CentOS7升级OpenSSH到8.5
作者:互联网
目录
描述
此脚本主要针对SSH服务加密漏洞扫描,故升级为SSL协议版本为8.5
升级思路和注意事项
- 升级前,打开telnet远程登录服务,测试是否可以登录,确保可以root用户登录
- 升级SSL过程中,不要终端当前会话
- 确定好 OpenSSH与OpenSSL 版本与zlib版本的对应关系,以OpenSSH8.5p1版本为例,OpenSSL 版本为:openssl-1.0.2r,zlib版本为:zlib-1.2.11
- 升级完成后,重启sshd服务,关闭telnet远程登录
安装步骤
#! /bin/bash
# 更新包目录:/home/update
echo "开始挂载系统镜像"
mount /home/CentOS-7-x86_64-Everything-2009.iso /mnt
echo "挂载系统镜像结束"
yum makecache
echo "yum源更新完成"
echo "关闭selinux"
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
echo "防火墙关闭完成"
echo "开始安装telnet服务"
yum -y install xinetd telnet-server
cp /etc/securetty /etc/securetty.bak
echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
echo "pts/3" >> /etc/securetty
echo "pts/4" >> /etc/securetty
systemctl restart telnet.socket
systemctl restart xinetd
systemctl enable telnet.socket
systemctl enable xinetd
echo "安装telnet服务完成"
read -n1 -p "Press any key to continue..."
echo "安装依赖组件"
yum -y install gcc gcc-c++ make pam pam-devel openssl-devel pcre-devel perl zlib-devel
echo "安装依赖组件完成"
echo "开始卸载系统自带ssh组件"
systemctl stop sshd
cp -r /etc/ssh /etc/ssh.old
cp /etc/init.d/ssh /etc/init.d/ssh.old
rpm -qa | grep openssh
rpm -e `rpm -qa | grep openssh` --nodeps
#正常卸载自带ssh后,执行此条命令,没有结果返回
rpm -qa | grep openssh
echo "安装和配置zlib开始"
cd /home/update
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
ls -l /usr/local/zlib
echo "/usr/local/zlib/lib" >> /etc/ld.so.conf.d/zlib.conf
ldconfig -v
echo "安装和配置zlib完成"
echo "安装和配置openssl开始"
cd ..
tar -zxvf openssl-1.0.2r.tar.gz
cd openssl-1.0.2r
./config shared zlib && make && make install
mv -f /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf.d/ssl.conf
ldconfig -v
openssl version -a
echo "安装和配置openssl结束"
echo "安装和配置openssh8.5开始"
cd ..
rm -rf /etc/ssh
tar -zxvf openssh-8.5p1.tar.gz
cd openssh-8.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords
make && make install
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
cd .. //退出刚才解压后的openssh-8.5p1目录
cp -p openssh-8.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
systemctl status sshd
ssh -V
echo "安装和配置openssh8.5结束"
标签:8.5,OpenSSH,zlib,openssl,echo,CentOS7,etc,ssh,usr 来源: https://www.cnblogs.com/henuqin/p/16544681.html