linx6.7 update openssh to 7.7p1
生活随笔
收集整理的這篇文章主要介紹了
linx6.7 update openssh to 7.7p1
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
升級之前需要注意幾點:
1 必須要有自己的鏡像,必須自己做好本地yum源(可以連接外網,能夠有網絡yum源也可以)
2 配置好基本的升級環境。在升級openssh時需要依賴openssl和zlib。一般系統自帶的版本都比較低,而要升級到較高版本的openssh,就對依賴軟件的版本有要求
一般試用源碼編譯的方式進行升級。需要編譯則必須要有編譯環境
3 依次按順序升級zlib,openssl和openssh
4 在安裝zlib之前,需要試用telnet連接到服務器,并且需要驗證ftp是否可以正常上傳文件(使用的匿名方式)。這兩種途徑是解決openssh升級失敗的唯一方法。
5 待所有軟件升級完畢之后,需要在telnet連接的服務端哪里啟動sshd服務,注意不要直接試用restart。需要先試用start,然后在次試用restart。否則服務器會斷開。
6 環境及依賴版本:openssh-7.7p1.tar.gz openssl-1.0.2o.tar.gz zlib-1.2.11.tar.gz
對應軟件下載地址:
zlib下載地址:鏈接:https://pan.baidu.com/s/1Ez10B_16pOytBZMQ9JueKQ 提取碼:yr98
openssl下載地址:鏈接:https://pan.baidu.com/s/1oJKL77ZB1n6kzQQYMDOsaQ 提取碼:9x0a
openssh下載地址:鏈接:https://pan.baidu.com/s/1Lr4Ww_2NDBLwaQAvSB-7jw 提取碼:fpg5
7 下面是不成熟的腳本,沒有邏輯判斷,假設的是所有的命令執行成功的情況下進行的,如果要試用下面的腳本,需要謹慎試用。
#!/bin/bash
#Describle:update openssh to 7.7p1 on linux6.7
#Tue Oct 9 17:15:19 CST 2018
#Mail:Michael92@126.com #Before updating openssh,you need to be ready for some environments.
#In order to avoid downloading too many rpm packages,the best way is downloading the right iso images and make a local yum repository.
#After that,you can use the yum install some local servers,such as perl,vsftpd,telnet,telnet-server,pam-devel,gcc,gcc-c++.
#Then,you have to update the zlib to 1.2.11 and update openssl to 1.0.2o(This is the lowest version that openssh7.7p1 have dependence)
#The last but not the least,update openssh to 7.7p1 and clean up your environment. #1 Now,the next is building a local repository
mkdir /iso
#$1 is the directory of your iso images
mount -o loop $1 /iso
cat >>/etc/yum.repos.d/local.repo<<EOF
[localrepo]
name = localrepo
baseurl = file:///iso
enabled = 1
gpgcheck = 0
EOF yum clean all
yum repolist # 2 Try to use yum install some basical environment
yum -y install perl vsftpd telnet telnet-server pam-devel gcc gcc-c++
#Check whether install successfully
gcc -v
perl -v # 3 install telnet and vsftpd. telnet is the last way to link you server and vsftp is the last way to transfer files
echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "anonymous_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "anon_umask=022" >> /etc/vsftpd/vsftpd.conf
echo "no_anon_password=YES" >> /etc/vsftpd/vsftpd.conf
chown ftp /var/ftp -R
/etc/init.d/vsftpd restart
echo "You have 60 seconds to check whether you can use telnet"
for ((i=30;i>0;i--));do
echo -e "\033[31m$i\033[0m"
sleep 1
done
# Modify telnet configure file and check it
sed -i 's/yes/no/g' /etc/xinetd.d/telnet
mv /etc/securetty /etc/securetty.old
chkconfig xinetd on
echo "You have 30 seconds to check whether you can use telnet"
for ((i=30;i>0;i--));do
echo -e "\033[31m$i\033[0m"
sleep 1
done #4 Update zlib to use resource way
tar -zxvf ./zlib-1.2.11.tar.gz || exit 6
cd zlib-1.2.11
./configure --prefix=/usr
make || exit 6
rpm -e --nodeps zlib
make install
echo '/usr/lib' >> /etc/ld.so.conf
ldconfig
cd .. ZlibDirectory=`find /usr/ -name zlib.pc`
cat $ZlibDirectory #5 Update openssl
tar -zxvf ./openssl-1.0.2o.tar.gz || exit 7
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {} cd openssl-1.0.2o
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib #必須加上--shared,否則編譯時會找不到新安裝的openssl的庫而報錯
make
make test #必須執行這一步結果為pass才能繼續,否則即使安裝完成,ssh也無法使用
make install
openssl version -a
cd ..
sleep 10
mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10 #6 Update openssh
tar -zxvf ./openssh-7.7p1.tar.gz || exit 8
mv /etc/ssh /etc/ssh.old
rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd
groupadd -g 50 sshd
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
cd openssh-7.7p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd --with-tcp-wrappers
make
make install install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.7p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.7p1
ssh -V
for ((i=10;i>0;i--));do
echo -e "\033[31m$i\033[0m"
sleep 1
done
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允許root用戶通過ssh登錄
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on # The last you have to use telnet to link the server and reboot the sshd
/etc/init.d/sshd start
/etc/init.d/sshd restart
tar -zxvf ./openssl-1.0.2o.tar.gz
總結
以上是生活随笔為你收集整理的linx6.7 update openssh to 7.7p1的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 【Zookeeper】结构、应用、安装部
- 下一篇: 字符 kotlin(3)