一、环境介绍
` openssh版本`
[ root@localhost ~]
OpenSSL 1.0.2k-fips 26 Jan 2017
[ root@localhost ~]
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
` linux发行版和内核`
[ root@localhost ~]
NAME= "CentOS Linux"
VERSION= "7 (Core)"
ID= "centos"
ID_LIKE= "rhel fedora"
VERSION_ID= "7"
PRETTY_NAME= "CentOS Linux 7 (Core)"
ANSI_COLOR= "0;31"
CPE_NAME= "cpe:/o:centos:centos:7"
HOME_URL= "https://www.centos.org/"
BUG_REPORT_URL= "https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT= "CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION= "7"
REDHAT_SUPPORT_PRODUCT= "centos"
REDHAT_SUPPORT_PRODUCT_VERSION= "7"
[ root@localhost ~]
3.10.0-957.el7.x86_64
二、安装配置telnet
2.1、安装telnet-server
[ root@localhost ~]
2.2、配置telnet
` 先看一下xinetd.d目录下是否有telnet文件`
[ root@localhost ~]
ls: cannot access /etc/xinetd.d/telnet: No such file or directory
` 如果有,则将文件里面的disable = no改成disable = yes `
` 如果没有,就进行下面的操作`
[ root@localhost ~]
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
EOF
2.3、配置telnet登录的终端类型
[ root@localhost ~]
pts/0
pts/1
pts/2
pts/3
EOF
2.4、启动telnet服务
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
LISTEN 0 128 :::23 :::* users:(( "systemd" ,pid= 1,fd= 46))
` 23端口起来了,表示telnet服务正常运行`
三、切换登录方式为telnet
后面的操作都是在telnet链接的方式下进行,避免ssh中断导致升级失败
以telnet方式登录的时候,注意选择协议和端口,协议为telnet,端口为23
四、开始升级OpenSSH
4.1、下载升级所需依赖包
[ root@localhost ~]
4.2、下载OpenSSL和OpenSSH
openssl官网:https://www.openssl.org/
openssh官网:http://www.openssh.com/
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
4.3、编译安装OpenSSL
` 开始之前,先备份一下原有的OpenSSL文件`
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost openssl-1.1.1i]
` 编译完成后,可以在/usr/local目录下找到openssl的二进制文件和目录`
[ root@localhost ~]
-rwxr-xr-x 1 root root 749136 Jan 14 14:25 /usr/local/bin/openssl
[ root@localhost ~]
drwxr-xr-x 2 root root 4096 Jan 14 14:25 /usr/local/include/openssl/
` 建立软连接`
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
lrwxrwxrwx 1 root root 22 Jan 14 14:32 /usr/bin/openssl -> /usr/local/bin/openssl
[ root@localhost ~]
lrwxrwxrwx 1 root root 27 Jan 14 14:33 /usr/include/openssl -> /usr/local/include/openssl/
` 重新加载配置,验证openssl版本`
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
OpenSSL 1.1.1i 8 Dec 2020
4.3.1、可能会有的一些报错和解决方法
[ root@localhost ~]
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
"这是因为libssl.so.1.1文件找不到,执行find / -name 'libssl.so.1.1',将/etc/ld.so.conf里面的lib64改成find出来的路径即可"
[ root@localhost ~]
"编译完,可以用上面的find命令看一下openssl所在的路径,以及include/openssl所在的路径"
4.4、编译安装OpenSSH
` 备份原有的ssh目录`
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost openssh-8.4p1]
--sysconfdir= /etc/ssh \
--with-openssl-includes= /usr/local/include \
--with-ssl-dir= /usr/local/lib64 \
--with-zlib \
--with-md5-passwords \
--with-pam && \
make && \
make install
4.4.1、配置sshd_config文件
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
` 如果是图形化界面,需要x11的话,需要配置如下`
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
4.4.2、创建新的sshd二进制文件
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
` 查看openssh当前版本`
[ root@localhost ~]
OpenSSH_8.4p1, OpenSSL 1.1.1i 8 Dec 2020
4.4.3、重新启动openssh服务
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
[ root@localhost ~]
4.5、ssh链接成功后的处理
[ root@localhost ~]
` 成功连接上之后,可以关闭telnet服务,当然,也可以不关闭`
[ root@localhost ~]
[ root@localhost ~]