提示:以下是本篇文章正文内容,下面案例已测试可供参考
一、Telnet安装
Telnet协议是TCP/IP协议族中的一员,是Internet远程登录服务的标准协议和主要方式。它为用户提供了在本地计算机上完成远程主机工作的能力。升级过程防止升级失败,需要先开启telnet服务,防止升级失败连接不上远程主机
1.1 yum安装
yum install -y telnet-server xinetd
cp /etc/securetty{
,.bak}
vim /etc/securetty
# 最后添加,为了能用root登录
pts/0
pts/1
systemctl start telnet.socket
systemctl start xinetd
# 本地telnet测试可以连接
# 安装完成后可以删除
yum remove -y telnet-server
# 并恢复配置
mv /etc/securetty.bak /etc/securetty
1.2 rpm安装
下载安装包
centos7系统rpm包下载位置:http://vault.centos.org/6.3/os/x86_64/Packages/
安装telnet相关
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
rpm -ivh telnet-server-0.17-64.el7.x86_64.rpm
检查安装结果
[tomcat@province-onepoint tool]$ rpm -qa | grep xinetd
xinetd-2.3.15-14.el7.x86_64
[tomcat@province-onepoint tool]$ rpm -qa | grep telnet
telnet-server-0.17-64.el7.x86_64
启动telnet
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl enable xinetd
systemctl start xinetd
二、OpenSSH升级
在OpenSSH的包中包含 的ssh客户端和 sshd的守护进程。这对于加密身份验证和网络上的后续流量很有用
2.1下载安装包
下载(OpenSSH):http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
下载 (zlib)
wget http://www.zlib.net/zlib-1.2.11.tar.gz
# --no-same-owner 谁解压的就是谁的用户,防止出现用户id为1001这种情况
tar --no-same-owner -zxvf zlib-1.2.11.tar.gz
tar --no-same-owner -zxvf openssh-8.3p1.tar.gz
//tar --no-same-owner -zxvf openssl-1.1.1g.tar.gz
编译zlib-1.2.11
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
编译openssh
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib
--with-ssl-dir=/usr/local/openssl --with-md5-passwords
echo $?
make && make install
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
备份原有并换新
mv /usr/bin/openssl /usr/bin/openssl.bak
cp /usr/local/ssl/bin/openssl /usr/bin/openssl
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
重启sshd服务
systemctl stop sshd
systemctl start sshd
查看Openssh版本和sshd状态
ssh -V
systemctl status sshd
提示:部分依赖包下载地址
本文是在centos7 openssh8.01基础上升级 依赖本机的openssl1.0.2
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-8.4p1.tar.gz
wget http://www.zlib.net/zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
部分报错 需处理
1.修改一下文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
- 安装依赖包
yum -y install gcc-c++ gcc glibc autoconf openssl openssl-devel pcre-devel pam-devel
3.关闭防火墙
systemctl stop firewalld //允许telnet端口登录