致谢:feichai 2020年07月16日于 废柴博客 发表:Centos7 升级OpenSSH 8.2p1的详细步骤【附安装包、脚本】
一、升级前检查系统版本:
[root@localhost ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
[root@localhost ~]# uname -r
3.10.0-1127.el7.x86_64
二、升级准备
1、设置路径:/root/OpenSSH
2、给路径设置权限;
3、服务器联网,如果不能联网手动下载安装包
zlib1.2.11 http://www.zlib.net/zlib-1.2.11.tar.gzopenssl-1.1.1mhttps://www.openssl.org/source/openssl-1.1.1m.tar.gzopenssh-8.8p1https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
三、开始升级
将下面的脚本(UpdateOpenSSH.sh)上传至/root/OpenSSH目录,并给定执行权限。执行./UpdateOpenSSH.sh,等待升级完毕。
#!/bin/bash
clear
echo ------------------------------------------
echo CentOS7 openssh升级到8.8p1
echo $(date +%F-%T)
echo 注意环境,使用前请做好测试!!!
echo ------------------------------------------
sleep 3s
clear
echo 安装进程开始 3
sleep 1s
clear
echo 安装进程开始 3 2
sleep 1s
clear
echo 安装进程开始 3 2 1
sleep 1s
clear
echo 刷新yum元数据缓存
sleep 2s
yum makecache
sleep 3s
clear
echo 检测安装telnet服务
sleep 1s
echo 尝试启动telnet服务
sleep 1s
cp /etc/securetty /etc/securetty.bak
grep "pts/0" /etc/securetty || echo 'pts/0' >> /etc/securetty
grep "pts/1" /etc/securetty || echo 'pts/1' >> /etc/securetty
systemctl restart telnet.socket && systemctl restart xinetd
ps -ef |grep xinetd | egrep -v grep > /dev/null
if [ $? -eq 0 ]
then
echo 检测到telnet服务已启动……
systemctl enable telnet.socket
systemctl enable xinetd
sleep 2s
else
echo 未检测到telnet服务,开始安装服务……
sleep 2s
yum -y install xinetd telnet-server
sleep 2s
clear
echo 安装telnet服务结束,启动服务……
systemctl restart telnet.socket && systemctl restart xinetd
systemctl enable telnet.socket
systemctl enable xinetd
sleep 1s
fi
clear
echo 关闭SElinux及防火墙并禁用……
sleep 2s
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
cat /etc/selinux/config
systemctl stop firewalld.service
systemctl disable firewalld.service
sleep 2s
clear
echo 安装程序依赖包……
sleep 2s
yum -y install gcc gcc-c++ make pam pam-devel openssl-devel pcre-devel perl zlib-devel
sleep 1s
clear
echo 停止并卸载原有ssh
sleep 3s
systemctl stop sshd
cp -r /etc/ssh /etc/ssh.old
cp -r /etc/init.d/ssh /etc/init.d/ssh.old
rpm -qa | grep openssh
sleep 1s
rpm -e `rpm -qa | grep openssh` --nodeps
rpm -qa | grep openssh
sleep 1s
clear
echo 判断是否需要安装wget
WGET=`rpm -qa | grep wget`
if [$WGET -z ];then
yum install -y wget
fi
echo 准备文件和参数
echo ################################################################
echo 服务器无法联网下载的可以将所需要的升级包放到/root/OpenSSH目录下
echo ################################################################
file=/root/OpenSSH
zlib=http://www.zlib.net/zlib-1.2.11.tar.gz
openssl=https://www.openssl.org/source/openssl-1.1.1m.tar.gz
openssh=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
echo 创建目录
mkdir -p $file/zlib
mkdir -p $file/openssl
mkdir -p $file/openssh
echo 联网通过wget下载安装包
cd $file
echo 开始下载zlib
wget $zlib
echo 开始下载openssl
wget --no-check-certificate $openssl
echo 开始下载openssh
wget --no-check-certificate $openssh
###安装相关依赖包###
yum install -y gcc make perl zlib zlib-devel pam pam-devel
echo 安装zlib
sleep 2s
tar -xzf zlib*.tar.gz -C $file/zlib
sleep 2s
cd $file/zlib/zlib*
./configure --prefix=/usr/local/zlib && make && make install
ls -l /usr/local/zlib
cd ..
sleep 1s
clear
echo 配置zlib
grep "/usr/local/zlib/lib" /etc/ld.so.conf.d/zlib.conf || echo '/usr/local/zlib/lib' >> /etc/ld.so.conf.d/zlib.conf
ldconfig -v
sleep 1s
clear
echo 安装openssl
sleep 5s
mv -f /usr/bin/openssl /usr/bin/openssl.old
mv -f /usr/include/openssl /usr/include/openssl.old
mv -f /usr/lib64/openssl /usr/lib64/openssl.old
rm -rf /usr/local/ssl
cd $file
tar -xzf openssl*.tar.gz -C $file/openssl
cd $file/openssl/openssl*
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib && make && make install
cd ..
sleep 5s
clear
echo 配置openssl
sleep 5s
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
grep "/usr/local/ssl/lib" /etc/ld.so.conf.d/ssl.conf || echo '/usr/local/ssl/lib' >> /etc/ld.so.conf.d/ssl.conf
grep "/usr/local/lib" /etc/ld.so.conf.d/ssl.conf || echo '/usr/local/lib' >> /etc/ld.so.conf.d/ssl.conf
ldconfig -v
openssl version -a
sleep 5s
clear
echo 安装openssh
sleep 5s
rm -rf /etc/ssh
cd $file
tar -xzf openssh*.tar.gz -C $file/openssh
cd $file/openssh/openssh*
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords
make
sleep 5s
sudo chmod 600 /etc/ssh/ssh_host_rsa_key
sudo chmod 600 /etc/ssh/ssh_host_ecdsa_key
sudo chmod 600 /etc/ssh/ssh_host_ed25519_key
make install
cd ..
pwd
sleep 5s
clear
echo 配置openssh
sleep 10s
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo 'Banner /etc/issue' >> /etc/ssh/sshd_config
cp -p openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
sudo chmod 600 /etc/ssh/ssh_host_rsa_key
sudo chmod 600 /etc/ssh/ssh_host_ecdsa_key
sudo chmod 600 /etc/ssh/ssh_host_ed25519_key
chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
sleep 10s
clear
systemctl status sshd
if [ $? -eq 0 ]
then
clear
echo SSH安装并运行成功,开始关闭并禁用telnet
sleep 1s
systemctl stop telnet.socket && systemctl stop xinetd
systemctl disable telnet.socket && systemctl disable xinetd
sleep 1s
echo 升级完成,安装ssh2扩展支持
sleep 5s
yum install libssh2 -y
clear
echo 安装进程结束
sleep 5s
else
echo SSH未成功安装或配置,安装进程即将退出,请检查日志……
sleep 5s
fi