RHEL6_CentOS6_Openssh8.0p1升級
建立軟體存放目錄:
--建立軟體存放目錄,並上傳OS映象、Openssh相關安裝包到soft目錄
[root@sshupdate ~]#
mkdir -p /soft
ll /soft/
mount OS系統映象
mount -o loop /soft/rhel-server-6.9-x86_64-dvd.iso /mnt/
df -h
結果如下:
/soft/rhel-server-6.9-x86_64-dvd.iso
3.7G 3.7G 0 100% /mnt
配置本地YUM源
[root@sshupdate ~]#
mkdir -p /etc/yum.repos.d/yumbak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/yumbak/
ll /etc/yum.repos.d/
[root@sshupdate ~]#
[root@sshupdate ~]# vi /etc/yum.conf
[rheldvd]
name=rheldvd
baseurl=file:///mnt
enabled=1
gpgcheck=0
[main]
[root@sshupdate ~]# yum list
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos,
: subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Installed Packages
ConsoleKit.x86_64 0.4.1-6.el6 @anaconda-RedHatEnterpriseLinux-201703082046.x86_64/6.9
ConsoleKit-libs.x86_64 0.4.1-6.el6 @anaconda-RedHatEnterpriseLinux-201703082046.x86_64/6.9
[root@sshupdate ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@sshupdate ~]#
關閉防火牆
[root@sshupdate ]#
service iptables stop
chkconfig iptables off
chkconfig iptables --list
結果如下:
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
安裝及配置telnet
[root@sshupdate ]# yum install telnet* -y
[root@sshupdate ]# vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
disable = yes --將yes修改為:no
}
[root@sshupdate ]# mv /etc/securetty /etc/securetty.old
[root@sshupdate ]#
service xinetd start
service xinetd restart
chkconfig xinetd on
chkconfig xinetd --list
結果如下:
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@sshupdate ]#
測試telnet
[root@sshupdate zlib-1.2.11]# telnet 192.168.147.129 或 telnet 192.168.147.129 22
Trying 192.168.147.129...
Connected to 192.168.147.129.
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.9 (Santiago)
Kernel 2.6.32-696.el6.x86_64 on an x86_64
sshupdate login: root ----輸入使用者名稱
Password: ----輸入密碼
Last login: Thu Jun 20 04:25:56 from 192.168.147.1
[root@sshupdate ~]#
[root@sshupdate ~]# exit --可以退出telnet操作也可以不退出
安裝openssh所需要元件
[root@sshupdate ]# yum install gcc pam-devel zlib-devel -y
解壓zlib庫檔案
[root@sshupdate ~]#
cd /soft/openssh-update-8.0p1/
tar -xvzf zlib-1.2.11.tar.gz
cd zlib-1.2.11
配置檢查-編譯-安裝zlib
[root@sshupdate zlib-1.2.11]#
./configure --prefix=/usr&&make&&make install
[root@sshupdate zlib-1.2.11]#
echo '/usr/lib' >> /etc/ld.so.conf
ldconfig
Cat /usr/lib
[root@sshupdate zlib-1.2.11]# ll /usr/lib/libz.so.1
lrwxrwxrwx. 1 root root 14 Jun 20 04:37 /usr/lib/libz.so.1 -> libz.so.1.2.11
[root@sshupdate zlib-1.2.11]# ll /usr/lib/libz.so
lrwxrwxrwx. 1 root root 14 Jun 20 04:37 /usr/lib/libz.so -> libz.so.1.2.11
檢視已安裝zlib庫
[root@sshupdate ]# rpm -qa|grep zlib
zlib-devel-1.2.3-29.el6.x86_64
zlib-1.2.3-29.el6.x86_64
刪除舊zlib庫
[root@sshupdate ]# rpm -e --nodeps zlib
[root@sshupdate ]#
[root@sshupdate ]# rpm -qa|grep zlib
rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
[root@sshupdate ]#
升級openssl
[root@sshupdate zlib-1.2.11]# find / -name openssl
/etc/pki/ca-trust/extracted/openssl
/usr/lib64/openssl
/usr/bin/openssl
[root@sshupdate zlib-1.2.11]#
[root@sshupdate zlib-1.2.11]#
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
[root@sshupdate zlib-1.2.11]#
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
[root@sshupdate zlib-1.2.11]# rpm -qa|grep openssl|xargs
openssl-1.0.1e-57.el6.x86_64
[root@sshupdate ~]#
rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}
rpm -qa|grep openssl |xargs
[root@sshupdate ~]#
cd /soft/openssh-update-8.0p1/
tar -xvzf openssl-1.0.2s.tar.gz
cd openssl-1.0.2s
./config --prefix=/usr/ --openssldir=/etc/ssl --shared zlib
make
make test
make install
檢視升級後Openssl版本
[root@sshupdate openssl-1.0.2s]# openssl version
OpenSSL 1.0.2s 28 May 2019
[root@sshupdate openssl-1.0.2s]#
恢復庫檔案
[root@sshupdate openssl-1.0.2s]#
mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10
mv /etc/ssh /etc/ssh.old
升級Openssh
rpm -qa|grep openssh
rpm -qa|grep openssh|xargs -i rpm -e --nodeps {}
rpm -qa|grep openssh
install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd/
groupadd -g 50 sshd
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
[root@sshupdate ]#
cd /soft/openssh-update-8.0p1/
tar -xvzf openssh-8.0p1.tar.gz
cd /soft/openssh-update-8.0p1/openssh-8.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam--with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd ---注:是一行命令;
make
make install
結果如下:
/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
[root@sshupdate openssh-8.0p1]#
[root@sshupdate openssh-8.0p1]#
install -v -m755 contrib/ssh-copy-id /usr/bin/
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.0p1
install -v -m744 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1/
[root@sshupdate openssh-8.0p1]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2s 28 May 2019
[root@sshupdate openssh-8.0p1]#
[root@sshupdate openssh-8.0p1]#
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
cat /etc/ssh/sshd_config
結果如下:
……………………省略…………………………
X11Forwarding yes
PermitRootLogin yes
[root@sshupdate openssh-8.0p1]#
[root@sshupdate openssh-8.0p1]#
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
ll /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig sshd --list
結果如下:
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@sshupdate openssh-8.0p1]#
[root@sshupdate openssh-8.0p1]# vi /etc/selinux/config
SELINUX=enforcing ----修改enforcing為:disabled --務必修改否則ssh無法正常登入
[root@sshupdate openssh-8.0p1]# reboot
[root@sshupdate ]#
[root@sshupdate ~]# vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
disable = no --將no修改為:yes
}
[root@sshupdate ~]#
[root@sshupdate ~]# mv /etc/securetty.old /etc/securetty
[root@sshupdate ~]#
service xinetd stop
chkconfig xinetd off
chkconfig xinetd --list
結果如下:
xinetd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@sshupdate ~]#
方法二:
mount -o loop /soft/rhel-server-6.9-x86_64-dvd.iso /mnt/
yum remove telnet* -y
[root@sshupdate ~]#
[root@sshupdate ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2s 28 May 2019
[root@sshupdate ~]#
[root@sshupdate ~]#
[root@sshupdate ~]# reboot --重啟正常登入即可
[root@sshupdate ~]#
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/31520497/viewspace-2703084/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Nacos 爆重大 Bug!!不要升級,不要升級,不要升級
- Truffle 2.0升級3.0升級指南
- oracle 10 rac 升級 10.2.0.1升級到10.2.0.5Oracle
- (十二).NET6 + React :升級!升級!還是***升級!!!+ IdentityServer4實戰ReactIDEServer
- Jenkins升級Jenkins
- 升級pythonPython
- ES升級
- Nginx升級Nginx
- 資料庫升級之-Dataguard滾動升級資料庫
- mongodb單機從3.2升級到4.0.4升級MongoDB
- macOS 11.0怎麼升級?macOS Big Sur 升級教程Mac
- 全站HTTPS升級系列(一)升級前的科普工作HTTP
- win10升級11102升級失敗怎麼辦_win10升級11102升級一直失敗修復方法Win10
- 如何升級 pip
- nginx平滑升級Nginx
- 麒麟核心升級
- aix升級opensshAI
- godot shader 升級Go
- Ubuntu升級opensshUbuntu
- IT 基礎升級
- Windows 升級 powershellWindows
- Linux升級GCCLinuxGC
- Brew Elasticsearch 升級Elasticsearch
- Linux核心升級Linux
- mysql的升級MySql
- NiFi版本升級Nifi
- Zurmo – – 升級指南
- 升級APEX 元件元件
- gcc版本升級GC
- node 版本升級
- python版本升級Python
- selenium的升級與降級
- ABP Framework 手動升級指南:從6.0.1升級到7.0.0Framework
- 12. Oracle版本、補丁及升級——12.3. 升級Oracle
- 【ERP升級】確保正確升級,完成收益最大化
- 全站HTTPS升級系列(四)專案程式碼升級改造HTTP
- 有關 TiDB 升級的二三事——教你如何快樂升級TiDB
- 靜默升級oracle 11g (從11.2.0.1升級到11.2.0.4)Oracle