p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd make make install install -v -m755 contrib/ssh-copy-id /usr/bin install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 install -v -m755 -d /usr/share/doc/openssh-7.7p1 install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.7p1 ssh -V for ((i=10;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done echo 'X11Forwarding yes' >> /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #容許root用戶經過ssh登陸 cp -p contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd chkconfig sshd on # The last you have to use telnet to link the server and reboot the sshd /etc/init.d/sshd start /etc/init.d/sshd restart

 

tar -zxvf ./openssl-1.0.2o.tar.gz