Table of contents
1. Telnet remote management host
1. Check if telnet is installed
Two, zlib, openssl, openssh upgrade
2. Download the openssl package
3. Download the openssh package
5. Compile and install openssl
6. Prepare to upgrade the openssh environment
②Stop the service and back up the files
③Query the original ssh package and uninstall it
7. Compile and install openssh
1. Telnet remote management host
1. Check if telnet is installed
rpm -q telnet-server
#telnet服务端
rpm -q telnet
#telnet客户端2. Install telnet service
服务端:
yum install telnet-server -y
#安装服务端
useradd lhj
passwd lhj
#创建lhj用户,设置lhj密码,密码有规则要求,大小写数字加符号,输2次即可
客户端:
yum install telnet -y
#安装客户端3. Test telnet login
客户端:
telnet 192.168.30.14
#测试服务端
#输入用户和密码即可登录,telnet默认不允许使用root用户登录
Two, zlib, openssl, openssh upgrade
1. Download the zlib package
Official website address: zlib Home Site
2. Download the openssl package
Official website address: /source/index.html
3. Download the openssh package
Official website download address: Index of /pub/OpenBSD/OpenSSH/portable/
4. Compile and install zlib
cd /opt
#将安装包放到/opt中,建议一次性将三个包全部放入/opt目录下
tar zxvf zlib-1.2.13.tar.gz
cd zlib-1.2.13
yum install gcc gcc-c++ make -y
#安装编译工具
./configure --prefix=/usr/local/zlib
make && make install
#编译安装zlib
cd /usr/local/zlib
ls
#该下面有三个文件include lib share有这三个文件便是安装成功
5. Compile and install openssl
cd /opt
tar zxvf openssl-3.0.8.tar.gz
cd openssl-3.0.8
#将安装包放入/opt目录下解压进入文件夹
yum install -y perl-CPAN
yum install perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker
#安装依赖环境
./config --prefix=/usr/local/ssl --shared
#--prefix指定编译到的目录,shared 表示要编译成为动态链接库
make && make install
#编译安装ssl,时间较长不要中断
echo '/usr/local/ssl/lib64' >> /etc/ld.so.conf
#软件路径写入etc/ld.so.conf 此文件记录了编译时使用的动态库的路径,也就是加载so库的路径
#默认情况下,编译器只会使用/lib和/usr/lib这两个目录下的库文件,而通常通过源码包进行安装时,如果不指定--prefix会将库安装在/usr/local目录下,而又没有在文件/etc/ld.so.conf中添加/usr/local/lib这个目录>。这样虽然安装了源码包,但是使用时仍然找不到相关的.so库,就会报错。也就是说系统不知道安装了源码包。
ldconfig -v
#验证是否可以查看6. Prepare to upgrade the openssh environment
① Note that you must use telnet to log in to the machine to be upgraded. If you can’t operate, please see the telnet tutorial above
另一台机器:
telnet 192.168.30.14
Trying 192.168.30.14...
Connected to 192.168.30.14.
Escape character is '^]'.
Kernel 3.10.0-693.el7.x86_64 on an x86_64
pc4 login: lhj
#此处输入账户,注意必须是普通用户
Password:
#此处数据密码
Last login: Fri Apr 14 16:58:07 from ::ffff:192.168.30.1
[lhj@pc4 ~]$ su
Password:
#登录到需要升级的机器后备份ssh文件
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp -p /usr/sbin/sshd /usr/sbin/sshd.bak
cp -p /usr/bin/ssh /usr/bin/ssh.bak
cp -p /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -p /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
②Stop the service and back up the files
systemctl stop sshd
#停止ssh服务
cp -r /etc/ssh /etc/ssh.old
#备份ssh配置文件③Query the original ssh package and uninstall it
rpm -qa | grep openssh
openssh-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64
openssh-server-7.4p1-11.el7.x86_64
#查询出的结果如上三个包
yum remove openssh-7.4p1-11.el7.x86_64
#卸载系统里原有Openssh包
rpm -qa | grep openssh
#再次查看无openssh包
7. Compile and install openssh
① After uninstalling the original openssh, compile and install the new openssh
cd /opt
tar zxvf openssh-8.4p1.tar.gz
cd openssh-8.4p1
#解压安装包进入openssh中
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
#编译安装openssh 指明zlib路径和ssl路径,过程时间较长不用中断
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
#修改编译安装的sshd服务配置文件允许root用户登录
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
#允许公钥免密登录
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
#需要密码进行验证
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
#将编译安装的主配置文件复制到升级前sshd路径下
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
#将sshd添加到系统中,可以在任意地方使用
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
#将ssh命令添加到系统中,可以在任意地方使用
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
#将ssh-keygen秘钥命令添加到系统中可以在任意地方使用,
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
#将编译安装的公钥拷贝到原公钥路径下
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
#将sshd编译安装脚步放到/etc/init.d/文件下
chmod +x /etc/init.d/sshd
#给sshd添加可执行权限
chkconfig --add sshd
#将sshd服务加入chkconfig管理
chkconfig sshd on
#将sshd服务设置开机自启,必须开机自启否则无法远程连接
systemctl restart sshd
#重新启动sshd服务
systemctl status sshd
#查看sshd服务状态
ssh -V
#查看ssh版本是否升级成功
reboot
#重启机器测试ssh
8. Summary of error reporting
① Compile zlib and report an error: Compiler error reporting is too harsh for ./configure (perhaps remove-Werror), because the dependent environment is not installed
②When compiling openssl, an error is reported: Compilation failed in require at /opt/openssl-3.0.8/Configure line 23. BEGIN, because erl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker perl-CPAN dependencies and compilation tools are not installed
