Openssh complete upgrade installation process
One: Turn off SELinux
If after the update and upgrade, the correct username and password for xshell connection are not prompted incorrectly, please check the SELinux status.
1. Check the status of SELinux:
1./usr/sbin/sestatus -v ##If the SELinux status parameter is enabled, it is on
2.getenforce ##You can also use this command to check
2. Turn off SELinux:
1. Temporarily shut down (no need to restart the machine):
setenforce 0 ##Set SELinux into permissive mode
##setenforce 1 Set SELinux into enforcing mode
2. To modify the configuration file, you need to restart the machine:
Modify the vim /etc/selinux/config file
Change SELINUX=enforcing to SELINUX=disabled
Restart the machine
Two: upgrade openssh
1. Yum is automatically upgraded to OpenSSH_7.4p1:
First use yum to upgrade openssh to OpenSSH_7.4p1 and openssl to OpenSSL 1.0.2k-fips 26 Jan 2017,
The following steps are based on the upgrades made on these two versions.
yum update -y openssh
2. Manually upgrade OpenSSH_7.4p1 to OpenSSH_7.9p1:
0. First copy several rpm packages to the root directory of Centos7 (several compressed packages are attached at the end of the article)
1. Install all dependencies
yum install -y gcc openssl-devel pam-devel rpm-build make unzip zip
ll
2. Install telnet and xinetd services
Unzip telnet.zip to the telnet directory:
unzip -d telnet telnet.zip
cd telnet
ll
rpm -iv --force --nodeps *.rpm
chkconfig xinetd on
chkconfig telnet on
systemctl start telnet.socket
systemctl start xinetd
###Find the corresponding and add it to the trust
tail /var/log/secure
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
systemctl restart telnet.socket
Perform remote telnet connection test
cmd->telnel 127.0.0.1
root
pride@sssg
Exit telnet:
Press shortcut key: ctrl+]
Then enter: close
telnet>close
Exit telnet
-----The machine where the iptalbes firewall is turned on needs to allow port 23ssh
-----Firewall iptables settings
The command to turn on the iptables firewall is:
systemctl start iptables.service
The command to restart the iptables firewall is:
systemctl restart iptables.service
The command to turn off the iptables firewall is:
systemctl stop iptables.service
The command to view the status of the iptables firewall is:
systemctl status iptables.service
Edit the iptables file:
vi /etc/sysconfig/iptables
Add release 23 port:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
3. Install and upgrade openssh
###View the openssh installation package
rpm -qa |grep openssh
###Uninstall the current version of openssh
rpm -e `rpm -qa |grep openssh`
######If there is a dependency:
rpm -e `rpm -qa | grep openssh` --nodeps
###Backup /etc/ssh directory
cp -r /etc/ssh /etc/ssh.old
###Delete all files under /etc/ssh/ (pay attention to check whether it is backed up)
rm -rf /etc/ssh/*
###rpm install openssh7.9p1
unzip openssh.zip -d openssh
cd openssh
ll
rpm -iv --force --nodeps *.rpm
###Configuration Service
#######Set boot up:
chkconfig sshd on
#######Edit the ssh configuration file:
vim /etc/ssh/sshd_config
#######
配置:PasswordAuthentication yes
#######If you want to allow root user ssh login required
Configuration: PermitRootLogin yes
#######Service restart
service sshd restart
#######Verify connection and version
ssh -V
3. Uninstall telnet
After the upgrade is complete, if you need to uninstall telnet, perform the following steps (make sure there is no problem with the ssh connection before uninstalling):
systemctl stop xinetd systemctl stop telnet.socket chkconfig xinetd off chkconfig telnet off rpm -e `rpm -qa|egrep "telnet|xinetd"` # Finally delete the ordinary users created by testing telnet before userdel -r tom
**********The following attachments are the installation packages used**********
openssh.zip ===> openssh-7.9p1-1.el7.x86_64.rpm installation package
openssh7.4.zip ===> openssh-7.4p1-16.el7.x86_64.rpm installation package backup
telnet.zip ===> telnet-0.17-64.el7.x86_64.rpm installation package
x11-ssh-askpass-1.2.4.1.tar.gz
The attachment can be downloaded from the upload resource of the personal blog!