Openssh升级脚本

  1 #!/bin/bash
  2 :<<!
  3 注意: : %s/openssh-8.1p1/openssh-8.1p1/g
  4 1.使用脚本前需要在命令行模式下更改文本模式set ff=unix ;
  5 2. 执行完脚本后,请执行source /etc/profile;
  6 3. 请在/root下执行脚本
  7 4.如出现openssl升级后找不到库文件,可通过查找openssl库文件解决。//find  /  -name  "libssl*”  echo  "/usr/local/lib64"   >>   /etc/ld.so.conf   ldconfig -v
  8 !
  9
 10 system_init () {
 11                 sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config                                             #//永久设置selinux为disabled状态
 12                 setenforce 0                                                                                          #//手动设置selinux为Permissive
 13 #               sed -i ‘s/#Port 22/Port 22022‘ /etc/ssh/sshd_config                                                            #//如果需要更改远程端口,去掉前面注释并修改相应的端口
 14                 sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/‘ /etc/ssh/sshd_config                   #//允许root用户远程登录,不允许yes改为no
 15                 sed -i ‘1a nameserver 114.114.114.114‘ /etc/resolv.conf                                   #//添加NDS地址
 16                 sed -i ‘1a options timeout:1 attempts:1 rotate‘ /etc/resolv.conf                           #//设置超时时间和重试次数,加上这条可以解决dns解析慢的问题
 17                 echo root | passwd --stdin root
 18                yum -y install wget net-tools httpd-tools sysstat lsof tree
 19             if [ $? = 0 ];then
 20                 systemctl stop firewalld && systemctl disable firewalld
 21             else
 22                 echo "firewalld is off "
 23             fi
 24
 25             zone=$(timedatectl |grep Asia/Shanghai)
 26             if [ $? != 0 ];then
 27                 timedatectl set-timezone Asia/Shanghai
 28            else
 29                 echo "Time zone configuration successful"
 30             fi
 31            rpm -qa |grep chrony
 32             if [ $? != 0 ];then
 33                 yum -y install chrony && \cp /etc/chrony.conf /etc/chrony.conf.bak
 34                 sed -i ‘/^server/ s/^/#/‘ /etc/chrony.conf
 35                 sed -i ‘2a server ntp.ntsc.ac.cn iburst‘ /etc/chrony.conf
 36                 chronyc -a makestep
 37            else
 38                 echo "chrony is sucess"
 39            fi
 40             id SHunicom
 41            if [ $? != 0 ];then
 42                  useradd SHunicom && echo ShCX#9+2uc0$]80\! |passwd --stdin SHunicom
 43                 echo "SHunicom add ok"
 44            fi
 45 }
 46
 47
 48 zlic_install () {
 49          cd /root
 50          tar  -vxf zlib-1.2.11.tar.gz
 51          cd zlib-1.2.11
 52          ./configure   --prefix=/usr/local/zlib
 53          make  &&  make install
 54          echo " zlib install ok"
 55 }
 56
 57 openssl_install () {
 58          cd /root
 59          tar  -vxf openssl-1.1.1a.tar.gz >/dev/null
 60          cd openssl-1.1.1a
 61          ./config  shared  zlib  --prefix=/usr/local/openssl
 62          make  &&  make install
 63          \mv  /usr/bin/openssl  /usr/bin/openssl.old
 64          \mv  /usr/include/openssl  /usr/include/openssl.old
 65          ln  -s  /usr/local/openssl/bin/openssl   /usr/bin/openssl
 66          ln  -s  /usr/local/openssl/include/openssl   /usr/include/openssl
 67          echo  "/usr/local/openssl/lib"   >>   /etc/ld.so.conf
 68          ldconfig -v
 69 }
 70
 71 openssh_prepare () {
 72        yum -y install wget
 73        rpm -qa |grep wget
 74        wget_stat=$?
 75        ping -c  3 openbsd.hk
 76        ping_stat=$?
 77
 78       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
 79              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
 80              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
 81              wget http://www.zlib.net/zlib-1.2.11.tar.gz
 82              yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel tcp_wrappers-devel wget
 83       else
 84             echo -n -e "program:  ‘basename $wget_stat‘  openssh download faifled"
 85       fi
 86      ps -ef |grep sshd | grep -v grep
 87      ssh_stat=$?
 88      rpm -qa |grep openssh
 89      openssh_stat=$?
 90      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
 91           systemctl stop sshd
 92           rpm -qa |grep openssh |xargs -d "\n" rpm -e --nodeps
 93           \mv /etc/init.d/sshd /etc/init.d/sshd.bak
 94           \mv /etc/ssh /etc/ssh.bak
 95      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then
 96           systemctl stop sshd
 97          \mv /usr/local/openssh /usr/local/openssh.bak
 98      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
 99            \mv /usr/local/openssh /usr/local/openssh.bak
100      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
101           rpm -qa |grep openssh |xargs -d "\n" rpm -e --nodeps
102           \mv /etc/init.d/sshd /etc/init.d/sshd.bak
103           \mv /etc/ssh /etc/ssh.bak
104      fi
105 }
106
107 ubuntu_prepare () {
108         echo "0" >/etc/apt-get/sources.list
109        sed -i ‘1a  deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse‘ /etc/apt/sources.list
110        sed -i ‘1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse ‘ /etc/aptt/sources.list
111        sed -i ‘1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse‘ /etc/apt/sources.list
112        sed -i ‘1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse‘ /etc/apt/sources.list
113        sed -i ‘1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse‘ /etc/apt/sources.list
114        sed -i ‘1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse‘ /etc/apt/sources.list
115        sed -i ‘1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse‘ /etc/apt/sources.list
116        sed -i ‘1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse‘ /etc/apt/sources.list
117        sed -i ‘1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse‘ /etc/apt/sources.list
118        sed -i ‘1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse‘ /etc/apt/sources.list
119        sudo apt-get install wget
120        dpkg -s wget
121        wget_stat=$?
122        ping -c  3 openbsd.hk
123        ping_stat=$?
124
125       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
126              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
127              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
128              wget http://www.zlib.net/zlib-1.2.11.tar.gz
129             sudo apt-get install wget gcc make zlib1g-dev libssl-dev libpam0g-dev sysv-rc-conf -y
130       else
131             echo -n -e "program:  ‘basename $wget_stat‘  openssh download faifled"
132       fi
133      ps -ef |grep sshd | grep -v grep
134      ssh_stat=$?
135      rpm -qa |grep openssh
136      openssh_stat=$?
137      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
138           systemctl stop sshd
139           \mv /etc/init.d/sshd /etc/init.d/sshd.bak
140           \mv /etc/ssh /etc/ssh.bak
141      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then
142           systemctl stop sshd
143          \mv /usr/local/openssh /usr/local/openssh.bak
144      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
145            \mv /usr/local/openssh /usr/local/openssh.bak
146      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
147           \mv /etc/init.d/sshd /etc/init.d/sshd.bak
148           \mv /etc/ssh /etc/ssh.bak
149      fi
150 }
151         apt_get=$?
152          if [ apt_get -eq 0 ];then
153              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
154              wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
155              wget http://www.zlib.net/zlib-1.2.11.tar.gz
156          fi
157
158 openssh_install () {
159          cd /root
160          tar -xvf openssh-8.1p1.tar.gz &&  /root > /dev/null
161          cd openssh-8.1p1
162          var="$1"
163          if [ "$var" = "cen6" ];then
164              ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl -with-md5-passwords --without-hardening
165              if [ $? = 0 ];then
166                   openssh_init
167              else
168                   echo "system is $var , configure openssh failed " >>/install.log
169              fi
170          elif [ "$var" = "cen7" ];then
171             ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl
172              if [ $? = 0 ];then
173                   openssh_init
174              else
175                   echo "system is $var , configure openssh failed " >>/install.log
176              fi
177          fi
178 }
179
180 openssh_init () {
181                make && make install
182                \cp $DIRSSH/contrib/redhat/sshd.init /etc/init.d/sshd
183               sed -i ‘25,25s/SSHD=\/usr\/sbin\/sshd/SSHD=\/usr\/local\/openssh\/sbin\/sshd/‘ /etc/init.d/sshd
184               sed -i ‘41,41s/\/usr\/bin\/ssh-keygen -A/\/usr\/local\/openssh\/bin\/ssh-keygen -A/‘ /etc/init.d/sshd
185               chkconfig --add sshd && systemctl daemon-reload
186 #              sed -i ‘s/#Port 22/Port 22022/‘ /etc/ssh/sshd_config
187               sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/‘ /etc/ssh/sshd_config
188               \chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
189               systemctl start sshd
190               echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile
191               source /etc/profile
192 }
193
194 DIRZLIB=‘/usr/local/zlib‘
195 DIRSSL=‘/usr/local/openssl‘
196 DIRSSH=‘/root/openssh-8.1p1‘
197 INSTALLSSH=‘/usr/local/openssh‘
198 SYSSSH=‘/etc/ssh‘
199 array_number=(init centos6 centos7 ubuntu)
200 echo -n -e "\e[31;47m please input number 0.init 1.centos6 2.centos7 3.ubuntu\n please input number:\t\e[30"
201 read input
202 number=${array_number["$input"]}
203      case  "$number"    in
204           ${array_number[0]})
205                    system_init
206                         ;;
207           ${array_number[1]})
208                         openssh_prepare
209                         zlic_install
210                         openssl_install
211                         openssh_install cen6
212                         ;;
213           ${array_number[2]})
214                         openssh_prepare
215                         zlic_install
216                         openssl_install
217                         openssh_install cen7
218                         ;;
219            ${array_number[3]})
220                 ubuntu_prepare
221                 zlic_install
222                 openssl_install
223                 openssh_install   cen7
224                 ;;
225             *)
226                 echo "Usage: input number 0.init 1.centos6 2. centos7 3. ubuntu\n"
227                 exit 1
228                 ;;
229       esac    

原文地址:https://www.cnblogs.com/RXDXB/p/12145644.html

时间: 2024-12-30 00:06:12

Openssh升级脚本的相关文章

分享一次OPENssh批量升级过程和升级脚本

1         ssh版本检查 本文档针对于ssh版本低于7.0的系统,升级为openssh7.5 p1. ssh –V [[email protected] ~]# ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 2         OPENssh7.5安装步骤 卸载原有openssh yum remove openssh -y 准备编译环境: yum install gcc openssl-devel zlib-devel 上传o

HP Unix openssl、openssh 升级

一.升级前请先启用telnet服务!防止远程ssh连接断开后无法连到服务器上. 二.准备好下面的5个包,这几个包是升级openssh和openssl所依赖的. 下面的包的官网下载地址是http://hpux.connect.org.uk/hppd/packages_popular.html gettext-0.19.8.1-ia64-11.31.depot.gz  libiconv-1.14-ia64-11.31.depot.gz openssh-7.4p1-ia64-11.31.depot.g

centos 6.7 openssh 升级到openssh 7.1p

openssh 升级主要解决: OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具.该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听.连接劫持以及其他网络级的攻击.OpenSSH 6.8版本和6.9版本的sshd中存在安全漏洞,该漏洞源于程序为TTY设备分配全局可写权限.本地攻击者可通过写入设备利用该漏洞造成拒绝服务(终端中断). openssh 简介: 1.OpenSSH 是SSH(Secure S

openssh 升级

CentOS 6.5升级openssh至7.2p2 一.环境描述 1)操作系统:CentOS 6.5 64位 2)Openssh升级前版本:openssh-5.3p1-94.el6:Openssh升级后版本:openssh_7.2p2(源码安装) 3)连接工具xshell 4.要预防超时断开连接. 二.升级sshd到OpenSSH-7.2并删除老版本ssh 1)升级前准备 下载openssh-7.2p2.tar.gz http://ftp.hostserver.de/pub/OpenBSD/Op

openssh升级到7.4p1

openssh升级背景由于第×××司检测到服务Openssh有高危漏洞,需要对Openssh进行升级 1.编译安装 tar -zxf openssh-7.4p1.tar.gz cd openssh-7.4p1 ./configure --prefix=/usr/local/openssh7.4/ --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd make && make install

Centos6.9中将openssh升级到到7.5

Centos6.9中将openssh升级到到7.5 一. 安装编译工具包和telnet服务: 安装telnet服务的目的是防止后期ssh服务连不上,跑机房. # yum install -y gcc gcc-c++ perl zlib-devel pam pam-devel tcp_wrappers-devel # yum -y install telnet-server* telnet 编辑/etc/xinetd.d/telnet文件,将disalble字段的yes改为no允许root用户通过

Android OTA升级包制作脚本详解(五,升级脚本updater-script的执行&lt;1&gt;)

写在前面: 首先当我们执行升级脚本updater-script的时候,就表示我们已经进入了升级安装状态.那么在我们就从实际的安装作为入口开始分析.也就是说我们从install.cpp中的install_package函数开始一步步来分析. 这里主要分析与脚本相关的部分,其他的请参考这位朋友的博文http://blog.chinaunix.net/uid-22028566-id-3533856.html,我也很受启发.这里也借用一张图来帮助流程上的分析. 下面是调用的流程:install_pack

【转】用PowerDesigner制作数据库升级脚本

[原创]用PowerDesigner制作数据库升级脚本 很多人使用PD的时候就问有没有制作自动升级脚本的功能.其实是有的. 操作原理: 1.保存原来的版本,另存为apm的文件,生成一个Archive Model. 2.生成升级脚本,需要选择原来的版本 操作步骤: 1.打开PDM文件,选择Save as .... 另存为,在弹出的窗口中选择apm的文件类型,输入文件名保存即可. 2.修改相关的数据模型的内容,然后保存. 3.选择DataBase菜单中的modify database... 菜单 4

openssl升级脚本

openssl升级脚本: #!/bin/sh cd /opt/download wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz tar -zxvf openssl-1.0.2k.tar.gz cd openssl-1.0.2k ./config --prefix=/usr/local/openssl  make && make install  mv /usr/bin/openssl   /usr/bin/openssl.