Disclaimer: This article is a blogger original article, shall not be reproduced without the bloggers allowed. https://blog.csdn.net/baidu_39459954/article/details/89447343
Article Directory
This article installation environment CentOS7
1, the installation telnet
To ensure that the upgrade problem causing the server can not connect, install telnet to prepare for contingencies.
[root@DZFP-DMZ-Server2 ~]# rpm -ivh telnet-0.17-64.el7.x86_64.rpm
警告:telnet-0.17-64.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:telnet-1:0.17-64.el7 ################################# [100%]
[root@DZFP-DMZ-Server2 ~]# rpm -ivh telnet-server-0.17-64.el7.x86_64.rpm
警告:telnet-server-0.17-64.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:telnet-server-1:0.17-64.el7 ################################# [100%]
[root@DZFP-DMZ-Server2 ~]#
[root@DZFP-DMZ-Server2 ~]# rpm -ivh xinetd-2.3.15-13.el7.x86_64.rpm
警告:xinetd-2.3.15-13.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:xinetd-2:2.3.15-13.el7 ################################# [100%]
[root@DZFP-DMZ-Server2 ~]#
[root@DZFP-DMZ-Server2 ~]# systemctl start telnet.socket
[root@DZFP-DMZ-Server2 ~]# systemctl start xinetd
[root@DZFP-DMZ-Server2 ~]# systemctl status xinetd
[root@DZFP-DMZ-Server2 ~]# systemctl status telnet.socket
By default, the system root user is not allowed to telnet remote login. If you want to log in directly as root user, set the following:
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
After installation is complete check telnet is available
2, check dependencies
2.1, check pam and zlib versions
[root@DZFP-DMZ-Server2 ~]# rpm -qa|grep pam
gnome-keyring-pam-3.8.2-10.el7.x86_64
fprintd-pam-0.5.0-4.0.el7_0.x86_64
pam_krb5-2.4.8-4.el7.x86_64
pam-devel-1.1.8-12.el7.x86_64
pam-1.1.8-12.el7.x86_64
[root@DZFP-DMZ-Server2 ~]# rpm -qa|grep zlib
zlib-1.2.7-13.el7.x86_64
zlib-devel-1.2.7-13.el7.x86_64
2.2, check the version of perl
[root@DZFP-DMZ-Server2 ~]$perl -v
This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
(with 28 registered patches, see perl -V for more detail)
Copyright 1987-2012, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
[root@DZFP-DMZ-Server2 ~]$
2.3, a new version of zlib install [optional]
yum install gcc pam-devel zlib-devel -y #提前安装好依赖
tar -zxvf zlib-1.2.11.tar.gz #先安装zlib,解压zlib
cd zlib-1.2.11
cat README #养成好习惯,在安装软件前查看README
./configure --prefix=/usr #检查依赖关系
make #编译32 rpm -e --nodeps zlib #卸载zlib
rpm -qa|grep zlib #是否卸载完全
make install #开始安装
echo '/usr/lib' >> /etc/ld.so.conf
ldconfig #使生效
rpm -qa|grep zlib #查看zlib版本是否升级正常,遗憾的是我的还是旧版本,但是对于openssh的升级没有太大影响
2.4, [optional] install perl
wget https://www.cpan.org/src/5.0/perl-5.28.0.tar.gz
tar -zxvf perl-5.28.0.tar.gz #在安装openssl前,还需要先安装好perl5
cd perl-5.28.0
echo $HOME
./Configure -des -Dprefix=$HOME/localperl
make
make test #这里可能提示失败
export LD_LIBRARY_PATH=`pwd` #这个命令貌似没事么用处,不执行问题应该也不大
make test
echo $LD_LIBRARY_PATH
cd t
../cpan/File-Path/t/Path_root.t
./perl -I../lib harness op/filetest.t #如果这里提示全部成功了,应该就没什么问题
cd ..
make install
perl -v #检测perl5是否安装成功92 cd ..
3, backup configuration file
find / -name openssl # ready to install openssl, make a backup of the file search
[root@DZFP-DMZ-Server2 ~]# find / -name openssl
/etc/pki/ca-trust/extracted/openssl
/usr/share/ruby/openssl
/usr/include/openssl
/opt/nginx/nginx-1.6.2/auto/lib/openssl
cp -r /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
cp /usr/bin/openssl /usr/bin/openssl.old
cp -r /usr/lib64/openssl /usr/lib64/openssl.old
cp -r /usr/share/ruby/openssl /usr/share/ruby/openssl.old
cp -r /usr/include/openssl /usr/include/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
4, upgrade openssl
4.1, uninstall the old version
View
[root@DZFP-DMZ-Server2 ~]# rpm -qa|grep openssl
openssl-devel-1.0.1e-42.el7.x86_64
openssl098e-0.9.8e-29.el7.centos.2.x86_64
openssl-libs-1.0.1e-42.el7.x86_64
openssl-1.0.1e-42.el7.x86_64
# These two documents also need to back up
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
Uninstall
rpm -e --nodeps openssl-libs-1.0.1e-42.el7.x86_64
rpm -e --nodeps openssl-1.0.1e-42.el7.x86_64
4.2, install openssl
Execute the following commands in sequence
[root@DZFP-DMZ-Server2 ~]# tar -zxvf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib #在执行这里的时候,如果提示没有安装perl5,参考2.4安装perl
make
make test
make install
openssl version
cd
# Restore the original library file, because the newly installed openssl library files did not contain these two
mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10
mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10
4.3 to see if the installation was successful
[root@DZFP-DMZ-Server2 openssl-1.0.2o]# openssl version
OpenSSL 1.0.2o 27 Mar 2018
5, began to prepare to install openssh
5.1, uninstall the old openssh
cp -r /etc/ssh /etc/ssh.old
[root@DZFP-DMZ-Server2 openssl-1.0.2o]# rpm -qa|grep openssh
openssh-6.6.1p1-11.el7.x86_64
openssh-server-6.6.1p1-11.el7.x86_64
openssh-clients-6.6.1p1-11.el7.x86_64
rpm -e --nodeps openssh-6.6.1p1-11.el7.x86_64
rpm -e --nodeps openssh-server-6.6.1p1-11.el7.x86_64
rpm -e --nodeps openssh-clients-6.6.1p1-11.el7.x86_64
rpm -qa|grep openssh
5.2 Installation
install -v -m700 -d /var/lib/sshd
chown -v root:sys /var/lib/sshd
groupadd -g 50 sshd
useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
tar -zxvof openssh-7.6p1.tar.gz
cd openssh-7.6p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd
make
make install #执行好可能会提示WARNING: UNPROTECTED PRIVATE KEY FILE!原因是下面几个文件的权限问题
ll /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
make install
ssh -V
5.3, Configuration
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.6p1
install -v -m644 INSTALL LICENCE OVERVIEW README*
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.6p1
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
PAM module configuration
vi /etc/pam.d/sshd
添加
auth required pam_unix.so
account required pam_unix.so
session required pam_chroot.so
5.4, set the boot from the start
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
systemctl restart sshd
5.5, see the ssh version
ssh -V # ssh prompt for the installation of the latest version, upgrade success