摘要:
core-4.0-noarch:graphics-4.0-noarch:printing-4.0-noarkDistributorID:
一 、CentOS 6.x 升级 OpenSSH
1、查看环境:
[root@localhost ~]# lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.6 (Final) Release: 6.6 Codename: Final [root@localhost ~]# ssh -V OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 [root@localhost ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
2、备份ssh目录(重要)并安装telnet(避免ssh升级出现问题,导致无法远程管理)
[root@localhost ~]# cp -rf /etc/ssh /etc/ssh.bak
安装并配置telnet
[root@localhost ~]# yum -y install telnet telnet-server [root@localhost ~]# vi /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes }
默认不允许root用户的登陆,将disable=yes 修改为 no
[root@localhost ~]# vi /etc/securetty // 增加以下内容,如果登录用户较多,需要更多的pts/* pts/0 pts/1 pts/2
配置完成后启动telnet服务
[root@localhost ~]# service xinetd start [root@localhost ~]# service xinetd status xinetd (pid 28430) is running...
注:ssh升级后建议再修改,还原设置
3、OpenSSH安装
3.1 安装依赖包
[root@localhost ~]# yum install -y gcc openssl-devel pam-devel rpm-build
3.2 下载安装包
[root@localhost Downloads]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
3.3 解压并编译安装
[root@localhost Downloads]# tar -zxvf openssh-7.8p1.tar.gz [root@localhost Downloads]# cd openssh-7.8p1 [root@localhost openssh-7.8p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers [root@localhost openssh-7.8p1]# make && make install
3.4 配置OpenSSH
[root@localhost openssh-7.8p1]# vi /etc/ssh/sshd_config // 将 #PermitRootLogin yes 修改为 PermitRootLogin yes // 或者执行如下命令 [root@localhost openssh-7.8p1]# sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
3.5 重启sshd服务
[root@localhost openssh-7.8p1]# service sshd restart [root@localhost openssh-7.8p1]# service sshd status openssh-daemon (pid 28331) is running...
[root@localhost openssh-7.8p1]# ssh -V
OpenSSH_7.8p1, OpenSSL 1.0.1e-fips 11 Feb 2013
二、CentOS 7.x 升级 OpenSSH
1、查看环境:
[root@localhost ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.2.1511 (Core) Release: 7.2.1511 Codename: Core [root@localhost ~]# ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013 [root@localhost ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
2、同上,备份ssh目录(重要)并安装telnet(避免ssh升级出现问题,导致无法远程管理)
[root@localhost ~]# cp -rf /etc/ssh /etc/ssh.bak
安装并配置telnet
[root@localhost ~]# yum -y install telnet telnet-server xinetd
[root@localhost ~]# vi /etc/xinetd.d/telnet #default:yes
## description: The telnet server servestelnet sessions; it uses
## unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
默认不允许root用户的登陆,将disable=yes 修改为 no
[root@localhost ~]# vi /etc/securetty // 增加以下内容,如果登录用户较多,需要更多的pts/* pts/0 pts/1 pts/2
配置完成后启动telnet服务
[root@localhost ~]# systemctl start telnet.socket
[root@localhost ~]# systemctl start xinetd
[root@localhost ~]# systemctl status xinetd ● xinetd.service - Xinetd A Powerful Replacement For Inetd Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2018-12-17 10:45:35 CST; 23h ago Main PID: 4217 (xinetd) CGroup: /system.slice/xinetd.service └─4217 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
注:ssh升级后建议再修改,还原设置
3、OpenSSH安装
3.1 安装依赖包
[root@localhost ~]# yum install -y gcc openssl-devel pam-devel rpm-build
3.2 下载安装包
OpenSSH需要依赖zlib和OpenSSL,因此需要从官网下载三者的源码包。三者源码下载地址:
http://www.zlib.net/
分别下载openssh-7.6p1.tar.gz、openssl-1.0.2m.tar.gz和zlib-1.2.11.tar.gz
[root@localhost Downloads]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gz [root@localhost Downloads]# wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2m.tar.gz [root@localhost Downloads]# wget http://www.zlib.net/zlib-1.2.11.tar.gz [root@localhost Downloads]# ll total 7300 -rw-r--r--. 1 root root 1548026 Aug 24 07:53 openssh-7.6p1.tar.gz -rw-r--r--. 1 root root 5373776 Nov 2 2017 openssl-1.0.2m.tar.gz -rw-r--r--. 1 root root 607698 Jan 16 2017 zlib-1.2.11.tar.gz
3.3 编译并安装配置zlib、openssl
// 编译安装zlib [root@localhost Downloads]# tar -zxvf zlib-1.2.11.tar.gz [root@localhost Downloads]# cd zlib-1.2.11/ [root@localhost zlib-1.2.11]# ./configure --prefix=/usr/local/zlib-1.2.11 -share [root@localhost zlib-1.2.11]# make && make install [root@localhost zlib-1.2.11]# vi /etc/ld.so.conf // 配置库文件搜索路径,在最后加入
/usr/local/zlib-1.2.11/lib [root@localhost zlib-1.2.11]# ldconfig -v // 刷新缓存文件/etc/ld.so.cache [root@localhost zlib-1.2.11]# ln -s /usr/local/zlib-1.2.11 /usr/local/zlib [root@localhost zlib-1.2.11]# cd /root/Downloads/ // 编译安装openssl [root@localhost Downloads]# tar -zxvf openssl-1.0.2m.tar.gz [root@localhost Downloads]# cd openssl-1.0.2m/ [root@localhost openssl-1.0.2m]# ./config --prefix=/usr/local/openssl-1.0.2m --with-zlib-lib=/usr/local/zlib-1.2.11/lib --with-zlib-include=/usr/local/zlib-1.2.11/include [root@localhost openssl-1.0.2m]# make && make install [root@localhost openssl-1.0.2m]# vi /etc/ld.so.conf // 配置库文件搜索路径,在最后加入
/usr/local/openssl-1.0.2m/lib [root@localhost openssl-1.0.2m]# ldconfig -v // 刷新缓存文件/etc/ld.so.cache [root@localhost openssl-1.0.2m]# ln -s /usr/local/openssl-1.0.2m /usr/local/openssl [root@localhost openssl-1.0.2m]# vi /etc/profile // 配置环境变量,在最后加入以下两行 PATH=/usr/local/openssl/bin:$PATH export PATH [root@localhost openssl-1.0.2m]# source /etc/profile // 让配置生效 [root@localhost openssl-1.0.2m]# openssl version -a // 查看openssl版本,验证是否安装成功 OpenSSL 1.0.2m 14 Aug 2018
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -I/usr/local/zlib-1.2.11/include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/openssl-1.0.2m/ssl"
3.4 卸载原OpenSSH
[root@localhost Downloads]# rpm -qa |grep openssh openssh-clients-6.6.1p1-22.el7.x86_64 openssh-6.6.1p1-22.el7.x86_64 openssh-server-6.6.1p1-22.el7.x86_64 [root@localhost Downloads]# for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps;done
3.5 编译安装配置OpenSSH
[root@localhost Downloads]# tar -zxvf openssh-7.6p1.tar.gz [root@localhost Downloads]# cd openssh-7.6p1/ [root@localhost openssh-7.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam--with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening --with-tcp-wrappers [root@localhost openssh-7.6p1]# rm -rf /etc/ssh [root@localhost openssh-7.6p1]# make && make install [root@localhost openssh-7.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd [root@localhost openssh-7.6p1]# chkconfig --add sshd [root@localhost openssh-7.6p1]# chkconfig sshd on [root@localhost openssh-7.6p1]# chkconfig --list|grep sshd [root@localhost openssh-7.6p1]# sed -i "32a PermitRootLogin yes" /etc/ssh/sshd_config
3.6 重启sshd服务
[root@localhost openssh-7.6p1]# systemctl restart sshd [root@localhost openssh-7.6p1]# systemctl status sshd ● sshd.service - SYSV: OpenSSH server daemon Loaded: loaded (/etc/rc.d/init.d/sshd) Active: active (running) since Tue 2018-12-18 14:45:59 CST; 11s ago Docs: man:systemd-sysv-generator(8) Process: 16931 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS) Main PID: 16939 (sshd) CGroup: /system.slice/sshd.service └─16939 /usr/sbin/sshd Dec 18 14:45:59 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon... Dec 18 14:45:59 localhost.localdomain sshd[16939]: Server listening on 0.0.0.0 port 22. Dec 18 14:45:59 localhost.localdomain sshd[16939]: Server listening on :: port 22. Dec 18 14:45:59 localhost.localdomain sshd[16931]: Starting sshd:[ OK ] Dec 18 14:45:59 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
[root@localhost openssh-7.6p1]# ssh -V
OpenSSH_7.6p1, OpenSSL 1.0.2k-fips 26 Jan 2017
踩坑:
以下是linux打开端口命令的使用方法。
nc -lp 23 &(打开23端口,即telnet)
netstat -an | grep 23 (查看是否打开23端口)
使用nmap检测端口是否打开
nmap X.X.X.X -p 端口号
参考链接:http://bbs.51cto.com/thread-1547903-1.html
参考链接:https://blog.csdn.net/levy_cui/article/details/53100315
参考链接:https://www.cnblogs.com/liangjingfu/p/9635657.html