关于我们

质量为本、客户为根、勇于拼搏、务实创新

< 返回新闻公共列表

centos7 升级openssh到openssh-8.6p1版本(转)

发布时间:2021-08-03 13:45:22

时不时这个ssh都会暴一些这漏洞那漏洞好烦。今天给出centos7一个快速升级ssh8.6的脚本。转网上大牛,亲测,有效。

运行之前,查一下目前版本:

ssh -V

把如下shell脚本添加到文件中,之后运行

#!/bin/bash


if [ ! -d /home/data ];then

      mkdir /home/data

fi

cd /home/data

yum install wget -y


wget -O openssh-8.6p1.tar.gz https://ftp.riken.jp/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz

wget -O zlib-1.2.11.tar.gz https://zlib.net/zlib-1.2.11.tar.gz

wget -O openssl-1.1.1j.tar.gz https://www.openssl.org/source/openssl-1.1.1j.tar.gz

######保证下载的文件在/home/data里,且文件名相同

tar -zxf openssl-1.1.1j.tar.gz

tar -zxf zlib-1.2.11.tar.gz

tar -zxf openssh-8.6p1.tar.gz

chown -R root:root /home/data

#######################0end----------############################


##1---配置Telnet,以防SSH配置过程中出现问题,可以使用Telnet登录----

setenforce 0                      

#关闭selinux

systemctl stop firewalld         

#关闭

systemctl disable firewalld


yum install telnet telnet-server xinetd -y

#vi /etc/xinetd.conf                   

#修改disabled = no  ,即可以使用telnet服务

cp /etc/xinetd.conf   /home/data/xinetd.comfbk

sed -i '14a      disabled = no ' /etc/xinetd.conf          

#在第14行增加 disabled = no

echo -e 'pts/0\npts/1\npts/2\npts/3'  >>/etc/securetty


systemctl start telnet.socket  #开启服务

systemctl start xinetd        #开启服务

systemctl enable telnet.socket   #开机自起服务

systemctl enable xinetd

##1end---------------------------------------------------------------


##2 升级 OpenZlib-----------------------------------------


yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel

yum install  -y pam* zlib*



cd /home/data/zlib-1.2.11/

./configure --prefix=/usr/local/zlib

make && make install

##2end---------------------


##3升级openssl-------------

cd /home/data/openssl-1.1.1j/

./config --prefix=/usr/local/openssl -d shared

make && make install 

echo '/usr/local/openssl/lib' >> /etc/ld.so.conf

ldconfig

mv /usr/bin/openssl /home/data/opensslbk

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl


##3end--and start update SSH------------------------


##4-----安装OpenSSH 8.6p1-------

cd /home/data/openssh-8.6p1/

./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib

 make && make install


mv /etc/ssh/sshd_config /home/data/sshd_config.bak

cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config

mv /usr/sbin/sshd /home/data/sshd.bak

cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

mv /usr/bin/ssh /home/data/ssh.bak

cp /usr/local/openssh/bin/ssh /usr/bin/ssh

mv /usr/bin/ssh-keygen /home/data/ssh-keygen.bak

cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

mv /etc/ssh/ssh_host_ecdsa_key.pub /home/data/ssh_host_ecdsa_key.pub.bak

cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub


for  i   in  $(rpm  -qa  |grep  openssh);do  rpm  -e  $i  --nodeps ;done


#mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config

mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config



cp /home/data/openssh-8.6p1/contrib/redhat/sshd.init /etc/init.d/sshd

chmod u+x   /etc/init.d/sshd

#-------------修改配置文件------------

cp /etc/init.d/sshd /home/data/sshdnewbk

sed -i '/SSHD=/c\SSHD=\/usr\/local\/openssh\/sbin\/sshd'  /etc/init.d/sshd

sed -i '/\/usr\/bin\/ssh-keygen/c\         \/usr\/local\/openssh\/bin\/ssh-keygen -A'  /etc/init.d/sshd

sed -i '/ssh_host_rsa_key.pub/i\                \/sbin\/restorecon \/etc\/ssh\/ssh_host_key.pub'  /etc/init.d/sshd  

sed -i '/$SSHD $OPTIONS && success || failure/i\       \ OPTIONS="-f /etc/ssh/sshd_config"' /etc/rc.d/init.d/sshd

#---------操作sshd_config-------

sed -i '/PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config

sed -i '/X11Forwarding/c\X11Forwarding yes' /etc/ssh/sshd_config

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config


cp -arp /usr/local/openssh/bin/* /usr/bin/

service sshd restart


##3end------------------------------------------



#----------配置开机项---------------

chkconfig --add sshd

chkconfig --level 2345 sshd on

chkconfig --list

#----------关闭Telnet服务--------------- 

systemctl stop telnet.socket  

systemctl stop xinetd

systemctl disable xinetd.service

systemctl disable telnet.socket


#--------清理安装过程文件---------------------

rm -fr /home/data




/template/Home/Zkeys/PC/Static