CentOS系统升级OpenSSH版本

一 、CentOS 6.x 升级 OpenSSH

1、查看环境:

[[email protected] ~]# lsb_release -a
LSB Version:    :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID:    CentOS
Description:    CentOS release 6.6 (Final)
Release:    6.6
Codename:    Final
[[email protected] ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[[email protected] ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

2、备份ssh目录(重要)并安装telnet(避免ssh升级出现问题,导致无法远程管理)

[[email protected] ~]# cp -rf /etc/ssh /etc/ssh.bak

  安装并配置telnet

[[email protected] ~]# yum -y install telnet telnet-server
[[email protected] ~]# vi /etc/xinetd.d/telnet

# default: on
# description: The telnet server serves telnet sessions; it uses #    unencrypted username/password pairs for authentication.
service telnet
{
    flags        = REUSE
    socket_type    = stream
    wait        = no
    user        = root
    server        = /usr/sbin/in.telnetd
    log_on_failure    += USERID
    disable        = yes
}

  默认不允许root用户的登陆,将disable=yes 修改为 no

[[email protected] ~]# vi /etc/securetty
// 增加以下内容,如果登录用户较多,需要更多的pts/*
pts/0
pts/1
pts/2

  配置完成后启动telnet服务

[[email protected] ~]# service xinetd start
[[email protected] ~]# service xinetd status
xinetd (pid  28430) is running...

  注:ssh升级后建议再修改,还原设置

3、OpenSSH安装

  3.1 安装依赖包

[[email protected] ~]# yum install -y gcc openssl-devel pam-devel rpm-build

  3.2 下载安装包

[[email protected] Downloads]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz

  3.3 解压并编译安装

[[email protected] Downloads]# tar -zxvf openssh-7.8p1.tar.gz
[[email protected] Downloads]# cd openssh-7.8p1
[[email protected] openssh-7.8p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
[[email protected] openssh-7.8p1]# make && make install

  3.4 配置OpenSSH

[[email protected] openssh-7.8p1]# vi /etc/ssh/sshd_config
// 将 #PermitRootLogin yes   修改为   PermitRootLogin yes
// 或者执行如下命令
[[email protected] openssh-7.8p1]# sed -i ‘/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/‘ /etc/ssh/sshd_config

  3.5 重启sshd服务

[[email protected] openssh-7.8p1]# service sshd restart
[[email protected] openssh-7.8p1]# service sshd status
openssh-daemon (pid  28331) is running...[[email protected] openssh-7.8p1]# ssh -VOpenSSH_7.8p1, OpenSSL 1.0.1e-fips 11 Feb 2013

二、CentOS 7.x 升级 OpenSSH

1、查看环境:

[[email protected] ~]# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID:    CentOS
Description:    CentOS Linux release 7.2.1511 (Core)
Release:    7.2.1511
Codename:    Core
[[email protected] ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[[email protected] ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

2、同上,备份ssh目录(重要)并安装telnet(避免ssh升级出现问题,导致无法远程管理)

[[email protected] ~]# cp -rf /etc/ssh /etc/ssh.bak

  安装并配置telnet

[[email protected] ~]# yum -y install telnet telnet-server
[[email protected] ~]# vi /etc/xinetd.d/telnet

    #default:yes
    ## description: The telnet server servestelnet sessions; it uses \
    ## unencrypted username/password pairs for authentication.
    service telnet
    {
      flags = REUSE
      socket_type = stream
      wait = no
      user = root
      server =/usr/sbin/in.telnetd
      log_on_failure += USERID
      disable = yes
    }

  默认不允许root用户的登陆,将disable=yes 修改为 no

[[email protected] ~]# vi /etc/securetty
// 增加以下内容,如果登录用户较多,需要更多的pts/*
pts/0
pts/1
pts/2

  配置完成后启动telnet服务

[[email protected] ~]# systemctl start xinetd
[[email protected] ~]# systemctl status xinetd
● xinetd.service - Xinetd A Powerful Replacement For Inetd
   Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-12-17 10:45:35 CST; 23h ago
 Main PID: 4217 (xinetd)
   CGroup: /system.slice/xinetd.service
           └─4217 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid

  注:ssh升级后建议再修改,还原设置

3、OpenSSH安装

  3.1 安装依赖包

[[email protected] ~]# yum install -y gcc openssl-devel pam-devel rpm-build

  3.2 下载安装包

  OpenSSH需要依赖zlib和OpenSSL,因此需要从官网下载三者的源码包。三者源码下载地址:
             http://www.zlib.net/

http://www.openssl.org/

http://www.openssh.org/

分别下载openssh-7.8p1.tar.gz、openssl-1.0.2m.tar.gz和zlib-1.2.11.tar.gz

[[email protected] Downloads]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
[[email protected] Downloads]# wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2m.tar.gz
[[email protected] Downloads]# wget http://www.zlib.net/zlib-1.2.11.tar.gz
[[email protected] Downloads]# ll
total 7300
-rw-r--r--. 1 root root 1548026 Aug 24 07:53 openssh-7.8p1.tar.gz
-rw-r--r--. 1 root root 5373776 Nov 2 2017 openssl-1.0.2m.tar.gz
-rw-r--r--. 1 root root 607698 Jan 16 2017 zlib-1.2.11.tar.gz

  3.3 编译并安装配置zlib、openssl

// 编译安装zlib
[[email protected] Downloads]# tar -zxvf zlib-1.2.11.tar.gz
[[email protected] Downloads]# cd zlib-1.2.11/
[[email protected] zlib-1.2.11]# ./configure --prefix=/usr/local/zlib-1.2.11 -share
[[email protected] zlib-1.2.11]# make && make install
[[email protected] zlib-1.2.11]# vi /etc/ld.so.conf              // 配置库文件搜索路径,在最后加入/usr/local/zlib-1.2.11/lib
[[email protected] zlib-1.2.11]# ldconfig -v                     // 刷新缓存文件/etc/ld.so.cache
[[email protected] zlib-1.2.11]# ln -s /usr/local/zlib-1.2.11 /usr/local/zlib
[[email protected] zlib-1.2.11]# cd /root/Downloads/
// 编译安装openssl
[[email protected] Downloads]# tar -zxvf openssl-1.0.2m.tar.gz
[[email protected] Downloads]# cd openssl-1.0.2m/
[[email protected] openssl-1.0.2m]# ./config --prefix=/usr/local/openssl-1.0.2m --with-zlib-lib=/usr/local/zlib-1.2.11/lib --with-zlib-include=/usr/local/zlib-1.2.11/include
[[email protected] openssl-1.0.2m]# make && make install
[[email protected] openssl-1.0.2m]# vi /etc/ld.so.conf           // 配置库文件搜索路径,在最后加入/usr/local/openssl-1.0.2m/lib
[[email protected] openssl-1.0.2m]# ldconfig -v                  // 刷新缓存文件/etc/ld.so.cache
[[email protected] openssl-1.0.2m]# ln -s /usr/local/openssl-1.0.2m /usr/local/openssl
[[email protected] openssl-1.0.2m]# vi /etc/profile              // 配置环境变量,在最后加入以下两行
PATH=/usr/local/openssl/bin:$PATH
export PATH
[[email protected] openssl-1.0.2m]# source /etc/profile          // 让配置生效
[[email protected] openssl-1.0.2m]# openssl version -a           // 查看openssl版本,验证是否安装成功
OpenSSL 1.0.2m  2 Nov 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -I/usr/local/zlib-1.2.11/include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/openssl-1.0.2m/ssl"

  3.4 卸载原OpenSSH

[[email protected] Downloads]# rpm -qa |grep openssh
openssh-clients-6.6.1p1-22.el7.x86_64
openssh-6.6.1p1-22.el7.x86_64
openssh-server-6.6.1p1-22.el7.x86_64
[[email protected] Downloads]# for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps;done

  3.5 编译安装配置OpenSSH

[[email protected] Downloads]# tar -zxvf openssh-7.8p1.tar.gz
[[email protected] Downloads]# cd openssh-7.8p1/
[[email protected] openssh-7.8p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam--with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening --with-tcp-wrappers
[[email protected] openssh-7.8p1]# rm -rf /etc/ssh
[[email protected] openssh-7.8p1]# make && make install
[[email protected] openssh-7.8p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[[email protected] openssh-7.8p1]# chkconfig --add sshd
[[email protected] openssh-7.8p1]# chkconfig sshd on
[[email protected] openssh-7.8p1]# chkconfig --list|grep sshd
[[email protected] openssh-7.8p1]# sed -i "32a PermitRootLogin yes" /etc/ssh/sshd_config

  3.6 重启sshd服务

[[email protected] openssh-7.8p1]# systemctl restart sshd
[[email protected] openssh-7.8p1]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd)
   Active: active (running) since Tue 2018-12-18 14:45:59 CST; 11s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 16931 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
 Main PID: 16939 (sshd)
   CGroup: /system.slice/sshd.service
           └─16939 /usr/sbin/sshd

Dec 18 14:45:59 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...
Dec 18 14:45:59 localhost.localdomain sshd[16939]: Server listening on 0.0.0.0 port 22.
Dec 18 14:45:59 localhost.localdomain sshd[16939]: Server listening on :: port 22.
Dec 18 14:45:59 localhost.localdomain sshd[16931]: Starting sshd:[  OK  ]
Dec 18 14:45:59 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.[[email protected] openssh-7.8p1]# ssh -VOpenSSH_7.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017

参考链接:http://bbs.51cto.com/thread-1547903-1.html
参考链接:https://blog.csdn.net/levy_cui/article/details/53100315
参考链接:https://www.cnblogs.com/liangjingfu/p/9635657.html

原文地址:https://www.cnblogs.com/Bluesky-bk/p/10137089.html

时间: 2024-11-10 13:21:46

CentOS系统升级OpenSSH版本的相关文章

centos系统升级PHP版本程序

鉴于Centos 默认yum源的php版本太低了,手动编译安装又有点一些麻烦,那么如何采用Yum安装的方案安装最新版呢.那么,今天我们就来学习下如何用yum安装php最新版. 1.检查当前安装的PHP包 yum list installed | grep php 如果有安装的PHP包,先删除他们 yum remove php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-ldap.x86_64 php-mbstring.x86

CentOS 6.9 升级OpenSSH版本 关闭ssh服务后门

最近用低版本的OpenSSH(5.9p1版本) 的漏洞给系统留了个后门 , 可以劫持root密码或者给root开启后门密码 ,  如果公司还在用CentOS6的系统 , 那肯定存在漏洞隐患  建议升级OpenSSH , 升级OpenSSH的操作并不复杂 ,但如果是线上环境 ,那么就需要谨慎操作  特别需要注意的是  如果是通过ssh远程连接服务器后进行的版本升级操作 ,万一升级失败了,则ssh就远程登录不上去了 当然 ,如果服务器安装了iDRAC远程管理卡就好说了,如果没有iDRAC远程管理卡,

如何查询centos查看系统内核版本,系统版本,32位还是64位

查看centos内核的版本: 1)[[email protected] ~]# cat /proc/version Linux version 2.6.18-194.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Fri Apr 2 14:58:14 EDT 2010 2) [[email protected] ~]# uname -a Linux localhost.localdoma

Centos 升级MySQL版本或者Yum安装Mysql5.6

Centos 升级MySQL版本或者Yum安装Mysql5.6 1.从MySQL Yum仓库下载最新的rpm文件:http://dev.mysql.com/downloads/repo/yum/CentOS 6 http://repo.mysql.com/mysql-community-release-el6-5.noarch.rpm 2.yum remove mysql mysql-* 3.mysql-community-release-el6-5.noarch.rpm 4.yum local

CentOS 6以下版本 支持Ext4

CentOS默认是不支持Ext4.所以你需要处理一下才行. 使用环境使用的是CentOS5.8 内核是  2.6.18-238.19.1.el5 其实CentOS 5.8 里面是有 ext4 模块的,只是没加载,所以我们先把模块加入系统 # cd /lib/modules/2.6.18-238.19.1.el5/kernel/fs/ext4   //ext4模块就在此目录下 # [[email protected] ext4]# ls ext4.ko 找到模块后使用modprobe 命令添加 #

CentOS查看内核版本、系统版本、系统位数

CentOS查看内核版本.系统版本.系统位数 查看Linux内核版本 [[email protected] ~]# cat /proc/version    Linux version 2.6.32-358.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Fri Feb 22 00:31:26 UTC 2013     [[email protected] ~]

RHEL6使用163网站CentOS的对应版本作为yum源

#查看是否安装yum # rpm -qa | grep yum [[email protected] ~]# rpm -qa | grep yum #寻找适合自己操作系统的yum安装包(可以通过浏览器, 来翻开寻找)# http://mirror.centos.org/centos-6/6.5/os/x86_64/Packages/yum-3.2.29-40.el6.centos.noarch.rpm [[email protected] huxiaoming]# wget http://mir

centos 5.5版本中添加ext4格式

1.我在使用centos 5.5版本做练习的时候发现默认是不支持ext4文件格式. 在添加硬盘后,用fdisk -l 查看到信息如下: 分区完后,使用命令:mkfs -t ext4 /dev/sdb会提示mkfs.ext4: No such file or directory.如下图: 为了让系统支持ext4文件格式,特作如下操作: 1.查看当前系统的版本信息:lsb_release -a 2.查看版本是否有ext4模块 3.查看是否加载了ext4模块 说明没有加载ext4模块. 4.加载ext

centos下多版本python及多开发环境的安装: pyenv&virtualenv

参考:  http://www.it165.net/pro/html/201405/13603.htmlhttp://www.it165.net/os/html/201405/8348.html 1. 安装 yum groupinstall "Development tools" yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm