在使用前需要注意:
- 在/tmp/123下面有这三个文件:
zlib-1.2.11 openssh-7.4p1 openssl-1.0.2k
- 安装必要的工具 gcc以及其依赖包,建议直接用yum安装GCC
- 安装好TELNET
- 脚本执行完成后,先看SSH版本再重启服务。
cd /tmp/123
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make
make install
mkdir -p /tmp/123
ftp -n 10.101.50.100 << EOF
user qiantao [email protected]
bin
cd SSH/OPENSSH
lcd /tmp/123
get openssh-7.4p1.tar.gz
get openssl-1.0.2k.tar.gz
get zlib-1.2.11.tar.gz
by
EOF
cd /tmp/123
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make
make install
echo $?
sleep 6
if [ $? -eq 0 ]
then
rpm -e zlib
fi
echo ‘/usr/lib‘ >> /etc/ld.so.conf
ldconfig
sleep 5
#mv /usr/lib64/openssl /usr/lib64/openssl.old
#mv /usr/bin/openssl /usr/bin/openssl.old
#mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
cd /tmp/123/
tar -zxvf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make
make test
make install
mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10
openssl version -a
install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd
groupadd -g 50 sshd
useradd -c ‘sshd PrivSep‘ -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
cd /tmp/123
tar -zxvf openssh-7.4p1.tar.gz
cd openssh-7.4p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd
make
make install
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.4p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.4p1
ssh -V #验证是否升级成功
echo ‘X11Forwarding yes‘ >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
echo "Port 22" >>/etc/ssh/sshd_config
service sshd restart