升级openssh9脚本
#!/usr/bin/env bash
OPENSSH_VERSION=openssh-9.0p1
OPENSSL_VERSION=openssl-1.1.1n
ZILB_VERSION=zlib-1.2.11
function ifCMD() {
if [ $? -ne 0 ]; then
exit
fi
}
yum -y install wget tar gcc make gcc-c++ kernel-devel openssl-devel pam-devel
mkdir -p /usr/local/src/opensshUpgrade
cd /usr/local/src/opensshUpgrade || exit
wget -c https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/$OPENSSH_VERSION.tar.gz
ifCMD
wget -c https://www.openssl.org/source/$OPENSSL_VERSION.tar.gz
ifCMD
wget -c https://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.11/$ZILB_VERSION.tar.gz
ifCMD
tar xf $OPENSSH_VERSION.tar.gz -C /usr/local/src/
tar xf $OPENSSL_VERSION.tar.gz -C /usr/local/src/
tar xf $ZILB_VERSION.tar.gz -C /usr/local/src/
cd /usr/local/src/$ZILB_VERSION/ || exit
./configure --prefix=/usr/local/zlib && make -j && make install
ifCMD
mv /usr/bin/openssl{
,.bak} &>/dev/null
mv /usr/include/openssl{
,.bak} &>/dev/null
ifCMD
cd /usr/local/src/$OPENSSL_VERSION/ || exit
./config --prefix=/usr/local/openssl -d shared
make -j && make install
ifCMD
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ifCMD
ldd /usr/local/openssl/bin/openssl
echo '/usr/local/openssl/lib' >>/etc/ld.so.conf
ldconfig -v
mv /etc/ssh{
,.bak} &>/dev/null
mv /usr/bin/ssh{
,.bak} &>/dev/null
mv /usr/sbin/sshd{
,.bak} &>/dev/null
mv /usr/bin/ssh-keygen{
,.bak} &>/dev/null
yum erase openssh -y
ifCMD
cd /usr/local/src/$OPENSSH_VERSION/ || exit
./configure --prefix=/usr/local/openssh \
--sysconfdir=/etc/ssh \
--mandir=/usr/share/man \
--with-ssl-dir=/usr/local/openssl \
--with-zlib=/usr/local/zlib
make -j && make install
ifCMD
touch /etc/ssh/disable_scp
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /etc/ssh.old/sshd_config /etc/ssh/sshd_config
grep -Ev "^$|#" /etc/ssh.old/sshd_config >/etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication /# GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^GSSAPICleanupCredentials /# GSSAPICleanupCredentials no/' /etc/ssh/sshd_config
sed -i 's/^UsePAM /# UsePAM yes/' /etc/ssh/sshd_config
pgrep sshd &>/dev/null
systemctl stop sshd.service &>/dev/null
rm -rf /lib/systemd/system/sshd.service
echo "
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
" >/usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl Restart sshd
ifCMD
systemctl enable --now sshd
systemctl status sshd | grep "Active: active (running)"
sshd -V
ssh -v
openssl version
if [ $? -eq 0 ]; then
echo -e "\033[32m[INFO] OpenSSH upgraded to $OPENSSH_VERSION successfully!\033[0m"
else
echo -e "\033[31m[ERROR] OpenSSH upgraded to $OPENSSH_VERSION faild!\033[0m"
fi