您现在的位置是:首页 >技术杂谈 >CentOS7离线升级SSH至9.1P1网站首页技术杂谈

CentOS7离线升级SSH至9.1P1

你这个橘子不要皮 2024-06-14 12:01:02
简介CentOS7离线升级SSH至9.1P1

1、离线安装telnet(用telnet登录升级ssh,因为ssh升级时,ssh会话会断开)
(1)下载telnet、telnet-server、xinetd,并传到服务器上

http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/telnet-0.17-66.el7.x86_64.rpm
http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/telnet-server-0.17-66.el7.x86_64.rpm
http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/xinetd-2.3.15-14.el7.x86_64.rpm

(2)安装telnet:在安装包所在目录执行

rpm -ivh telnet-0.17-66.el7.x86_64.rpm 
rpm -ivh telnet-server-0.17-66.el7.x86_64.rpm 
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm

在这里插入图片描述

(3)配置并启动Telnet,xinetd和telnet必须设置开机启动,否则无法启动Telnet服务

systemctl enable xinetd.service
systemctl enable telnet.socket

(4)接下来启动服务

systemctl start telnet.socket
systemctl start xinetd

(5)开启root登录权限
将服务端/etc/securetty文件备份重命名

mv /etc/securetty /etc/securetty.bak

(6)关闭防火墙,并取消防火墙开机自启

systemctl stop firewalld
systemctl disable firewalld

或开启防火墙23端口

iptables -A INPUT -p tcp --dport 23
iptables -L -n

(7)telnet登录后台
在这里插入图片描述

2、离线安装make、gcc、zlib、pam等编译需要的包(http://rpmfind.net/linux/RPM/index.html)
make-3.82-24.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/make-3.82-24.el7.x86_64.rpm

mpfr-3.1.1-4.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/mpfr-3.1.1-4.el7.x86_64.rpm

libmpc-1.0.1-3.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/libmpc-1.0.1-3.el7.x86_64.rpm

glibc-headers-2.17-222.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/updates/x86_64/Packages/glibc-headers-2.17-324.el7_9.x86_64.rpm

glibc-devel-2.17-222.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/glibc-devel-2.17-317.el7.x86_64.rpm

cpp-4.8.5-28.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/cpp-4.8.5-44.el7.x86_64.rpm

gcc-4.8.5-28.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/gcc-4.8.5-44.el7.x86_64.rpm

pam-devel-1.1.8-23.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/pam-1.1.8-23.el7.x86_64.rpm

zlib-1.2.7-18.el7.x86_64.rpm

http://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/zlib-1.2.7-18.el7.x86_64.rpm

(1)新建一个目录gcc,将所有安装包上传到该目录

mkdir gcc
cd gcc

(2)强制安装以上rpm包

rpm  -ivh  *.rpm --nodeps --force

3、下载openssl和openssh
(1)下载openssh-9.1p1.tar.gz

https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz?spm=a2c6h.25603864.0.0.686840adx4Vfgj

(2)下载openssl-1.1.1s.tar.gz

https://www.openssl.org/source/openssl-1.1.1s.tar.gz

4、升级openssl
(1)备份原来的openssl

mv /usr/bin/openssl{,.bak}
mv /usr/include/openssl{,.bak}

(2)编译安装新的opensslc

tar -zxvf openssl-1.1.1s.tar.gz
cd openssl-1.1.1s/
./config shared && make && make install

(3)建立软连接

ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl

(4)重新加载配置,验证openssl版本

echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

(5)可能会有以下报错,这是因为libssl.so.1.1文件找不到,执行find / -name ‘libssl.so.1.1’,将/etc/ld.so.conf里面的lib64改成find出来的路径即可"

[root@localhost ~]# openssl version openssl: error while loading
shared libraries: libssl.so.1.1: cannot open shared object file: No
such file or directory"

5、升级openssh
(1)备份原来的openssh

mv /etc/ssh{,.bak}
mkdir /usr/local/openssh

(2)编译安装新的openssh

tar -zxvf openssh-9.1p1.tar.gz
cd openssh-9.1p1/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords --with-pam && make && make install

(3)配置sshd_config

echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

(4)创建软连接

mv /usr/sbin/sshd{,.bak}
mv /usr/bin/ssh{,.bak}
mv /usr/bin/ssh-keygen{,.bak}
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

(5)重启sshd服务(#注意:/root/openssh-9.1p1/contrib/redhat/ 这个目录是openssh-9.1p1.tar.gz解压后的目录,根据实际情况修改

systemctl disable sshd --now
mv /usr/lib/systemd/system/sshd.service{,.bak}
systemctl daemon-reload
cp -a /root/openssh-9.1p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /root/openssh-9.1p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
systemctl enable sshd --now
systemctl restart sshd

(6)查看ssh版本

ssh -V

(7)使用ssh客户端测试连接,连接成功,即表示升级完成,此时可以关闭telnet服务

systemctl disable xinetd.service --now
systemctl disable telnet.socket --now
systemctl stop xinetd.service --now
systemctl stop telnet.socket --now
风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。

站长推荐