分享一次OPENssh批量升級過程和升級腳本
阿新 • • 發佈:2018-05-03
Linux shell Openssh
1 ssh版本檢查
本文檔針對於ssh版本低於7.0的系統,升級為openssh7.5 p1。
ssh –V [root@kuajing-db3 ~]# ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
2 OPENssh7.5安裝步驟
卸載原有openssh
yum remove openssh -y
準備編譯環境:
yum install gcc openssl-devel zlib-devel
上傳openssh安裝包到/mnt並解壓進行編譯:
tar zxvf openssh-7.5p1.tar.gz cd openssh-7.5p1 ./configure make && make install
拷貝ssh服務文件
cp /usr/local/bin/ssh /usr/bin/ssh cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd cp ./contrib/redhat/sshd.init /etc/init.d/sshd
修改配置文件
修改/etc/ssh/sshd_config
將#PermitRootLogin修改為PermitRootLogin yes
修改/usr/libexec/sftp-server為/usr/local/libexec/sftp-server
修改 /etc/init.d/sshd
將SSHD=/usr/sbin/sshd 改為 SSHD=/usr/local/sbin/sshd
將/usr/sbin/ssh-keygen -A 改為 /usr/local/bin/ssh-keygen -A
在 ‘$SSHD $OPTIONS && success || failure’這一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
加入系統服務
chkconfig --add sshd chkconfig sshd on
檢查服務
chkconfig --list |grep sshd sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
啟動服務
service sshd start
檢查ssh版本
[root@oracle ~]# ssh -V OpenSSH_7.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013
3 OPENssh升級腳本
根據以上升級過程編寫了腳本自動執行操作,腳本內容如下:
#!/bin/bash
sshInst()
{
yum remove openssh -y
yum install gcc openssl-devel zlib-devel -y
cd /mnt
tar zxvf openssh-7.5p1.tar.gz -C /mnt/
cd ./openssh-7.5p1
./configure
make && make install
}
CHG_SSHD()
{
chmod +x /etc/init.d/sshd
OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'
OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`
if [ -z "${OPT_EXIST}" ];then
sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshd
else
echo ${OPT_EXIST}
fi
PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`
if [ -n "${PATH_EXIST}" ];then
echo "${PATH_EXIST}"
else
sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd
fi
echo "/etc/init.d/sshd file changes completed."
}
CHG_CONF()
{
##Chenge /etc/ssh/sshd_config
cp sshd_config /etc/ssh/sshd_config
sed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config
PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`
if [ -z "${PATH_EXIST}" ];then
sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config
else
echo "${PATH_EXIST}"
fi
echo "/etc/ssh/sshd_config file changes completed."
}
OPATH=/usr/
NPATH=/usr/local/
echo -n "The SSH current version is:"
ssh -V
while true;do
echo -n "Continue to update?(yes/no)"
read INPUT
case $INPUT in
Y|y|YES|yes)
sshInst
echo -n "Press any key to continue....."
read AnyKey
cp /usr/local/bin/ssh /usr/bin/ssh
echo "Copying ssh....Done."
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "Copying ssh_host_ecdsa_key.pub....Done."
cp /mnt/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
echo "Copying sshd....Done."
CHG_SSHD
CHG_CONF
break;;
N|n|NO|no)
echo exited
exit ;;
"")
break;;
esac
done
chkconfig --add sshd
chkconfig sshd on
service sshd start
echo "Operation is completed."分享一次OPENssh批量升級過程和升級腳本