centos升级openssl,openssh到最新版本

升级openssl

查看当前版本

openssl version

升级到最新版

cd source

wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz

tar -zxf openssl-1.1.1k.tar.gz

cd openssl-1.1.1k

./config –prefix=/usr/local/openssl

make -j  4

make install

whereis openssl #查看openssl在哪里

ls -l /usr/bin/openssl #查看是不是软连接文件

cp /usr/local/openssl/bin/openssl /usr/bin/ #复制新文件到/usr/bin下

openssl version #查看openssl版本,缺少依赖

ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1  #依赖库做软连接

ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1  #依赖库做软连接

openssl version #查看版本是否为最新版

 

升级ssh

cd ..

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz

tar -zxf openssh-8-5p1.tar.gz

cd openssh-8-5p1

安装telnet

yum -y install xinetd telnet-server

如果没有telnet的服务文件,则创建telnet服务文件

文件路径 /etc/xinetd.d/telnet

telnet:

##########################内容如下

 

service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = no
}

 

#########################内容如上

启动服务

service xinetd start

创建登录telnet的用户

useradd aaa

passwd aaa

赋予aaa权限

vi /etc/sudoers   

在root ALL=(ALL)    ALL   #下面这一行,添加

aaa  ALL=(ALL) ALL 

测试telnet登录,普通用户是否能sudo使用命令,查看root家目录

成功了继续往下:

继续安装ssh:

备份/etc/ssh

mv /etc/ssh ./ssh_olds

yum -y remove openssh

./configure –prefix=/usr/local/openssh –sysconfdir=/etc/ssh  –with-openssl-includes=/usr/local/openssl/include –with-ssl-dir=/usr/local/openssl   –with-zlib   –with-md5-passwords   –with-pam

###部分机器./configure出错的时候,可能是没有pam,pam-devel包,rpm -qa|grep pam,查询一下,如果没有yum安装一下即可

 

编译

make -j 4

安装

make install

复制原先的配置文件

cp ssh_olds/sshd_config /etc/ssh/

复制文件:

cp contrib/redhat/sshd.init /etc/init.d/sshd  #服务文件

centos7下的/etc/pam.d/sshd文件内容,/etc/pam.d/sshd文件必须存在!!!!

#########################以下内容#########################

#%PAM-1.0
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

#########################以上内容#########################

centos6下的/etc/pam.d/sshd文件内容:

#########################以下内容#########################

auth    required pam_sepermit.so
auth       required pam_tally2.so deny=3 unlock_time=86400 even_deny_root root_unlock_time=600
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

#########################以上内容#########################

 

cp /usr/local/openssh/bin/s* /usr/bin/

cp /usr/local/openssh/sbin/sshd /usr/sbin/

修改配置文件:

PermitRootLogin yes    #打开注释,改成yes,因为我本机是root用户登录,所以需要打开,如果不是root用户登录,可以关闭,增加安全性

PubkeyAuthentication yes    #打开注释,改成yes,开启秘钥验证

PasswordAuthentication yes    #打开注释,改成yes,开启密码验证

 

/etc/init.d/sshd start  #启动ssh

netstat -ntulp|grep ssh   #查看进程是否启动

打开一个新的xshell窗口,会有一个ssh安全警告,点击接受并保存,链接成功,查看ssh版本

ssh -V #查看版本,已经是最新的了

关闭telnet,删除用户,删除配置

yum -y remove xinetd telnet-server

userdel -r aaa

vi /etc/sudoers    #aaa那一行去掉,保存退出,强制!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发