oraclelinux9.2內網升級OpenSSH9.8p1

oraclelinux9.2內網升級OpenSSH9.8p1

#備份SSH
mkdir -p /etc/sshbak
cp -rf /etc/ssh/* /etc/sshbak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /etc/pam.d /etc/pam.d.bak
cp -rf /usr/lib/systemd/system /system.bak

dnf install -y gcc gcc-c++

#上傳3個壓縮包，下載地址如下
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
https://www.openssl.org/source/openssl-3.2.1.tar.gz
https://www.zlib.net/zlib-1.3.1.tar.xz

#把包放在/usr/local/src
mv openssh-9.8p1.tar.gz /usr/local/src
mv openssl-3.2.1.tar.gz /usr/local/src
mv zlib-1.3.1.tar.gz /usr/local/src

#解壓包
cd /usr/local/src/
tar -zxvf zlib-1.3.1.tar.gz
tar -zxvf openssl-3.2.1.tar.gz
tar -zxvf openssh-9.8p1.tar.gz

#安裝zlib-1.3.1
cd /usr/local/src/zlib-1.3.1
./configure --prefix=/usr/local/src/zlib
make -j 4 && make test && make install

#解除安裝，注意一定要多開幾個連線，否則一旦掉線，就上不去伺服器了
#記得備份OPENSSH
dnf remove -y openssh

dnf install -y perl

cd /usr/local/src/openssl-3.2.1
#2.配置
./config --prefix=/usr/local/src/openssl
#3.編譯及安裝（編譯時間預計幾分鐘，視機器而定）
make -j 4 && make install

#4.配置
mv /usr/bin/openssl /usr/bin/oldopenssl
ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
#5.更新動態庫
export LD_LIBRARY_PATH=/usr/local/src/openssl-3.2.1:$LD_LIBRARY_PATH
openssl version -v
#顯示OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
#有效以後，輸入下面內容
vi ~/.bashrc
#在檔案最後一行輸入如下內容
export LD_LIBRARY_PATH=/usr/local/src/openssl-3.2.1:$LD_LIBRARY_PATH
#然後儲存退出後輸入
source ~/.bashrc

#1.進入openssh-9.8p1目錄
cd /usr/local/src/openssh-9.8p1
#2.配置
./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
#3.編譯及安裝
make -j 4 && make install
#4.報錯資訊如下make: [Makefile:396：check-config] 錯誤 1 (已忽略）
#修改許可權
chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key
#5.複製新ssh檔案
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
ssh -V
#6.允許root登入
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
#7.進入備份檔案，把sshd服務複製到/usr/lib/systemd/system/
cd /system.bak
cp sshd.service /usr/lib/systemd/system/sshd.service
vim /usr/lib/systemd/system/sshd.service
#需要修改啟動方式
#把Type=notify改成Type=simple
systemctl daemon-reload
systemctl restart sshd
systemctl enable sshd
systemctl status sshd

#補如果內網無法使用dnf，就去https://www.rpmfind.net/下載你要的RPM包
安裝命令rpm -ivh *.rpm --nodeps --force