openssh 升級筆記

最新版openssh 6.6p1  openssl 1.0.1l 升級，碰到一些問題，作了筆記。

開啓telnet,SSH不能工做時，也能夠用telnet

vi /etc/xinetd.d/krb5-telnet

        service telnet

{

        flags           = REUSE

        socket_type     = stream

        wait            = no

        user            = root

        server          = /usr/kerberos/sbin/telnetd

        log_on_failure  += USERID

        disable         = no

}

servcie xinetd restart

1、zlib升級

解壓zlib

make uninstall

./configure-prefix=/usr/local/zlib

make

makeinstall

 

在/etc/profile中加入如下，從新登陸生效。

 LIBRARY_PATH=/usr/local/zlib-1.2.8/lib/:$LIBRARY_PATH

export  LIBRARY_PATH

LD_LIBRARY_PATH=/usr/local/zlib-1.2.8/lib/:$LD_LIBRARY_PATH

export  LD_LIBRARY_PATH

C_INCLUDE_PATH=/usr/local/zlib-1.2.8/include/:$C_INCLUDE_PATH

exportC_INCLUDE_PATH

2、Openssl升級

解壓opensll

./config  --openssldir=/usr/local/openssl shared zlib

 

make

make test

make install

 

/etc/profile中加入如下，從新登陸生效。

PATH=/usr/local/openssl/bin:$PATH

export PATH

 

 

echo"/usr/local/openssl/lib" >> /etc/ld.so.conf

 

ldconfig -v|grep local

 

openssl version -a

openssh升級

 

 rpm -e `rpm -qa|grep openssh` 

 

./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam  --with-md5-passwords    --mandir=/usr/share/man --with-zlib=/usr/local/zlib  --with-ssl-dir=/usr/local/openssl

make

make install

 

如下步驟不加會報錯，由於openssh升級了，之前的參數不適應。

cp -p  contrib/redhat/sshd.init /etc/init.d/sshd

chmod u+x  /etc/init.d/sshd

chkconfig  --add  sshd

chkconfig  sshd on

cp /usr/local/openssh/sbin/sshd  /usr/sbin/sshd

 cp /usr/local/openssh/bin/ssh-keygen /usr/bin/

/etc/profile

PATH=/usr/local/openssh/bin/:$PATH

export PATH

 

service sshd restart

 最後關閉telnet

vi /etc/xinetd.d/krb5-telnet

        service telnet

{

        flags           = REUSE

        socket_type     = stream

        wait            = no

        user            = root

        server          = /usr/kerberos/sbin/telnetd

        log_on_failure  += USERID

        disable         = yes

}

servcie xinetd restart