centos7 升級openssh到openssh-8.0p1版本
環境介紹node
centos7.3和centos7.6升級完畢測試登陸ssh以及重啓後登陸ssh均無問題。linux
前期請自行配置好yum源(若是不會請百度)c++
整個過程不須要卸載原先的openssl包和openssh的rpm包。不影響咱們的操做vim
本文的環境都是系統自帶的openssh,沒有經歷過手動編譯安裝方式。若是以前有手動編譯安裝過openssh,請參照本文自行測試是否能成功。centos
若是嚴格參照本文操做,我保證你升級沒問題api
centos7.6升級後的效果數組
[root@testssh ~]# ssh -V OpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019 [root@testssh ~]# openssl version OpenSSL 1.0.2r 26 Feb 2019 [root@testssh ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@testssh ~]#
centos7.3升級後的效果bash
[root@linux-node3 ~]# openssl version OpenSSL 1.0.2r 26 Feb 2019 [root@linux-node3 ~]# ssh -V OpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019 [root@linux-node3 ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@linux-node3 ~]#
若是ssh版本太低,最好先yum update openssh升級下到目前yum倉庫默認的openssh7.4p1版本session
默認centos7.3的ssh是以下版本app
[root@linux-node3 ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@linux-node3 ~]# ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013 [root@linux-node3 ~]#
執行yum update openssh先升級下(反正官方提供的這種升級是沒問題的。若是以前手動編譯操做過openssh的升級,變動了默認配置文件路徑什麼的請自行測試。)
(這裏準備統一openssh版本爲7.4p1以後再統一編譯安裝升級到openssh8.0p1)
[root@linux-node3 ~]# yum update openssh -y [root@linux-node3 ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 [root@linux-node3 ~]#
安裝telnet-server以及xinetd
[root@linux-node3 ~]# yum install xinetd telnet-server -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * epel: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com Package 2:xinetd-2.3.15-13.el7.x86_64 already installed and latest version Package 1:telnet-server-0.17-64.el7.x86_64 already installed and latest version Nothing to do [root@linux-node3 ~]#
配置telnet
如今不少centos7版本安裝telnet-server以及xinetd以後沒有一個叫telnet的配置文件了。
若是下面telnet文件不存在的話,能夠跳過這部分的更改
[root@linux-node3 ~]# ll /etc/xinetd.d/telnet ls: cannot access /etc/xinetd.d/telnet: No such file or directory
若是下面文件存在,請更改配置telnet能夠root登陸,把disable = no改爲disable = yes
[root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
[root@rhel yum.repos.d]# vim /etc/xinetd.d/telnet
[root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
配置telnet登陸的終端類型,在/etc/securetty文件末尾增長一些pts終端,以下
pts/0 pts/1 pts/2 pts/3
配置以後的顯示
[root@linux-node3 ~]# vim /etc/securetty [root@linux-node3 ~]# tail -5 /etc/securetty xvc0 pts/0 pts/1 pts/2 pts/3 [root@linux-node3 ~]#
啓動telnet服務,並設置開機自動啓動
[root@linux-node3 ~]# systemctl enable xinetd [root@linux-node3 ~]# systemctl enable telnet.socket Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket. [root@linux-node3 ~]# [root@linux-node3 ~]# systemctl start telnet.socket [root@linux-node3 ~]# systemctl start xinetd [root@linux-node3 ~]# netstat -lntp|grep 23 tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]#
切換到telnet方式登陸,之後的操做都在telnet終端下操做,防止ssh鏈接意外中斷形成升級失敗
telnet方式登陸
安裝依賴包
升級須要幾個組件,有些是和編譯相關的等
[root@linux-node3 ~]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * epel: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com Package gcc-4.8.5-36.el7_6.1.x86_64 already installed and latest version Package gcc-c++-4.8.5-36.el7_6.1.x86_64 already installed and latest version Package glibc-2.17-260.el7_6.4.x86_64 already installed and latest version Package 1:make-3.82-23.el7.x86_64 already installed and latest version Package autoconf-2.69-11.el7.noarch already installed and latest version Package 1:openssl-1.0.2k-16.el7_6.1.x86_64 already installed and latest version Package 1:openssl-devel-1.0.2k-16.el7_6.1.x86_64 already installed and latest version Package pcre-devel-8.32-17.el7.x86_64 already installed and latest version Package pam-devel-1.1.8-22.el7.x86_64 already installed and latest version Nothing to do [root@linux-node3 ~]#
安裝pam和zlib等(後面的升級操做可能沒用到pam,安裝上也沒啥影響,若是不想安裝pam請自行測試)
[root@linux-node3 ~]# yum install -y pam* zlib* Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * epel: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com Package pam_yubico-2.26-1.el7.x86_64 already installed and latest version Package pam_script-1.1.8-1.el7.x86_64 already installed and latest version Package pam_oath-2.4.1-9.el7.x86_64 already installed and latest version Package pam_snapper-0.2.8-4.el7.x86_64 already installed and latest version Package pam_ssh_agent_auth-0.10.3-2.16.el7.x86_64 already installed and latest version Package pam_2fa-1.0-1.el7.x86_64 already installed and latest version Package pam_mapi-0.3.4-1.el7.x86_64 already installed and latest version Package pam_ssh_user_auth-1.0-1.el7.x86_64 already installed and latest version Package pam_mount-2.16-5.el7.x86_64 already installed and latest version Package pam_radius-1.4.0-3.el7.x86_64 already installed and latest version Package pamtester-0.1.2-4.el7.x86_64 already installed and latest version Package pam_afs_session-2.6-5.el7.x86_64 already installed and latest version Package pam_pkcs11-0.6.2-30.el7.x86_64 already installed and latest version Package pam-1.1.8-22.el7.x86_64 already installed and latest version Package pam_ssh-2.3-1.el7.x86_64 already installed and latest version Package 1:pam_url-0.3.3-4.el7.x86_64 already installed and latest version Package pam_wrapper-1.0.7-2.el7.x86_64 already installed and latest version Package pam-kwallet-5.5.2-1.el7.x86_64 already installed and latest version Package pam-devel-1.1.8-22.el7.x86_64 already installed and latest version Package pam_krb5-2.4.8-6.el7.x86_64 already installed and latest version Package zlib-devel-1.2.7-18.el7.x86_64 already installed and latest version Package zlib-static-1.2.7-18.el7.x86_64 already installed and latest version Package zlib-1.2.7-18.el7.x86_64 already installed and latest version Package zlib-ada-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest version Package zlib-ada-devel-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest version Nothing to do [root@linux-node3 ~]#
下載openssh包和openssl的包
咱們都下載最新版本,下載箭頭指的包
https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
https://ftp.openssl.org/source/
開始安裝openssl
我的習慣把安裝包或者工具之類的放下面目錄。根據我的喜愛隨便放,不影響安裝
[root@linux-node3 ~]# mkdir /data/tools -p [root@linux-node3 ~]# cd /data/tools/ [root@linux-node3 /data/tools]# rz -E rz waiting to receive. [root@linux-node3 /data/tools]# ll total 5224 -rw-r--r-- 1 root root 5348369 Apr 27 12:19 openssl-1.0.2r.tar.gz 解壓文件 [root@linux-node3 /data/tools]# tar xfz openssl-1.0.2r.tar.gz [root@linux-node3 /data/tools]# ll total 5228 drwxr-xr-x 20 root root 4096 Apr 27 12:20 openssl-1.0.2r -rw-r--r-- 1 root root 5348369 Apr 27 12:19 openssl-1.0.2r.tar.gz [root@linux-node3 /data/tools]# cd [root@linux-node3 ~]# 如今是系統默認的版本,等會升級完畢對比下 [root@linux-node3 ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 [root@linux-node3 ~]#
備份下面2個文件或目錄(若是存在的話就執行)
[root@linux-node3 ~]# ll /usr/bin/openssl -rwxr-xr-x 1 root root 555248 Mar 12 18:12 /usr/bin/openssl [root@linux-node3 ~]# mv /usr/bin/openssl /usr/bin/openssl_bak [root@linux-node3 ~]# ll /usr/include/openssl total 1864 -rw-r--r-- 1 root root 6146 Mar 12 18:12 aes.h -rw-r--r-- 1 root root 63204 Mar 12 18:12 asn1.h -rw-r--r-- 1 root root 24435 Mar 12 18:12 asn1_mac.h -rw-r--r-- 1 root root 34475 Mar 12 18:12 asn1t.h -rw-r--r-- 1 root root 38742 Mar 12 18:12 bio.h -rw-r--r-- 1 root root 5351 Mar 12 18:12 blowfish.h ...... [root@linux-node3 ~]# mv /usr/include/openssl /usr/include/openssl_bak [root@linux-node3 ~]#
編譯安裝新版本的openssl
配置、編譯、安裝3個命令一塊兒執行
&&符號表示前面的執行成功纔會執行後面的
[root@linux-node3 ~]# cd /data/tools/openssl-1.0.2r/ [root@linux-node3 /data/tools/openssl-1.0.2r]# ./config shared && make && make install
以上命令執行完畢,echo $?查看下最後的make install是否有報錯,0表示沒有問題
下面2個文件或者目錄作軟連接 (剛纔前面的步驟mv備份過原來的)
[root@linux-node3 ~]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl [root@linux-node3 ~]# ln -s /usr/local/ssl/include/openssl /usr/include/openssl [root@linux-node3 ~]# ll /usr/bin/openssl lrwxrwxrwx 1 root root 26 Apr 27 12:31 /usr/bin/openssl -> /usr/local/ssl/bin/openssl [root@linux-node3 ~]# ll /usr/include/openssl -ld lrwxrwxrwx 1 root root 30 Apr 27 12:31 /usr/include/openssl -> /usr/local/ssl/include/openssl [root@linux-node3 ~]#
命令行執行下面2個命令加載新配置
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf /sbin/ldconfig
查看確認版本。沒問題
[root@testssh ~]# openssl version OpenSSL 1.0.2r 26 Feb 2019
安裝openssh
上傳openssh的tar包並解壓
[root@testssh ~]# cd /data/tools/ [root@testssh tools]# ll total 7628 -rw-r--r-- 1 root root 1597697 Apr 18 07:02 openssh-8.0p1.tar.gz drwxr-xr-x 20 root root 4096 Apr 23 23:12 openssl-1.0.2r -rw-r--r-- 1 root root 5348369 Feb 26 22:34 openssl-1.0.2r.tar.gz -rwxr-xr-x 1 root root 853040 Apr 11 2018 sshd [root@testssh tools]# tar xfz openssh-8.0p1.tar.gz [root@testssh tools]# cd openssh-8.0p1 可能文件默認顯示uid和gid數組都是1000,這裏從新受權下。不受權可能也不影響安裝(請自行測試) [root@testssh tools]# chown -R root.root /data/tools/openssh-8.0p1
命令行刪除原先ssh的配置文件和目錄
而後配置、編譯、安裝
注意下面編譯安裝的命令是一行,請把第一行末尾的 \ 去掉,而後在文本里弄成一行以後放命令行執行
rm -rf /etc/ssh/* ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include \ --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
參考下個人截圖
安裝完畢 檢查下結果
修改配置文件最終爲以下內容,其餘的不要動
[root@linux-node3 ~]# grep "^PermitRootLogin" /etc/ssh/sshd_config PermitRootLogin yes [root@linux-node3 ~]# grep "UseDNS" /etc/ssh/sshd_config UseDNS no [root@linux-node3 ~]#
從原先的解壓的包中拷貝一些文件到目標位置(若是目標目錄存在就覆蓋)
(可能下面的ssh.pam文件都沒用到,由於sshd_config配置文件貌似沒使用它,請自行測試。我這邊是拷貝了)
[root@linux-node3 /data/tools/openssh-8.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd [root@linux-node3 /data/tools/openssh-8.0p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam [root@linux-node3 /data/tools/openssh-8.0p1]# chmod +x /etc/init.d/sshd [root@linux-node3 /data/tools/openssh-8.0p1]# chkconfig --add sshd [root@linux-node3 /data/tools/openssh-8.0p1]# systemctl enable sshd [root@linux-node3 /data/tools/openssh-8.0p1]#
把原先的systemd管理的sshd文件刪除或者移走或者刪除,不移走的話影響咱們重啓sshd服務
[root@linux-node3 ~]# mv /usr/lib/systemd/system/sshd.service /data/
設置sshd服務開機啓動
[root@linux-node3 ~]# chkconfig sshd on Note: Forwarding request to 'systemctl enable sshd.socket'. Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.
接下來測試啓停服務。都正常
之後管理sshd經過下面方式了 [root@linux-node3 ~]# /etc/init.d/sshd restart Restarting sshd (via systemctl): [ OK ] [root@linux-node3 ~]# [root@linux-node3 ~]# [root@linux-node3 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31800/sshd tcp6 0 0 :::22 :::* LISTEN 31800/sshd tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]# /etc/init.d/sshd stop Stopping sshd (via systemctl): [ OK ] [root@linux-node3 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]# /etc/init.d/sshd start Starting sshd (via systemctl): [ OK ] [root@linux-node3 ~]# [root@linux-node3 ~]#
使用systemd方式也行
[root@linux-node3 ~]# systemctl stop sshd [root@linux-node3 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]# systemctl start sshd [root@linux-node3 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31958/sshd tcp6 0 0 :::22 :::* LISTEN 31958/sshd tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]# systemctl restart sshd [root@linux-node3 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31999/sshd tcp6 0 0 :::22 :::* LISTEN 31999/sshd tcp6 0 0 :::23 :::* LISTEN 1/systemd [root@linux-node3 ~]#
測試版本。都正常
[root@linux-node3 ~]# ssh -V OpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019 [root@linux-node3 ~]# [root@linux-node3 ~]# telnet 127.0.0.1 22 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. SSH-2.0-OpenSSH_8.0
若是不是生產機器。能夠試着重啓機器測試下登陸sshd是否正常。我這邊測試都沒問題
測試沒問題後能夠把telnet服務關閉了
[root@linux-node3 ~]# systemctl disable xinetd.service Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service. [root@linux-node3 ~]# systemctl stop xinetd.service [root@linux-node3 ~]# systemctl disable telnet.socket [root@linux-node3 ~]# systemctl stop telnet.socket [root@linux-node3 ~]# netstat -lntp
下面有一個神奇的二維碼,掃一下您可能失去2元錢!
相關文章
- 1. centos7 升級openssh到openssh-8.0p1版本
- 2. CentOS7 升級 openssh 到 openssh-8.0p1版本
- 3. centos7 openssh升級到最新版本
- 4. openssh升級到7.2版本
- 5. 【OpenSSH】CentOS7.x 上升級OpenSSH到8.3p1版本
- 6. 【OpenSSH】CentOS7.x 上升級OpenSSH到最新版本
- 7. 【轉載自CNBLOG】centos7 升級openssh版本
- 8. centos7升級到openssh 8.1
- 9. CentOS7升級OpenSSH
- 10. centos7 rpmbuild打包openssh8.0p1並升級
- 更多相關文章...
- • MySQL的版本以及版本號 - MySQL教程
- • SVN 版本回退 - SVN 教程
- • Kotlin學習(二)基本類型
- • Kotlin學習(一)基本語法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. centos7 升級openssh到openssh-8.0p1版本
- 2. CentOS7 升級 openssh 到 openssh-8.0p1版本
- 3. centos7 openssh升級到最新版本
- 4. openssh升級到7.2版本
- 5. 【OpenSSH】CentOS7.x 上升級OpenSSH到8.3p1版本
- 6. 【OpenSSH】CentOS7.x 上升級OpenSSH到最新版本
- 7. 【轉載自CNBLOG】centos7 升級openssh版本
- 8. centos7升級到openssh 8.1
- 9. CentOS7升級OpenSSH
- 10. centos7 rpmbuild打包openssh8.0p1並升級