OpenSSH升级-RedHat

查看当前版本

# ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

 

使用telnet服务进行安装升级

查看telnet服务状态：

root@localhost ~]# service xinetd status

/etc/sysconfig/network: line 3: hl-tyapp1: command not found

xinetd (pid  21601) is running...

 

重启telnet服务

[root@localhost ~]# service xinetd restart

/etc/sysconfig/network: line 3: hl-tyapp1: command not found

Stopping xinetd:                                           [  OK  ]

Starting xinetd:                                       [  OK  ]

 

telnet服务默认不支持root账户登录，要先新建账户，升级时切换到root账户进行操作。新建一个账户test，密码123，执行命令

[root@localhost ~]# useradd test

[root@localhost ~]# passwd test

Changing password for user test.

New UNIX password:                      #输入test账户的密码

BAD PASSWORD: it is WAY too short

Retype new UNIX password:               #重复输入test账户密码

passwd: all authentication tokens updated successfully.     #完成test账户建立

 

telnet默认采用的端口是TCP的23号端口，校验端口是否正常，正常则配置成功，不正常则配置失败，如下：

# telnet 127.0.0.1   #若本地连接正常，网络无法连接，则查看防火墙是否放行telnet

[root@localhost ~]# telnet 127.0.0.1

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

ONLY Authorized users only! All accesses logged

login: test

Password: 输入密码

Last login: Mon Dec 24 10:31:47 from VM000003114

ONLY Authorized users only! All accesses logged

-bash: /var/log/audit/audit.log: Permission denied

[test@localhost ~]$

切换到root权限  

[test@localhost ~]$ su root

Password:    输入密码

[root@localhost test]# cd   回到root目录

[root@localhost ~]#

 

接下来把要升级的三个安装包上传到root目录下，

准备升级之前要做好备份

备份OpenSSH相关文件：

# cp -r /etc/ssh/ /etc/ssh_bak #备份配置文件目录

# cp /etc/init.d/sshd /etc/init.d/sshd_bak     #备份启动脚本

# cp /usr/sbin/sshd /usr/sbin/sshd_bak    #备份启动关联文件

 

咱们这边不做原版本的卸载。

安装OpenSSH

安装OpenSSH需先安装其所依赖的zlib和OpenSSL服务。

 源码编译zlib

# tar -xvzf zlib-1.2.8.tar #解压缩

# cd zlib-1.2.8

[zlib-1.2.8]# ./configure --prefix=/usr/local/zlib #检查配置

[zlib-1.2.8]Bash ./configure --prefix=/usr/local/zlib

[zlib-1.2.8]# make #编译

[zlib-1.2.8]# make install #编译安装

 

 源码编译OpenSSL

# tar -xvzf openssl-1.0.1h.tar.gz #解压缩

# cd openssl-1.0.1h #进入目录

[openssl-1.0.1h]# ./config --prefix=/usr/local/openssl #检查配置

[openssl-1.0.1h]# make #编译

[openssl-1.0.1h]# make install #编译安装

 源码编译OpenSSH

# tar -xvzf openssh-6.5p1.tar.gz #解压缩

# cd openssh-6.5p1 #进入目录

[openssh-6.5p1]# ./configure \ #检查配置

> --sysconfdir=/etc/ssh \

> --with-zlib=/usr/local/zlib/ \

> --with-ssl-dir=/usr/local/openssl

[openssh-6.5p1]#make #编译

[openssh-6.5p1]#make install #编译安装

 

安装完成之后，OpenSSH释放文件的情况如下：

范畴	路径	例子
客户端命令	/usr/local/bin	ssh、ssh-add、ssh-agent、scp等
服务器守护进程	/usr/local/sbin	sshd
其他额外命令	/usr/local/libexec	sftp-server、ssh-pkcs11-helper
配置文件和公钥	/etc/ssh	sshd_config、ssh_host_*
帮助文档	/usr/local/openssh/share	share/{man1，man5，man8}

 

启动openssh

# /usr/local/sbin/sshd –d #调试OpenSSH

 

# /usr/local/sbin/sshd -f /etc/ssh/sshd_config

 

开机管理OpenSSH

# vi /etc/init.d/sshd

SSHD=/usr/local/sbin/sshd        #默认为SSHD=/usr/sbin/sshd

start()

{

        # Create keys if necessary

        /usr/local/bin/ssh-keygen –A       #默认为/usr/bin/ssh-keygen –A

 

# chkconfig sshd on #开机启动设置

# chkconfig --list sshd

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

# service  sshd restart

Stopping sshd:[  OK  ]

Starting sshd:[  OK  ]

OpenSSH版本验证

# /usr/local/bin/ssh -V

OpenSSH_6.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

 

设置openssh服务

# cp /usr/local/openssh/bin/ssh /usr/bin/

验证升级后的版本

[root@localhost ~]# ssh -V

OpenSSH_6.5p1, OpenSSL 1.0.1e-fips 11 Feb 2013

重启openssh

 

[root@localhost ~]# service sshd restart

Stopping sshd:                                             [  OK  ]

Starting sshd: /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication

/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials

/etc/ssh/sshd_config line 97: Unsupported option UsePAM

                                                           [  OK  ]

[root@localhost ~]#

 

设置root可以远程访问：

[root@localhost ~]# vim /etc/ssh/sshd_config

 

#LoginGraceTime 2m

PermitRootLogin yes  放开root权限

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

 

遇到的问题

配置OpenSSH时出现缺少OpenSSL library

在完成OpenSSL配置后

#vi Makefile

修改  gcc下面的参数，添加-fPIC

之后正常安装OpenSSL

在安装OpenSSH之前，进行如下操作

#setenforce 0

#vi /etc/selinux/config

注释SELINUX=enforcing

添加行：SELINUX=disabled

保存退出

之后正常安装即可。

 

不源码安装OpenSSL的情况下安装OpenSSH

在编译[openssh-6.5p1]# ./configure \ #检查配置

> --sysconfdir=/etc/ssh \

> --with-zlib=/usr/local/zlib/ \

> --with-ssl-dir=/usr/local/openssl

时报错

OpenSSL headers missing - please install first or check config.log ***"的错误，这是缺少openssl-devel所致，只需安装openssl-devel即可，执行命令：yum install openssl-devel

 

rpm或yum安装openssl-devel即可满足OpenSSH的安装条件

#yum install openssl-devel

 

OpenSSH无法make install

#make install

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

./ssh-keygen: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

make: *** [host-key] Error 127

[root@localhost openssh-6.5p1]# /usr/sbin/setenforce 0

之后正常安装即可