颜色解释:
配置颜色
命令颜色
升级前环境介绍:
[root@linux6 ~]# more /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@linux6 ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
[root@linux6 ~]# rpm -q zlib
zlib-1.2.3-29.el6.x86_64
升级目标:openSSH7.6p1
操作过程:
下载相应的安装包
openssh-7.9p1.tar.gz (https://mirror.vdms.io/pub/OpenBSD/OpenSSH/portable/)
openssl-1.0.2q.tar.gz (ftp://ftp.openssl.org/source/old/)
zlib-1.2.11.tar.gz
1、安装telnet服务并启用
因升级OpenSSH过程中需要卸载现有OpenSSH,因此安装telnet
#
rpm -ivh telnet-server-0.17-47.el6_3.1.x86_64.rpm xinetd-2.3.14-39.el6_4.x86_64.rpm
(关闭防火墙或开23端口)
#
vi /etc/xinetd.d/telnet /将其中disable字段的yes改为no以启用telnet服务
#
mv /etc/securetty /etc/securetty.old
#
service xinetd start
#
chkconfig xinetd on
telnet 测试是否安装成功
ss -tnlp |grep 23(查看侦听端口)
做好备份(快照)
2、升级ZLIB
有可能需要安装gcc
#
tar -zxvf zlib-1.2.11.tar.gz
#
cd zlib-1.2.11
#
./configure --prefix=/usr
#
make
注意:此步骤必须在步骤 a 执行完毕后再执行,否则先卸载 zlib 后,/lib64/
目录下的 zlib 相关库文件会被删除,步骤 a 编译 zlib 会失败。(补救措施:从
其他相同系统的服务器上复制/lib64、/usr/lib 和/usr/lib64 目录下的
libcrypto.so.10、libssl.so.10、libz.so.1、libz.so.1.2.3 四个文件到相应
目录即可。可通过 whereis、locate 或 find 命令找到这些文件的位置)
# rpm -e --nodeps zlib-xx-xx (--allmatches /卸载任何匹配的包)
在 zlib 编译目录执行如下命令
#
make install
共享库注册
zlib 安装完成后,会在/usr/lib 目录中生产 zlib 相关库文件,需要将这些
共享库文件注册到系统中
#
echo '/usr/lib' >> /etc/ld.so.conf
#
ldconfig #更新共享库 cache
[root@linux6 lib]# find /usr/ -name zlib.pc
/usr/lib64/pkgconfig/zlib.pc
/usr/lib/pkgconfig/zlib.pc
[root@linux6 lib]# more /usr/lib/pkgconfig/zlib.pc
prefix=/usr
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
sharedlibdir=${libdir}
includedir=${prefix}/include
Name: zlib
Description: zlib compression library
Version: 1.2.11
Requires:
Libs: -L${libdir} -L${sharedlibdir} -lz
Cflags: -I${includedir}
2、升级OpenSSL
注:openssh7.6p1依赖的openssl的版本为>1.0.1e 并且 < 1.1.0。
备份当前的openssl
[root@linux6 lib]#
find / -name openssl
/usr/bin/openssl
/usr/lib64/openssl
/usr/openv/pdde/pdopensource/bin/.bin/openssl
/usr/openv/pdde/pdopensource/bin/openssl
/etc/pki/ca-trust/extracted/openssl
[root@linux6 lib]#
mv /usr/bin/openssl /usr/bin/openssl.old
[root@linux6 lib]#
mv /usr/lib64/openssl /usr/lib64/openssl.old
[root@linux6 lib]#
mv /usr/openv/pdde/pdopensource/bin/.bin/openssl /usr/openv/pdde/pdopensource/bin/.bin/openssl.old
[root@linux6 lib]#
mv /usr/openv/pdde/pdopensource/bin/openssl /usr/openv/pdde/pdopensource/bin/openssl.old
[root@linux6 lib]#
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
如下两个库文件必须先备份,因系统内部分工具(如 yum、wget 等)依赖此库,而新版 OpenSSL 不
包含这两个库
[root@linux6 lib]#
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
[root@linux6 lib]#
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
卸载当前OpenSSL (redhat5.8测试 不用卸载也可以继续源码安装--卸载后yum可能出现问题)
[root@linux6 lib]#
rpm -qa |grep openssl
openssl-1.0.1e-15.el6.x86_64
[root@linux6 lib]#
rpm -e --nodeps openssl-1.0.1e-15.el6.x86_64
[root@linux6 lib]#
rpm -qa |grep openssl
[root@linux6 lib]#
解压openssl-1.0.2q.tar.gz源码并编译安装
[root@linux6 opt]#
tar -zxvf openssl-1.0.2q.tar.gz
[root@linux6 opt]#
cd openssl-1.0.2q
[root@linux6 openssl-1.0.2q]#
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
安装的 openssl 的库而报错
[root@linux6 openssl-1.0.2q]
#make
[root@linux6 openssl-1.0.2q]#
make test
[root@linux6 openssl-1.0.2q]#
make install
[root@linux6 openssl-1.0.2q]# openssl version -a
OpenSSL 1.0.2q 20 Nov 2018
built on: reproducible build, date unspecified
platform: linux-x86_64
恢复共享库
由于 OpenSSL_1.0.2k 不提供 libcrypto.so.10 和 libssl.so.10 这两个库,
而 yum、wget 等工具又依赖此库,因此需要将先前备份的这两个库进行恢复,其
他的可视情况考虑是否恢复。
#
mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
#
mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10
每个版本需要备份的东西都不一样,做之前做好备份
3、升级OpenSSH
备份当前OpenSSH
[root@linux6 etc]# mv /etc/ssh /etc/ssh.old
卸载当前OpenSSH
[root@linux6 ssh.old]# rpm -qa |grep openssh
openssh-5.3p1-94.el6.x86_64
openssh-clients-5.3p1-94.el6.x86_64
openssh-server-5.3p1-94.el6.x86_64
openssh-askpass-5.3p1-94.el6.x86_64
[root@linux6 ssh.old]#
[root@linux6 ssh.old]# rpm -e --nodeps openssh-5.3p1-94.el6.x86_64
[root@linux6 ssh.old]# rpm -e --nodeps openssh-clients-5.3p1-94.el6.x86_64
[root@linux6 ssh.old]# rpm -e --nodeps openssh-server-5.3p1-94.el6.x86_64
[root@linux6 ssh.old]# rpm -e --nodeps openssh-askpass-5.3p1-94.el6.x86_64
[root@linux6 ssh.old]# rpm -qa |grep openssh
[root@linux6 ssh.old]#
解压openssh-7.9p1.tar.gz源码并编译安装
[root@linux6 opt]#
tar -zxvf openssh-7.9p1.tar.gz
[root@linux6 opt]# cd openssh-7.9p1
[root@linux6 openssh-7.9p1]#
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr -with-privsep-path=/var/lib/sshd
[root@linux6 openssh-7.9p1]#
make
[root@linux6 openssh-7.9p1]#
make install
环境安装后配置
[root@linux6 openssh-7.9p1]# install -v -m755 contrib/ssh-copy-id /usr/bin
`contrib/ssh-copy-id' -> `/usr/bin/ssh-copy-id'
[root@linux6 openssh-7.9p1]#
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
`contrib/ssh-copy-id.1' -> `/usr/share/man/man1/ssh-copy-id.1'
[root@linux6 openssh-7.9p1]#
install -v -m755 -d /usr/share/doc/openssh-7.9p1
install: creating directory `/usr/share/doc/openssh-7.9p1'
[root@linux6 openssh-7.9p1]#
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1/
`INSTALL' -> `/usr/share/doc/openssh-7.9p1/INSTALL'
`LICENCE' -> `/usr/share/doc/openssh-7.9p1/LICENCE'
`OVERVIEW' -> `/usr/share/doc/openssh-7.9p1/OVERVIEW'
`README' -> `/usr/share/doc/openssh-7.9p1/README'
`README.dns' -> `/usr/share/doc/openssh-7.9p1/README.dns'
`README.platform' -> `/usr/share/doc/openssh-7.9p1/README.platform'
`README.privsep' -> `/usr/share/doc/openssh-7.9p1/README.privsep'
`README.tun' -> `/usr/share/doc/openssh-7.9p1/README.tun'
[root@linux6 openssh-7.9p1]#
ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
启动OpenSSH
[root@linux6 openssh-7.9p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
[root@linux6 openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@linux6 openssh-7.9p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[root@linux6 openssh-7.9p1]# chmod +x /etc/init.d/sshd
[root@linux6 openssh-7.9p1]# chkconfig --add sshd
[root@linux6 openssh-7.9p1]# chkconfig sshd on
[root@linux6 openssh-7.9p1]# chkconfig --list sshd
sshd 0:off1:off2:on3:on4:on5:on6:off
[root@linux6 openssh-7.9p1]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@linux6 openssh-7.9p1]#
测试
ssh连接测试正常即可!