1. Install related dependencies
yum install vim gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers;
Some servers cannot connect to the external network, and dependent packages must be installed offline
1. Install telnet
1. First check whether the original server has telnet installed:
rpm -qa | grep telnet2. If there is no telnet-server in the return, it means that the telnet server is not installed, just perform the following operations.
Install these three software:
yum -y install telnet telnet-server xinetd
3. Boot up
systemctl enable xinetd.service
systemctl enable telnet.socket
4. Open port 23 on the firewall
firewall-cmd --zone=public --add-port=23/tcp --permanent
firewall-cmd --reload
5. Start the service
systemctl start telnet.socket
systemctl start xinetd
6. Offline installation operation when the server network is unreachable
The software package required for installing telnet:
1. telnet-client
2. Telnet server
3.
The download address of software packages above xinetd:
telnet-client: http://www.rpmfind.net/linux/rpm2html/search.php?query=telnet
The other two http://www.rpmfind.net/linux/rpm2html/search.php can be searched and downloaded (telnet-server, xinetd)
upload the downloaded three installation packages to the server to decompress and install
rpm -ivh telnet-0.17-65.el7_8.x86_64.rpm
rpm -ivh telnet-server-0.17-65.el7_8.x86_64.rpm
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
Start the xinetd service that telnet depends on,
same as step 5 above
Two, Zlib installation
If the network is unreachable, it can be downloaded locally and uploaded to the server. Download address: Index of /fossils
上传zlib-1.2.12.tar.gz 到/opt
tar -zxvf zlib-1.2.12
cd /opt/zlib-1.2.12
#编译安装
./configure --prefix=/usr/local/zlib
make && make test && make install
#
ll /usr/local/zlib
ldconfig -v
3. Upgrade openssl
1. Download openss
official website address: https://ftp.openssl.org/source/
In linux, if ce can access the Internet, you can download it directly: wget https://ftp.openssl.org/source/openssl-1.1.1q.tar.gz
1. Install openss
mv openssl-1.1.1q.tar.gz /opt
cd /opt
#解压openssl-1.1.1q源码包
tar -zxvf openssl-1.1.1q.tar.gz
cd openssl-1.1.1q/
#编译前环境配置
./config --prefix=/usr/local/openssl
./config -t
#make install编译安装
make clean && make -j 4 && make install
#检查函数库
ldd /usr/local/openssl/bin/openssl
#添加所缺函数库
echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
#更新函数库
ldconfig -v
#将旧版本openssl移除
mv /usr/bin/openssl /usr/bin/openssl_old_bak
#将新版本openssl软链接到/usr/bin/目录下
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
#检查版本
which openssl
openssl version -a
#升级openssl后查看版本信息
4. Upgrade openssh
1. 1. Download openssh
official website address: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ You can see the historical version
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
2. Modify the key file permissions,
modify the key file permissions under /etc/ssh before upgrading, enter the openssh directory, and configure the environment
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
3. Install openssh
mv openssh-9.0p1.tar.gz /opt
cd /opt
#解压openssh-9.0p1源码包
tar xf openssh-9.0p1.tar.gz
#编译前环境配置
cd openssh-9.0p1/
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
#make编译安装
make -j8 && make install
yum remove openssh -y
#复制新ssh文件
cp -rf /opt/openssh-9.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /opt/openssh-9.2p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
cp -rf /opt/openssh-9.2p1/sshd_config /etc/ssh/sshd_config
cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#开启sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd ##自启动
chkconfig --list |grep sshd
chkconfig sshd on
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
修改sshd_config ,Subsystem sftp /usr/local/ssh/libexec/sftp-server
echo 'Subsystem sftp /usr/local/ssh/libexec/sftp-server'>> /etc/ssh/sshd_config
/etc/init.d/sshd restart
#到这里就结束了
#如果起不来
systemctl disable sshd --now
#出现Removed symlink /etc/systemd/system/multi-user.target.wants/sshd.service.
mv /usr/lib/systemd/system/sshd.service{,.bak}
systemctl daemon-reload
chkconfig --add sshd
systemctl daemon-reload
service sshd restart
#成功Restarting sshd (via systemctl): [ OK ]
5. Uninstall telnet
#关闭telnet服务
systemctl stop xinetd.service
systemctl stop telnet.socket
#卸载telnet服务
yum remove xinetd telnet-server telnet -y
All offline resource network disk download:
Link: https://pan.baidu.com/s/1XfJ1erHG_figuNEH3v863w
Extraction code: 1024