檢視當前版本

# ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

 

使用telnet服務進行安裝升級

檢視telnet服務狀態：

[email protected] ~]# service xinetd status

/etc/sysconfig/network: line 3: hl-tyapp1: command not found

xinetd (pid  21601) is running...

 

重啟telnet服務

[[email protected]

~]# service xinetd restart

/etc/sysconfig/network: line 3: hl-tyapp1: command not found

Stopping xinetd:                                           [  OK  ]

Starting xinetd:                                       [  OK  ]

 

telnet服務預設不支援root賬戶登入，要先新建賬戶，升級時切換到root賬戶進行操作。新建一個賬戶test，密碼123，執行命令

[[email protected] ~]# useradd test

[[email protected] ~]# passwd test

Changing password for user test.

New UNIX password:                      #輸入test賬戶的密碼

BAD PASSWORD: it is WAY too short

Retype new UNIX password:               #重複輸入test賬戶密碼

passwd: all authentication tokens updated successfully.     #完成test賬戶建立

 

telnet預設採用的埠是TCP的23號埠，校驗埠是否正常，正常則配置成功，不正常則配置失敗，如下：

# telnet 127.0.0.1   #若本地連線正常，網路無法連線，則檢視防火牆是否放行telnet

[[email protected] ~]# telnet 127.0.0.1

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

ONLY Authorized users only! All accesses logged

login: test

Password: 輸入密碼

Last login: Mon Dec 24 10:31:47 from VM000003114

ONLY Authorized users only! All accesses logged

-bash: /var/log/audit/audit.log: Permission denied

[[email protected] ~]$

切換到root許可權  

[[email protected] ~]$ su root

Password:    輸入密碼

[[email protected] test]# cd   回到root目錄

[[email protected] ~]#

 

接下來把要升級的三個安裝包上傳到root目錄下，

準備升級之前要做好備份

備份OpenSSH相關檔案：

# cp -r /etc/ssh/ /etc/ssh_bak #備份配置檔案目錄

# cp /etc/init.d/sshd /etc/init.d/sshd_bak     #備份啟動指令碼

# cp /usr/sbin/sshd /usr/sbin/sshd_bak    #備份啟動關聯檔案

 

咱們這邊不做原版本的解除安裝。

安裝OpenSSH

安裝OpenSSH需先安裝其所依賴的zlib和OpenSSL服務。

 原始碼編譯zlib

# tar -xvzf zlib-1.2.8.tar #解壓縮

# cd zlib-1.2.8

[zlib-1.2.8]# ./configure --prefix=/usr/local/zlib #檢查配置

[zlib-1.2.8]Bash ./configure --prefix=/usr/local/zlib

[zlib-1.2.8]# make #編譯

[zlib-1.2.8]# make install #編譯安裝

 

 原始碼編譯OpenSSL

# tar -xvzf openssl-1.0.1h.tar.gz #解壓縮

# cd openssl-1.0.1h #進入目錄

[openssl-1.0.1h]# ./config --prefix=/usr/local/openssl #檢查配置

[openssl-1.0.1h]# make #編譯

[openssl-1.0.1h]# make install #編譯安裝

 原始碼編譯OpenSSH

# tar -xvzf openssh-6.5p1.tar.gz #解壓縮

# cd openssh-6.5p1 #進入目錄

[openssh-6.5p1]# ./configure \ #檢查配置

> --sysconfdir=/etc/ssh \

> --with-zlib=/usr/local/zlib/ \

> --with-ssl-dir=/usr/local/openssl

[openssh-6.5p1]#make #編譯

[openssh-6.5p1]#make install #編譯安裝

 

安裝完成之後，OpenSSH釋放檔案的情況如下：

範疇	路徑	例子
客戶端命令	/usr/local/bin	ssh、ssh-add、ssh-agent、scp等
伺服器守護程序	/usr/local/sbin	sshd
其他額外命令	/usr/local/libexec	sftp-server、ssh-pkcs11-helper
配置檔案和公鑰	/etc/ssh	sshd_config、ssh_host_*
幫助文件	/usr/local/openssh/share	share/{man1，man5，man8}

 

啟動openssh

# /usr/local/sbin/sshd –d #除錯OpenSSH

 

# /usr/local/sbin/sshd -f /etc/ssh/sshd_config

 

開機管理OpenSSH

# vi /etc/init.d/sshd

SSHD=/usr/local/sbin/sshd        #預設為SSHD=/usr/sbin/sshd

start()

{

        # Create keys if necessary

        /usr/local/bin/ssh-keygen –A       #預設為/usr/bin/ssh-keygen –A

 

# chkconfig sshd on #開機啟動設定

# chkconfig --list sshd

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

# service  sshd restart

Stopping sshd:[  OK  ]

Starting sshd:[  OK  ]

OpenSSH版本驗證

# /usr/local/bin/ssh -V

OpenSSH_6.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

 

設定openssh服務

# cp /usr/local/openssh/bin/ssh /usr/bin/

驗證升級後的版本

[[email protected] ~]# ssh -V

OpenSSH_6.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

重啟openssh

 

[[email protected] ~]# service sshd restart

Stopping sshd:                                             [  OK  ]

Starting sshd: /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication

/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials

/etc/ssh/sshd_config line 97: Unsupported option UsePAM

                                                           [  OK  ]

[[email protected] ~]#

 

設定root可以遠端訪問：

[[email protected] ~]# vim /etc/ssh/sshd_config

 

#LoginGraceTime 2m

PermitRootLogin yes  放開root許可權

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

 

遇到的問題

配置OpenSSH時出現缺少OpenSSL library

在完成OpenSSL配置後

#vi Makefile

修改  gcc下面的引數，新增-fPIC

之後正常安裝OpenSSL

在安裝OpenSSH之前，進行如下操作

#setenforce 0

#vi /etc/selinux/config

註釋SELINUX=enforcing

新增行：SELINUX=disabled

儲存退出

之後正常安裝即可。

 

不原始碼安裝OpenSSL的情況下安裝OpenSSH

在編譯[openssh-6.5p1]# ./configure \ #檢查配置

> --sysconfdir=/etc/ssh \

> --with-zlib=/usr/local/zlib/ \

> --with-ssl-dir=/usr/local/openssl

時報錯

OpenSSL headers missing - please install first or check config.log ***"的錯誤，這是缺少openssl-devel所致，只需安裝openssl-devel即可，執行命令：yum install openssl-devel

 

rpm或yum安裝openssl-devel即可滿足OpenSSH的安裝條件

#yum install openssl-devel

 

OpenSSH無法make install

#make install

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

make: *** [host-key] Error 127

[[email protected] openssh-6.5p1]# /usr/sbin/setenforce 0

之後正常安裝即可