升级openssl1.1.1 openssh9

2023-02-13  本文已影响0人  夜清溟
#!/bin/bash
#安装telnet
yum -y install telnet-server
systemctl start telnet.socket
cat >> /etc/securetty << EOF
pts/1
pts/2
pts/3
pts/4
EOF

systemctl restart telnet.socket

#创建备份
\cp -f /etc/pam.d/sshd /usr/local/src/sshd.backup

\cp -raf /etc/ssh /etc/ssh.bak

\cp -af /etc/init.d/sshd /etc/init.d/sshd.bak

\mv -f  /usr/bin/openssl /usr/bin/openssl.bak


#安装准备工具
yum install -y wget gcc make pam-devel libselinux-devel zlib-devel openssl-devel

#下载安装openssl1.1.1
cd /usr/local/src
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1p.tar.gz
tar -zxvf openssl-1.1.1p.tar.gz
cd openssl-1.1.1p && ./config --prefix=/usr/local/ssl shared && make -j 2 && make install



echo "/usr/lcoal/ssl/lib" >> /etc/ld.so.conf

ldconfig

\cp /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1

ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

#下载openssh9
cd /usr/local/src
wget -O openssh.tar.gz https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

#备份sshd配置文件
\cp -f /etc/ssh/sshd_config sshd_config.backup
\cp -f /etc/pam.d/sshd sshd.backup

#卸载旧版本sshd服务
rpm -e --nodeps `rpm -qa | grep openssh`

#解压openssh压缩包
tar -zxvf openssh.tar.gz
cd openssh-9.0p1

#编译安装
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make -j 2 && make install

#调整文件权限
#chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key

#设置自启动
\cp -af contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
/etc/init.d/sshd start

#恢复备份文件
mv /usr/local/src/sshd.backup /etc/pam.d/sshd
mv /etc/ssh.bak/sshd_config /etc/ssh/sshd_config

#修改sftp-server路径
sed -i '/Subsystem/ s/openssh\///g' /etc/ssh/sshd_config

#重启sshd
systemctl enable sshd
systemctl restart sshd
systemctl status sshd

升级完成后请及时关闭和卸载telnet服务以及防火墙23端口。

上一篇下一篇

猜你喜欢

热点阅读