Centos6.6x系統與unbutu18.04系統升級ssh到8.3版本
Centos6.6升級ssh5.3版本到ssh8.3版本
下載所需要的原始碼包:
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/zlib-1.2.11.tar.gz
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssh-8.3p1.tar.gz
]#wget https://files-cdn.cnblogs.com/files/luckjinyan/openssl-1.1.1g.tar.gz
備份當前openssh
# cp/etc/ssh /etc/ssh.bak
# cp /etc/init.d/sshd /etc/init.d/sshd.abk
解除安裝舊的版本
# rpm -e –nodeps openssh-xxx(使用這條命令逐個解除安裝)
rpm -e --nodeps openssh-askpass-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-server-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-5.3p1-104.el6.x86_64
rpm -e --nodeps openssh-clients-5.3p1-104.el6.x86_64
解除安裝時報錯,解決:
rpm -e --noscripts openssh-server-5.3p1-104.el6.x86_64
配置阿里yum源
curl -O http://mirrors.aliyun.com/repo/Centos-6.repo
curl -O http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all && yum makecache
yum -y install gcc gcc-c++ vim pam* openssl-devel (先安裝要使用的工具)
注:pam*測試時未安裝 若安裝在進行openssh配置時需加上--with-pam=enable
解壓 (-C 可以指定解壓到指定的目錄)
]#tar zxf zlib-1.2.11.tar.gz
]#tar zxf openssl-1.1.1g.tar.gz
]#tar zxf openssh-8.3p1.tar.gz
編譯安裝zlib
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
編譯安裝openssl
cd openssl-1.1.1g
./config --prefix=/usr/local/openssl -d shared
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so //目前發現這一步有錯誤,可不做
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version
安裝openssh
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords
make && make install
sshd_config檔案修改
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
解===>>>
PermitRootLogin yes #允許root認證登入
PasswordAuthentication yes #允許密碼認證
RSAAuthentication yes #祕鑰認證
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys #預設公鑰存放的位置
備份原有檔案,並將新的配置複製到指定目錄
cp -p /root/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -p /root/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam(使用pam需拷貝)
啟動sshd
service sshd restart
centos7可直接使用systemctl進行管理
檢視資訊版本
ssh -V 或者 sshd -v
ubuntu升級ssh到8.3版本
更改apt源為阿里源
vi /etc/apt/sources.list 新增以下內容
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
--------------------------------------------------------------------------------------------------------------------
更新一下apt庫:
apt update
解壓 (-C 可以指定解壓到指定的目錄)
]#tar zxf zlib-1.2.11.tar.gz
]#tar zxf openssl-1.1.1g.tar.gz
]#tar zxf openssh-8.3p1.tar.gz
安裝gcc編譯工具
apt-get install gcc make libpam0g-dev
編譯zlib
./configure --prefix=/usr/local/zlib
make
make install
編譯安裝openssl
cd openssl-1.1.1g
./config --prefix=/usr/local/openssl -d shared
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so //目前發現執行這一步有錯誤,可跳過
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf //這一步與centos有一些區別
ldconfig
openssl version //檢視版本
# 備份原openssh檔案
mv /etc/ssh /etc/ssh.bak
mv /etc/init.d/ssh /etc/init.d/ssh.bak
# 解除安裝原openssh
apt-get remove openssh-server openssh-client
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd #需要指定openssl的安裝路徑和zlib的安裝路徑
make && make install
1. 修改預設配置檔案
根據之前配置修改,保證配置相同
2. 也可使用原來的配置檔案
cd /etc/ssh
mv sshd_config sshd_config.default
cp ../ssh.old/sshd_config ./
# 使用原來的/etc/init.d/ssh
mv /etc/init.d/ssh.old /etc/init.d/ssh
# 取消登出指定服務
systemctl unmask ssh
# 重啟服務
systemctl restart ssh
---------------------------------報錯-------------------------------------------
# 報錯 checking whether OpenSSL's PRNG is internally seeded... yes
# configure: error: PAM headers not found
# 解決:ubuntu: apt-get install libpam0g-dev centos: yum -y install pam-devel
---------------------------------報錯-------------------------------------------------------------------
# 報錯: Privilege separation user sshd does not exist
vim /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
# 註冊名:口令:使用者標識號:組標識號:使用者名稱:使用者主目錄:命令解釋程式
# /etc/passwd檔案是Linux/UNIX安全的關鍵檔案之一.該檔案用於使用者登入時校驗 使用者的口令,當然應當僅對root可寫.
--------------------------------------------------------------------------------------------------------
Centos6(限6版本) ssh升級到8.3p指令碼(超菜的寫法,大神勿看)
#!/bin/bash
curl -o /opt/zlib-1.2.11.tar.gz http://www.zlib.net/zlib-1.2.11.tar.gz > /dev/null
if [ $? == '0' ]; then
echo "zlib原始碼包下載完成!!"
else
exit 1
fi
curl -o /opt/openssh-8.3p1.tar.gz http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz >/dev/null
if [ $? == '0' ]; then
echo "openssh原始碼包下載完成!!"
else
exit 1
fi
curl -o /opt/openssl-1.1.1g.tar.gz https://www.openssl.org/source/openssl-1.1.1g.tar.gz >/dev/null
if [ $? == '0' ]; then
echo "openssl原始碼包下載完成!!"
else
exit 1
fi
#rpm -q openssh > /dev/null && cat /etc/redhat-release |grep 6.* > /dev/null
if [ -d /etc/ssh ]; then
mv /etc/ssh /etc/ssh.bak
echo "備份ssh OK"
fi
if [ -f /etc/init.d/sshd ]; then
mv /etc/init.d/sshd /etc/init.d/sshd.bak
echo "備份sshd OK"
fi
rpm -qa |grep openssh-askpass > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-askpass-5.3p1-104.el6.x86_64 && echo "成功解除安裝openssh-askpass"
fi
rpm -qa |grep openssh-server > /dev/null
if [ $? == '0' ]; then
rpm -e --noscripts openssh-server-5.3p1-104.el6.x86_64 && echo "成功解除安裝openssh-server"
fi
rpm -qa |grep openssh-5.3p1 > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-5.3p1-104.el6.x86_64 && echo "成功解除安裝openssh-5.3p1"
fi
rpm -qa |grep openssh-clients > /dev/null
if [ $? == '0' ]; then
rpm -e --nodeps openssh-clients-5.3p1-104.el6.x86_64 && echo "成功解除安裝openssh-clients"
fi
curl -o /etc/yum.repos.d/Centos-6.repo http://mirrors.aliyun.com/repo/Centos-6.repo >/dev/null && echo "pull Centos-6.repo yes"
curl -o /etc/yum.repos.d/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo >/dev/null && echo "pull epel-6.repo yes"
yum clean all > /dev/null && yum makecache > /dev/null && echo "repo clan yes"
yum -y install gcc gcc-c++ vim pam* openssl-devel > /dev/null
if [ $? == '0' ];then
echo "install依賴 yes"
else
exit 1
fi
tar zxf /opt/zlib-1.2.11.tar.gz -C /opt/ && cd /opt/zlib-1.2.11 && ./configure --prefix=/usr/local/zlib >/dev/null && make >/dev/null && make install > /dev/null && echo "install zlib succeed"
if [ $? == '0' ];then
tar zxf /opt/openssl-1.1.1g.tar.gz -C /opt/ && cd /opt/openssl-1.1.1g && ./config --prefix=/usr/local/openssl -d shared >/dev/null && make >/dev/null && make install >/dev/null
echo "install openssl succeed"
else
exit 1
fi
if [ $? == '0' ];then
mv /usr/bin/openssl /usr/bin/openssl.bak && mv /usr/include/openssl /usr/include/openssl.bak && ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl && ln -s /usr/local/openssl/include/openssl /usr/include/openssl
else
exit 1
fi
if [ $? == '0' ];then
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf && ldconfig -v > /dev/null && echo $(openssl version)
else
exit 1
fi
if [ $? == '0' ];then
cd /opt/ && tar zxf openssh-8.3p1.tar.gz -C /opt/ && cd openssh-8.3p1 && ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-md5-passwords --with-pam=enable > /dev/null && make > /dev/null && make install > /dev/null
echo "install openssh succeed"
else
exit 1
fi
echo 'PermitRootLogin yes' >>/etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >>/etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >>/etc/ssh/sshd_config
cp -p /opt/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -p /opt/openssh-8.3p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
service sshd restart && ssh -V
******人生若只如初見******