cd /home/ishangsoft wget http://down.i.my71.com/openssl-1.0.2k.tar.gz wget http://down.i.my71.com/openssh-7.4p1.tar.gz wget http://down.i.my71.com/zlib-1.2.11.tar.gz
查看当前版本:
rpm -q zlib openssl version ssh -V
安装telnet服务并启用
yum -y install telnet-server* service iptables stop chkconfig iptables off vi /etc/xinetd.d/telnet
mv /etc/securetty /etc/securetty.old service xinetd start chkconfig xinetd on
cd /home/ishangsoft/ yum -y install gcc pam-devel zlib-devel tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure --prefix=/usr make rpm -e --nodeps zlib make install echo '/usr/lib' >> /etc/ld.so.conf ldconfig
可通过yum list命令验证是否更新成功(更新失败yum不可用)
备份openssl:
find / -name openssl
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old mv /usr/lib64/openssl /usr/lib64/openssl.old mv /usr/include/openssl /usr/include/openssl.old mv /usr/bin/openssl /usr/bin/openssl.old cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
卸载当前openssl
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}安装openssl
cd /home/ishangsoft/ tar -zxvf openssl-1.0.2k.tar.gz cd openssl-1.0.2k ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib make make test make install openssl version -a
备份当前openssh
mv /etc/ssh /etc/ssh.old
卸载当前的openssh
rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}openssh安装前环境配置
install -v -m700 -d /var/lib/sshd chown -v root:sys /var/lib/sshd groupadd -g 50 sshd useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
安装openssh
cd /home/ishangsoft/ tar -zxvf openssh-7.4p1.tar.gz cd openssh-7.4p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd make make install install -v -m755 contrib/ssh-copy-id /usr/bin install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 install -v -m755 -d /usr/share/doc/openssh-7.4p1 install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.4p1 ssh -V
启用OpenSSH服务
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config cp -p contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd chkconfig sshd on chkconfig --list sshd service sshd restart
善后工作
mv /etc/securetty.old /etc/securetty chkconfig xinetd off service xinetd stop service iptables start chkconfig iptables on
如果升级过程有异常,恢复sshd配置文件
rm -rf /etc/ssh mv /etc/ssh.old /etc/ssh
参考:https://www.cnblogs.com/xshrim/p/6472679.html
没有帐号? 立即注册