Openssl&Openssh升級至最新版本
Openssl升級至最新版本
升級前備份
mkdir /mnt/ssl.bak/
cp /usr/lib64/libcrypto.so.10 /mnt/ssl.bak/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /mnt/ssl.bak/libssl.so.10.old
yum install -y gcc openssl-devel pam-devel zlib zlib-devel
find / -name openssl
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
解除安裝:
rpm -qa | grep openssl
rpm -e rpm -qa | grep openssl --nodeps
升級:
wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz
tar -zxvf openssl-1.0.1h.tar.gz -C /opt/
cd openssl-1.0.1h
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make
make install
openssl version -a
D、恢復共享庫 (……)
cp /mnt/ssl.bak/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
cp /mnt/ssl.bak/libssl.so.10.old /usr/lib64/libssl.so.10
=============================================================
不解除安裝老版本,則需要
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
echo "/usr/local/lib64/" >> /etc/ld.so.conf
ldconfig
openssl version -a
===================================================================================
Openssh升級至最新版本
1.防止openssh升級失敗
rpm -qa | grep telnet
yum install -y telnet-server
yum install -y xinetd
sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet
service xinetd restart
lsof -i :23
測試 (這用普通使用者)
telnet localhost
升級
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
yum install -y gcc openssl-devel pam-devel zlib zlib-devel
mv /etc/ssh /mnt/ssh.bak 備份原有金鑰資訊
rpm -qa | grep openssh
rpm -e rpm -qa | grep openssh --nodeps
tar -xzf openssh-8.0p1.tar.gz -C /opt
cd openssh-8.0p1
./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
make && make install
cp /mnt/ssh.bak/* /etc/ssh/
echo 'PermitRootLogin yes' >>/etc/ssh/sshd_config
sed -i 's/^UsePAM/#&/' /etc/ssh/sshd_config
sed -i 's/^GSSAPICleanupCredentials/#&/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication/#&/' /etc/ssh/sshd_config
cp /etc/init.d/sshd /mnt/sshd.bak
cp contrib/redhat/sshd.init /etc/init.d/sshd
which sshd 與 /etc/init.d/sshd中sshd的路徑需要相同
which ssh-keygen 與 /etc/init.d/sshd中ssh-keygen的路徑需要相同
chkconfig --add sshd
chkconfig sshd on
ls /usr/libexec/openssh || mkdir //usr/libexec/openssh
ls /usr/libexec/openssh/sftp-server || cp /opt/openssh-8.0p1/sftp-server /usr/libexec/openssh/
service sshd reload 過載後會斷開ssh,請務必之前把telnet配置好,否則無法遠端,開啟sshd
ssh -V