openssh一鍵升級腳本（測試成功）

1 ssh版本檢查

本文檔針對於ssh版本低於7.0的系統，升級爲openssh7.5 p1。

ssh –V
[root@kuajing-db3 ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

　　

 

2  OPENssh7.5安裝步驟

卸載原有openssh

yum remove openssh -y

準備編譯環境：

yum install gcc openssl-devel zlib-devel

上傳openssh安裝包到/mnt並解壓進行編譯：

tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install

拷貝ssh服務文件

cp /usr/local/bin/ssh /usr/bin/ssh
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp ./contrib/redhat/sshd.init /etc/init.d/sshd

 

修改配置文件

修改/etc/ssh/sshd_config

將#PermitRootLogin修改成PermitRootLogin yes

修改/usr/libexec/sftp-server爲/usr/local/libexec/sftp-server

修改 /etc/init.d/sshd

將SSHD=/usr/sbin/sshd 改成 SSHD=/usr/local/sbin/sshd

將/usr/sbin/ssh-keygen -A 改成 /usr/local/bin/ssh-keygen -A

在 ‘$SSHD $OPTIONS && success || failure’這一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’

 

加入系統服務 

chkconfig --add sshd
chkconfig sshd on

檢查服務

chkconfig --list |grep sshd
sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off

啓動服務

service sshd start

檢查ssh版本

[root@oracle ~]# ssh -V
OpenSSH_7.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

 

 

3 OPENssh升級腳本

根據以上升級過程編寫了腳本自動執行操做，腳本內容以下

#!/bin/bash
sshInst()
{
       yum remove openssh -y
       yum install gcc openssl-devel zlib-devel -y
       cd /mnt
       tar zxvf openssh-7.5p1.tar.gz -C /mnt/
       cd ./openssh-7.5p1
       ./configure
       make && make install
 
}
 
CHG_SSHD()
{
       chmod +x /etc/init.d/sshd
       OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'
       OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`
        if [ -z "${OPT_EXIST}" ];then
                sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshd
        else
                echo ${OPT_EXIST}
        fi
        PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`
        if [ -n "${PATH_EXIST}"  ];then
                echo "${PATH_EXIST}"
        else
                sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd
        fi
              echo "/etc/init.d/sshd file changes completed."
}
CHG_CONF()
{
##Chenge /etc/ssh/sshd_config 
       cp sshd_config /etc/ssh/sshd_config
       sed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config
       PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`
       if [ -z "${PATH_EXIST}" ];then
              sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config
       else
              echo "${PATH_EXIST}"
       fi
       echo "/etc/ssh/sshd_config file changes completed."
}
 
OPATH=/usr/
NPATH=/usr/local/
echo -n "The SSH current version is:" 
ssh -V 
while true;do
    echo -n "Continue to update?(yes/no)"
    read INPUT
    case $INPUT in
        Y|y|YES|yes)
            sshInst
      echo -n "Press any key to continue....."
      read AnyKey
 
      cp /usr/local/bin/ssh /usr/bin/ssh
      echo "Copying ssh....Done."
      cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
      echo "Copying ssh_host_ecdsa_key.pub....Done."
      cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
      echo "Copying sshd....Done."
      CHG_SSHD
      CHG_CONF
      break;;
        N|n|NO|no)
          echo exited
          exit ;;
        "")
      break;;
  esac
done

ssh -V

chkconfig --add sshd

#解決root用戶沒法登錄
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
chkconfig sshd on
service sshd start
echo "Operation is completed."

#centos7重啓ssh操做
#systemctl daemon-reload
#systemctl restart sshd

 

注意：代碼copy可能出現編譯錯誤，須要先進行以下處理

sed -i 's/\r$//' XXX.sh

        會把 XXX.sh 中的\r 替換成空白！

        再次編譯！成功！！

若是沒有安裝zlib，須要先安裝zlib，再行腳本：

yum install zlib