CentOS7升级OpenSSH到8.5
2022/8/3 5:22:55
本文主要是介绍CentOS7升级OpenSSH到8.5,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
目录- 描述
- 升级思路和注意事项
- 安装步骤
描述
此脚本主要针对SSH服务加密漏洞扫描,故升级为SSL协议版本为8.5
升级思路和注意事项
- 升级前,打开telnet远程登录服务,测试是否可以登录,确保可以root用户登录
- 升级SSL过程中,不要终端当前会话
- 确定好 OpenSSH与OpenSSL 版本与zlib版本的对应关系,以OpenSSH8.5p1版本为例,OpenSSL 版本为:openssl-1.0.2r,zlib版本为:zlib-1.2.11
- 升级完成后,重启sshd服务,关闭telnet远程登录
安装步骤
#! /bin/bash # 更新包目录:/home/update echo "开始挂载系统镜像" mount /home/CentOS-7-x86_64-Everything-2009.iso /mnt echo "挂载系统镜像结束" yum makecache echo "yum源更新完成" echo "关闭selinux" setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config systemctl stop firewalld echo "防火墙关闭完成" echo "开始安装telnet服务" yum -y install xinetd telnet-server cp /etc/securetty /etc/securetty.bak echo "pts/0" >> /etc/securetty echo "pts/1" >> /etc/securetty echo "pts/2" >> /etc/securetty echo "pts/3" >> /etc/securetty echo "pts/4" >> /etc/securetty systemctl restart telnet.socket systemctl restart xinetd systemctl enable telnet.socket systemctl enable xinetd echo "安装telnet服务完成" read -n1 -p "Press any key to continue..." echo "安装依赖组件" yum -y install gcc gcc-c++ make pam pam-devel openssl-devel pcre-devel perl zlib-devel echo "安装依赖组件完成" echo "开始卸载系统自带ssh组件" systemctl stop sshd cp -r /etc/ssh /etc/ssh.old cp /etc/init.d/ssh /etc/init.d/ssh.old rpm -qa | grep openssh rpm -e `rpm -qa | grep openssh` --nodeps #正常卸载自带ssh后,执行此条命令,没有结果返回 rpm -qa | grep openssh echo "安装和配置zlib开始" cd /home/update tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure --prefix=/usr/local/zlib make && make install ls -l /usr/local/zlib echo "/usr/local/zlib/lib" >> /etc/ld.so.conf.d/zlib.conf ldconfig -v echo "安装和配置zlib完成" echo "安装和配置openssl开始" cd .. tar -zxvf openssl-1.0.2r.tar.gz cd openssl-1.0.2r ./config shared zlib && make && make install mv -f /usr/bin/openssl /usr/bin/openssl.bak ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl ln -s /usr/local/ssl/include/openssl /usr/include/openssl echo "/usr/local/ssl/lib" >> /etc/ld.so.conf.d/ssl.conf ldconfig -v openssl version -a echo "安装和配置openssl结束" echo "安装和配置openssh8.5开始" cd .. rm -rf /etc/ssh tar -zxvf openssh-8.5p1.tar.gz cd openssh-8.5p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords make && make install echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config cd .. //退出刚才解压后的openssh-8.5p1目录 cp -p openssh-8.5p1/contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ecdsa_key chmod 600 /etc/ssh/ssh_host_ed25519_key chkconfig --add sshd chkconfig sshd on systemctl restart sshd systemctl status sshd ssh -V echo "安装和配置openssh8.5结束"
这篇关于CentOS7升级OpenSSH到8.5的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-05-15PingCAP 黄东旭参与 CCF 秀湖会议,共探开源教育未来
- 2024-05-13PingCAP 戴涛:构建面向未来的金融核心系统
- 2024-05-09flutter3.x_macos桌面os实战
- 2024-05-09Rust中的并发性:Sync 和 Send Traits
- 2024-05-08使用Ollama和OpenWebUI在CPU上玩转Meta Llama3-8B
- 2024-05-08完工标准(DoD)与验收条件(AC)究竟有什么不同?
- 2024-05-084万 star 的 NocoDB 在 sealos 上一键起,轻松把数据库编程智能表格
- 2024-05-08Mac 版Stable Diffusion WebUI的安装
- 2024-05-08解锁CodeGeeX智能问答中3项独有的隐藏技能
- 2024-05-08RAG算法优化+新增代码仓库支持,CodeGeeX的@repo功能效果提升