目前在openEuler2203 LTS上測試透過
#!/bin/bash . /etc/os-release OpensslVersion=3.3.1 OpensslVersion1=`openssl version | awk '{print $2}'` OpensshVersion=9.8p1 CURRENT_DATE=$(date +%Y%m%d%H%M%S) echo -e "\e[1;35m====================================================================\e[0m" echo -e "\e[1;35m現在已安裝的版本\e[0m" ssh -V echo -e "\e[1;35m本次安裝的版本是openssl-${OpensslVersion}\e[0m" echo -e "\e[1;35m本次升級的安裝版本openssh-${OpensshVersion}\e[0m" echo -e "\e[1;35m離線安裝,請提前準備好對應版本的壓縮包放在root目錄下\e[0m" echo -e "\e[1;35m====================================================================\e[0m" echo -e "\e[1;35m不想安裝請在五秒內終止指令碼\e[0m\n" for i in {5..1} do echo -n "${i} " echo -ne "\r" sleep 1 done check_system(){ #if [ $ID = 'openEuler' ];then # echo -e "\e[1;35m檢測系統為openEuler,指令碼支援執行\e[0m" #else # echo -e "\e[1;33m檢測系統不是openEuler,指令碼不支援\e[0m" # exit #fi if [ $ID = "openEuler" -o $ID = "kylin" ]; then echo -e "\e[1;31m當前系統是:$NAME,版本號:$VERSION_ID\e[0m" else echo -e "\e[1;31m當前系統指令碼不支援。\e[0m" fi } check_openssl_version(){ if [[ ${OpensslVersion1} < 3 ]];then echo -e "\e[1;35m檢測到OpenSSL版本低於3,支援升級。\e[0m" else echo -e "\e[1;33m當前OpenSSL版本高於3,指令碼不支援\e[0m" exit fi } if [ -e "/root/$0" ];then echo -e "" else echo -e "\e[1;33m請將指令碼檔案放在root目錄下執行\e[0m" exit fi check_files() { local files=( "/root/openssl-${OpensslVersion}.tar.gz" "/root/openssh-${OpensshVersion}.tar.gz" ) for file in "${files[@]}"; do if [ ! -e "$file" ]; then echo -e "\e[1;33m檔案 $file 不存在,請放置在 /root 目錄。\e[0m" exit 1 fi done echo -e "\e[1;35m所有必要檔案均已存在。\e[0m" } #check_file(){ # local file=$1 # local description=$2 # if [ -e "$file" ]; then # echo -e "\e[1;35m${description}檔案存在\e[0m" # else # echo -e "\e[1;33m${description}檔案不存在,請將檔案放在root目錄下\e[0m" # exit # fi #heck_file "/root/openssl-${OpensslVersion}.tar.gz" "openssl-${OpensslVersion}" #heck_file "/root/openssh-${OpensshVersion}.tar.gz" "openssh-${OpensshVersion}" #if [ -e "/root/openssl-${OpensslVersion}.tar.gz" ];then # echo -e "\e[1;35mopenssl-${OpensslVersion}檔案存在\e[0m" #else # echo -e "\e[1;33mopenssl-${OpensslVersion}檔案不存在,請將檔案放在root目錄下\e[0m" # exit #fi #if [[ -e "/root/openssh-${OpensshVersion}.tar.gz" ]];then # echo -e "\e[1;35mopenssh-${OpensshVersion}檔案存在\e[0m" #else # echo -e "\e[1;33mopenssh-${OpensshVersion}檔案不存在,請將檔案放在root目錄下\e[0m" # exit #fi #yum clean all #yum makecache sofeware_install(){ echo -e "\e[1;35m===================================================安裝telnet===================================================\e[0m" software=( "telnet" "telnet-server" "xinetd" ) for i in ${software[@]} do rpm -q $i &> /dev/null && echo -e "$i\t\e[1;32m已安裝\e[0m" || { yum -y install $i &> /dev/null; echo -e "$i\t\e[1;35m安裝成功\e[0m" ; } done systemctl enable --now xinetd.service systemctl enable --now telnet.socket cat >>/etc/securetty<<EOF pts/0 pts/1 EOF echo -e "\e[1;35m手動測試telnet連線是否正常\e[0m" } update_openssl(){ echo -e "\e[1;35m===================================================升級openssl===================================================\e[0m" #yum install -y gcc gcc-c++ glibc make software=( "tar" "gcc" "gcc-c++" "openssl-devel" "zlib-devel" "make" "glibc" "autoconf" "pcre-devel" "pam-devel" "pam*" ) for i in ${software[@]} do rpm -q $i &> /dev/null && echo -e "$i\t\e[1;32m已安裝\e[0m" || { yum -y install $i &> /dev/null; echo -e "$i\t\e[1;35m安裝成功\e[0m" ; } done tar -zxvf /root/openssl-${OpensslVersion}.tar.gz if [ -e /root/openssl-${OpensslVersion} ];then echo -e "\e[1;35mopenssl解壓成功\e[0m" else echo -e "\e[1;35mopenssl解壓失敗\e[0m" exit fi cd /root/openssl-${OpensslVersion} ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib make && make install || { echo -e "\e[1;31m編譯或安裝失敗,執行make clean 重新編譯\e[0m"; exit 1; } sudo mv /usr/bin/openssl /usr/bin/openssl-${CURRENT_DATE} sudo ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl sudo echo "/usr/local/openssl/lib" >> /etc/ld.so.conf #echo "/usr/local/openssl/lib64" >> /etc/ld.so.conf.d/openssl.conf echo "/usr/local/openssl/lib64" | sudo tee /etc/ld.so.conf.d/openssl-3.conf sudo ldconfig cd #檢視版本 是否安裝成功 echo -e "\e[1;35m===================================================升級後版本===================================================\e[0m" ldconfig openssl version } sleep 5 update_openssh(){ echo -e "\e[1;35m===================================================升級openssh===================================================\e[0m" tar zxf /root/openssh-${OpensshVersion}.tar.gz if [ -e /root/openssh-${OpensshVersion} ];then echo -e "\e[1;35mopenssh解壓成功\e[0m" else echo -e "\e[1;35mopenssh解壓失敗\e[0m" exit fi cd /root/openssh-${OpensshVersion}/ ./configure --with-ssl-dir=/usr/local/openssl #./configure --with-ssl-dir=/usr/local/openssl \ # --with-cflags="-I/usr/local/openssl/include" \ # --with-libs="/usr/local/openssl/lib64" make && make install || { echo -e "\e[1;31m編譯或安裝失敗,執行make clean 重新編譯\e[0m"; exit 1; } systemctl restart sshd sleep 3 echo -e "\e[1;35m===================================================更新後openssh版本===================================================\e[0m" #export LD_LIBRARY_PATH=/usr/local/openssl/lib64:$LD_LIBRARY_PATH echo 'export LD_LIBRARY_PATH=/usr/local/openssl/lib64:${LD_LIBRARY_PATH:-""}' >> /etc/profile echo "export PATH=/usr/local/bin:$PATH" >>/etc/profile ldconfig source /etc/profile ssh -V } main() { check_system check_openssl_version check_files sofeware_install update_openssl update_openssh } main "$@"