centos7.3和centos7.6升级完毕测试登录ssh以及重启后登录ssh均无问题。

前期请自行配置好yum源(如果不会请百度)

整个过程不需要卸载原先的openssl包和openssh的rpm包。不影响我们的操作

本文的环境都是系统自带的openssh,没有经历过手动编译安装方式。如果之前有手动编译安装过openssh,请参照本文自行测试是否能成功。

如果严格参照本文操作,我保证你升级没问题

centos7.6升级后的效果

[root@testssh ~]# ssh -V

OpenSSH_8.0p1, OpenSSL 1.0.2r   Feb

[root@testssh ~]# openssl version

OpenSSL 1.0.2r   Feb 

[root@testssh ~]# cat /etc/redhat-release

CentOS Linux release 7.6. (Core)

[root@testssh ~]#

 安装依赖包

升级需要几个组件,有些是和编译相关的等

[root@linux-node3 ~]# yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirrors..com

 * epel: mirrors.aliyun.com

 * extras: mirrors.cn99.com

 * updates: mirrors.cn99.com

Package gcc-4.8.-.el7_6..x86_64 already installed and latest version

Package gcc-c++-4.8.-.el7_6..x86_64 already installed and latest version

Package glibc-2.17-.el7_6..x86_64 already installed and latest version

Package :make-3.82-.el7.x86_64 already installed and latest version

Package autoconf-2.69-.el7.noarch already installed and latest version

Package :openssl-1.0.2k-.el7_6..x86_64 already installed and latest version

Package :openssl-devel-1.0.2k-.el7_6..x86_64 already installed and latest version

Package pcre-devel-8.32-.el7.x86_64 already installed and latest version

Package pam-devel-1.1.-.el7.x86_64 already installed and latest version

Nothing to do

[root@linux-node3 ~]#

安装pam和zlib等(后面的升级操作可能没用到pam,安装上也没啥影响,如果不想安装pam请自行测试)

[root@linux-node3 ~]# yum install  -y pam* zlib*

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirrors..com

 * epel: mirrors.aliyun.com

 * extras: mirrors.cn99.com

 * updates: mirrors.cn99.com

Package pam_yubico-2.26-.el7.x86_64 already installed and latest version

Package pam_script-1.1.-.el7.x86_64 already installed and latest version

Package pam_oath-2.4.-.el7.x86_64 already installed and latest version

Package pam_snapper-0.2.-.el7.x86_64 already installed and latest version

Package pam_ssh_agent_auth-0.10.-2.16.el7.x86_64 already installed and latest version

Package pam_2fa-1.0-.el7.x86_64 already installed and latest version

Package pam_mapi-0.3.-.el7.x86_64 already installed and latest version

Package pam_ssh_user_auth-1.0-.el7.x86_64 already installed and latest version

Package pam_mount-2.16-.el7.x86_64 already installed and latest version

Package pam_radius-1.4.-.el7.x86_64 already installed and latest version

Package pamtester-0.1.-.el7.x86_64 already installed and latest version

Package pam_afs_session-2.6-.el7.x86_64 already installed and latest version

Package pam_pkcs11-0.6.-.el7.x86_64 already installed and latest version

Package pam-1.1.-.el7.x86_64 already installed and latest version

Package pam_ssh-2.3-.el7.x86_64 already installed and latest version

Package :pam_url-0.3.-.el7.x86_64 already installed and latest version

Package pam_wrapper-1.0.-.el7.x86_64 already installed and latest version

Package pam-kwallet-5.5.-.el7.x86_64 already installed and latest version

Package pam-devel-1.1.-.el7.x86_64 already installed and latest version

Package pam_krb5-2.4.-.el7.x86_64 already installed and latest version

Package zlib-devel-1.2.-.el7.x86_64 already installed and latest version

Package zlib-static-1.2.-.el7.x86_64 already installed and latest version

Package zlib-1.2.-.el7.x86_64 already installed and latest version

Package zlib-ada-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest version

Package zlib-ada-devel-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest version

Nothing to do

[root@linux-node3 ~]#

下载openssh包和openssl的包

我们都下载最新版本,下载箭头指的包

https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

https://ftp.openssl.org/source

/

 开始安装openssl

个人习惯把安装包或者工具之类的放下面目录。根据个人喜好随便放,不影响安装

[root@linux-node3 ~]# mkdir /data/tools -p

[root@linux-node3 ~]# cd /data/tools/

[root@linux-node3 /data/tools]# rz -E

rz waiting to receive.

[root@linux-node3 /data/tools]# ll

total

-rw-r--r--  root root  Apr  : openssl-1.0.2r.tar.gz

解压文件

[root@linux-node3 /data/tools]# tar xfz openssl-1.0.2r.tar.gz

[root@linux-node3 /data/tools]# ll

total

drwxr-xr-x  root root     Apr  : openssl-1.0.2r

-rw-r--r--   root root  Apr  : openssl-1.0.2r.tar.gz

[root@linux-node3 /data/tools]# cd

[root@linux-node3 ~]#

现在是系统默认的版本,等会升级完毕对比下

[root@linux-node3 ~]# openssl version

OpenSSL 1.0.2k-fips   Jan

[root@linux-node3 ~]#

备份下面2个文件或目录(如果存在的话就执行)

[root@linux-node3 ~]# mv /usr/bin/openssl  /usr/bin/openssl_bak

[root@linux-node3 ~]# ll /usr/include/openssl

total

-rw-r--r--  root root    Mar  : aes.h

-rw-r--r--  root root   Mar  : asn1.h

-rw-r--r--  root root   Mar  : asn1_mac.h

-rw-r--r--  root root   Mar  : asn1t.h

-rw-r--r--  root root   Mar  : bio.h

-rw-r--r--  root root    Mar  : blowfish.h

......

[root@linux-node3 ~]# mv /usr/include/openssl /usr/include/openssl_bak

  

编译安装新版本的openssl

配置、编译、安装3个命令一起执行

&&符号表示前面的执行成功才会执行后面的

[root@linux-node3 ~]# cd /data/tools/openssl-1.0.2r/

[root@linux-node3 /data/tools/openssl-1.0.2r]# ./config shared && make && make install

下面2个文件或者目录做软链接 (刚才前面的步骤mv备份过原来的)

[root@linux-node3 ~]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

[root@linux-node3 ~]# ln -s /usr/local/ssl/include/openssl /usr/include/openssl

[root@linux-node3 ~]# ll /usr/bin/openssl

lrwxrwxrwx  root root  Apr  : /usr/bin/openssl -> /usr/local/ssl/bin/openssl

[root@linux-node3 ~]# ll /usr/include/openssl -ld

lrwxrwxrwx  root root  Apr  : /usr/include/openssl -> /usr/local/ssl/include/openssl

[root@linux-node3 ~]#

命令行执行下面2个命令加载新配置

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

/sbin/ldconfig

查看确认版本。没问题

[root@testssh ~]# openssl version

OpenSSL 1.0.2s   May

 安装openssh 

上传openssh的tar包并解压

[root@testssh ~]# cd /data/tools/

[root@testssh tools]# ll

total

-rw-r--r--   root root  Apr  : openssh-.0p1.tar.gz

drwxr-xr-x  root root     Apr  : openssl-1.0.2r

-rw-r--r--   root root  Feb  : openssl-1.0.2r.tar.gz

-rwxr-xr-x   root root   Apr    sshd

[root@testssh tools]# tar xfz openssh-.0p1.tar.gz

[root@testssh tools]# cd openssh-.0p1

可能文件默认显示uid和gid数组都是1000,这里重新授权下。不授权可能也不影响安装(请自行测试)

[root@testssh tools]# chown -R root.root /data/tools/openssh-.0p1
 安全隐藏 SSH版本号:
telnet  172.16.230.21

Connecting to 172.16.230.21:...

Connection established.

To escape to local shell, press 'Ctrl+Alt+]'.

SSH-2.0-OpenSSH_7.4

修改

[root@node1 openssh-.0p1]# vim version.h

#define SSH_VERSION     "SenyintSSH"

#define SSH_PORTABLE    ""

#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE

编译后,显示结果

telnet 172.16.230.21 

Connecting to 172.16.230.21:...

Connection established.

To escape to local shell, press 'Ctrl+Alt+]'.

SSH-2.0-SenyintSSH

  

命令行删除原先ssh的配置文件和目录

然后配置、编译、安装

注意下面编译安装的命令是一行,请把第一行末尾的 \ 去掉,然后在文本里弄成一行之后放命令行执行

rm -rf /etc/ssh/*

./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include \

 --with-ssl-dir=/usr/local/ssl   --with-zlib   --with-md5-passwords   --with-pam  && make && make install

参考下我的截图

修改配置文件最终为如下内容,其他的不要动

[root@linux-node3 ~]# grep "^PermitRootLogin"  /etc/ssh/sshd_config

PermitRootLogin yes

[root@linux-node3 ~]# grep  "UseDNS"  /etc/ssh/sshd_config

UseDNS no

[root@linux-node3 ~]#

从原先的解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖)

(可能下面的ssh.pam文件都没用到,因为sshd_config配置文件貌似没使用它,请自行测试。我这边是拷贝了)

[root@linux-node3 /data/tools/openssh-.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd

[root@linux-node3 /data/tools/openssh-.0p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

[root@linux-node3 /data/tools/openssh-.0p1]# chmod +x /etc/init.d/sshd

[root@linux-node3 /data/tools/openssh-.0p1]# chkconfig --add sshd

[root@linux-node3 /data/tools/openssh-.0p1]# systemctl enable sshd

[root@linux-node3 /data/tools/openssh-.0p1]#

 把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务

[root@linux-node3 ~]# mv  /usr/lib/systemd/system/sshd.service  /data/

设置sshd服务开机启动

[root@linux-node3 ~]# chkconfig sshd on

Note: Forwarding request to 'systemctl enable sshd.socket'.

Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.

接下来测试启停服务。都正常

以后管理sshd通过下面方式了

[root@linux-node3 ~]# /etc/init.d/sshd restart

Restarting sshd (via systemctl):                           [  OK  ]

[root@linux-node3 ~]#

[root@linux-node3 ~]#

[root@linux-node3 ~]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp               0.0.0.0:              0.0.0.0:*               LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /systemd

[root@linux-node3 ~]# /etc/init.d/sshd stop

Stopping sshd (via systemctl):                             [  OK  ]

[root@linux-node3 ~]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp6              :::                   :::*                    LISTEN      /systemd

[root@linux-node3 ~]# /etc/init.d/sshd start

Starting sshd (via systemctl):                            [  OK  ]

[root@linux-node3 ~]#

[root@linux-node3 ~]#

使用systemd方式也行

[root@linux-node3 ~]# systemctl stop sshd

[root@linux-node3 ~]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp6              :::                   :::*                    LISTEN      /systemd

[root@linux-node3 ~]# systemctl start sshd

[root@linux-node3 ~]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp               0.0.0.0:              0.0.0.0:*               LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /systemd

[root@linux-node3 ~]# systemctl restart sshd

[root@linux-node3 ~]# netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp               0.0.0.0:              0.0.0.0:*               LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /sshd

tcp6              :::                   :::*                    LISTEN      /systemd

[root@linux-node3 ~]#

测试版本。都正常

[root@linux-node3 ~]# ssh -V

OpenSSH_8.0p1, OpenSSL 1.0.2r   Feb

[root@linux-node3 ~]#

[root@linux-node3 ~]# telnet 127.0.0.1

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

SSH-2.0-OpenSSH_8.

引用: https://www.cnblogs.com/nmap/p/10779658.html

centos7.6 升级openssh openssl的更多相关文章

  1. CentOS7.5升级OpenSSH

    实验环境 OS:CentOS 7.5 当前openssh版本:OpenSSH_7.4p1 升级后的openssh版本:OpenSSH_8.0p1 开通telnet 为了防止升级过程中ssh断连,保险起 ...

  2. centos7 升级openssh到openssh-8.0p1版本

    环境介绍 centos7.3和centos7.6升级完毕测试登录ssh以及重启后登录ssh均无问题. 前期请自行配置好yum源(如果不会请百度) 整个过程不需要卸载原先的openssl包和openss ...

  3. openssh/openssl升级到7.4和1.0.2j 源码方式

    #!/bin/bashtar -xvf openssh-7.4p1.tar.gztar -xvf openssl-1.0.2j.tar.gz 升级 openssl 到1.0.2jcd openssl- ...

  4. 升级openssh基于openssl

    OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all tra ...

  5. 升级OPENSSH 和 OPENSSL

    升级OPENSSH 和 OPENSSL   首先安装telnet服务,防止在操作过程中导致ssh远程中断   # 安装Telnetyum install telnet-server -y chkcon ...

  6. centos7升级openssh

    注意: openssl版本(openssl版本要大于1.0.1,zlib版本要大于1.1.4) 一.安装依赖包 yum -y install gcc make perl # zlib zlib-dev ...

  7. CentOS 6.9 升级OpenSSH版本 关闭ssh服务后门

    最近用低版本的OpenSSH(5.9p1版本) 的漏洞给系统留了个后门 , 可以劫持root密码或者给root开启后门密码 : 利用Openssh后门 劫持root密码 如果公司还在用CentOS6的 ...

  8. CentOS 升级 openSSH

    openSSH作为linux远程连接工具,容易受到攻击,必须更新版本来解决,低版本有如下等漏洞: a. OpenSSH 远程代码执行漏洞(CVE-2016-10009) b.  OpenSSH aut ...

  9. centos6升级openssh至7.9

    1.为了防止升级失败登陆不了,所以需要安装telnet mkdir /root/ssh_updateyum install -y telnet-serveryum install -y xinetd ...

随机推荐

  1. noi.ac #39 MST

    MST 模板题 #include <iostream> #include <cstdio> #include <algorithm> #include <cm ...

  2. select和C标签

    <select name="cpcyModel.rwzj" id="cpcyModel_rwzj"> <option value=" ...

  3. 沸腾换热UDF【转载】

    #include "udf.h"    //包括常规宏 #include "sg_mphase.h"    // 包括体积分数宏 CVOF(C,T) #defi ...

  4. kubernetes(K8S)集群及Dashboard安装配置

    环境准备 机器信息 主机名 操作系统 IP地址 K8sm-218 Centos 7.5-x86_64 172.17.0.218 k8s-219 Centos 7.5-x86_64 172.17.0.2 ...

  5. 【论文阅读】DCAN: Deep Contour-Aware Networks for Accurate Gland Segmentation

    DCAN: Deep Contour-Aware Networks for Accurate Gland Segmentation 作者:Hao Chen Xiaojuan Qi Lequan Yu ...

  6. 反手来个K8S入门到跑路

    layout: post title: 反手来个K8S入门到跑路 category: linux date: 2019-06-09 tags: linux k8s 反手来个K8S入门到跑路 前言 放假 ...

  7. 第一步,怎么打开react的大门?

    前言 其实我的react的实战经验很少,大概是17年-18年写了一个react全家桶的后台管理系统.猜测这个项目应该还一直在使用 在我手里的vue项目就比较多了,技术栈一直是vue全家桶.最近也在深入 ...

  8. 第十一周助教工作总结——NWNU李泓毅

    助教博客链接:https://www.cnblogs.com/NWNU-LHY/ 本次作业的要求:原型设计:https://www.cnblogs.com/nwnu-daizh/p/10761596. ...

  9. Sequence contains no elements

    这个错误,在使用List<T>的First函数遇到. Sequence contains no elements? From "Fixing LINQ Error: Sequen ...

  10. 屏幕录制 -- web前端

    前端使用html5.ffmpeg实现录屏摄像等功能 https://tong-h.github.io/2018/11/06/streamcapture/ JSCapture – 基于 HTML5 实现 ...