centos7下自動編譯升級openssh和OpenSSL的shell

時間 2021-01-22

標籤 c++ git bash ssh socket ide 測試 rest code cdn 欄目 Tomcat 简体版

原文原文鏈接

#!/bin/bash
cd /opt

# 更新 openssh 
yum update openssh -y

# 安裝依賴
for i in pcre pcre-devel git wget gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel;do
  rpm -q $i || yum -y install $i
done
yum install -y pam* zlib*

# 下載 openssh、openssl 源碼
if [[ ! -f "/opt/openssh-8.4p1.tar.gz" ]];then
  wget -c http://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
fi
if [[ ! -f "/opt/openssl-1.1.1i.tar.gz" ]];then
  wget -O /opt/openssl-1.1.1i.tar.gz https://www.openssl.org/source/openssl-1.1.1i.tar.gz
fi

# 解壓操做
tar zxf openssh-8.4p1.tar.gz

# 解壓、備份、安裝 openssl
if [[ `openssl version |awk '{print $2}'` == 1.1.1i ]];then
        echo "openssl is ok,Don't need update"
else
    mv /usr/bin/openssl /usr/bin/openssl_bak
    mv /usr/include/openssl /usr/include/openssl_bak
    tar zxf openssl-1.1.1i.tar.gz
    cd /opt/openssl-1.1.1i/
    make clean
    ./config shared --openssldir=/usr/local/openssl --prefix=/usr/local/openssl
    make && make install
    echo $?
fi

cd /opt

# 連接文件
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -sf /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/openssl/lib/" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

# 編譯安裝 openssh 
cd /opt/openssh-8.4p1
chown -R root.root /opt/openssh-8.4p1
cp -r /etc/ssh /tmp/
rm -rf /etc/ssh
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam && make && make install
echo $?

# 修改配置文件
cat > /etc/ssh/sshd_config <<EOF
port 22201
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
EOF
grep "^PermitRootLogin" /etc/ssh/sshd_config
cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$'
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /opt/
mv /usr/lib/systemd/system/sshd.socket /opt/
chkconfig sshd on

# 啓動
service sshd restart

# 測試
openssl version
ssh -V