溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

RHEL7X_CentOS7X_怎么升級成Openssh7.6p1

發(fā)布時間:2021-11-09 10:13:18 來源:億速云 閱讀:148 作者:柒染 欄目:建站服務器

本篇文章為大家展示了RHEL7X_CentOS7X_怎么升級成Openssh7.6p1,內容簡明扼要并且容易理解,絕對能使你眼前一亮,通過這篇文章的詳細介紹希望你能有所收獲。

CentOS-7.3-x86_64-Everything-1611.iso  --高版本向下兼容

查看系統(tǒng)版本

[root@test ~]# cat /etc/redhat-release 

CentOS Linux release 7.4.1708 (Core) 

[root@test ~]# 

[root@test ~]# 

關閉防火墻

systemctl stop firewalld.service

systemctl disable firewalld.service

systemctl status firewalld.service

上傳相關軟件

[root@test ~]# ll /soft/

CentOS-7-x86_64-Everything-1708.iso 

rhel-server-7.4-x86_64-dvd.iso

Openssh&Openssl&zlib version.zip

掛接系統(tǒng)鏡像

[root@test ~]# mount -o loop /soft/CentOS-7-x86_64-Everything-1708.iso /mnt  --若是rhel的OS則掛接rhel-server-7.4-x86_64-dvd.iso鏡像

mount: /dev/loop0 is write-protected, mounting read-only

[root@test ~]# 

[root@test ~]# df -h

Filesystem               Size  Used Avail Use% Mounted on

/dev/mapper/centos-root   41G  9.3G   30G  24% /

devtmpfs                 982M     0  982M   0% /dev

tmpfs                    993M     0  993M   0% /dev/shm

tmpfs                    993M  8.6M  984M   1% /run

tmpfs                    993M     0  993M   0% /sys/fs/cgroup

/dev/sda1                477M   94M  354M  21% /boot

tmpfs                    199M     0  199M   0% /run/user/0

/dev/loop0               8.1G  8.1G     0 100% /mnt

[root@test ~]# 

備份原有YUM文件

[root@test ~]# mkdir -p /etc/yum.repos.d/bak

[root@test ~]# 

[root@test ~]# mv /etc/yum.repos.d/*.repo

CentOS-Base.repo       CentOS-fasttrack.repo  CentOS-Vault.repo

CentOS-CR.repo         CentOS-Media.repo      

CentOS-Debuginfo.repo  CentOS-Sources.repo    

[root@test ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/

[root@test ~]# 

[root@test ~]# ll /etc/yum.repos.d/

total 4

drwxr-xr-x. 2 root root 4096 Apr 12 14:01 bak

[root@test ~]# 

配置本地YUM

[root@test ~]# cat /etc/yum.repos.d/centosdvd.repo

[centosdvd]

name=centosdvd

baseurl=file:///mnt

enabled=1

gpgcheck=0

[root@test ~]# 

清除YUM緩存

[root@test ~]# yum clean all

Loaded plugins: fastestmirror

Cleaning repos: centosdvd

Cleaning up everything

Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos

[root@test ~]# 

制作YUM Cache

[root@test ~]# yum makecache

Loaded plugins: fastestmirror

centosdvd                                                            | 3.6 kB  00:00:00     

(1/4): centosdvd/group_gz                                            | 156 kB  00:00:00     

(2/4): centosdvd/primary_db                                          | 5.7 MB  00:00:00     

(3/4): centosdvd/filelists_db                                        | 6.7 MB  00:00:00     

(4/4): centosdvd/other_db                                            | 2.5 MB  00:00:00     

Determining fastest mirrors

Metadata Cache Created

[root@test ~]# 

列出YUM源

[root@test ~]# yum list

………………………………………………………………………………………………省略………………………………………………………………………………………………………………………………………………

ifconfig網絡查看命令找不到處理

[root@localhost soft]# yum install net-tools -y 

[root@localhost ~]# ifconfig -a

eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 188.190.117.194  netmask 255.255.255.0  broadcast 188.190.117.255

        inet6 fe80::20c:29ff:fe3b:5926  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:3b:59:26  txqueuelen 1000  (Ethernet)

        RX packets 347  bytes 31356 (30.6 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 300  bytes 66209 (64.6 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Local Loopback)

        RX packets 4  bytes 352 (352.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 4  bytes 352 (352.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

安裝telnet服務并啟用

因升級OpenSSH過程中需要卸載現有OpenSSH, 因此為了保持服務器的遠程連接可用,需

要啟用telnet服務作為替代,如升級出現問題,也可通過telnet登錄服務器進行回退。

同時安裝telnet守護進程:xinetd

安裝telnet服務

[root@test ~]# yum install telnet-* xinetd -y

[root@test ~]# 

[root@test ~]# rpm -qa|grep telnet

telnet-0.17-64.el7.x86_64

telnet-server-0.17-64.el7.x86_64

[root@test ~]# 

[root@test ~]# rpm -qa|grep xinetd

xinetd-2.3.15-13.el7.x86_64

[root@test ~]# 

[root@test ~]# 

將xinetd服務加入開機自啟動

[root@test ~]# systemctl enable xinetd.service

將telnet服務加入開機自啟動

[root@test ~]# systemctl enable telnet.socket

Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.

[root@test ~]# 

重啟服務:

由于telnet服務也是由xinetd守護的,所以安裝完telnet-server,要啟動telnet服務就必須重新啟動xinetd 

[root@test ~]# systemctl restart telnet.socket

[root@test ~]# 

[root@test ~]# systemctl restart xinetd

[root@test ~]# 

[root@test ~]# 

配置telnet root用戶訪問

方法一:

linux默認情況下root用戶使用telnet是登錄不了的,需要修改/etc/secrueety文件末尾加入pts/1、pts/2、pts/3或者可以把secrueety文件重命名均可;

[root@test ~]# cat /etc/securetty 

console

vc/1

vc/2

vc/3

vc/4

vc/5

vc/6

vc/7

vc/8

vc/9

vc/10

vc/11

tty1

tty2

tty3

tty4

tty5

tty6

tty7

tty8

tty9

tty10

tty11

ttyS0

ttysclp0

sclp_line0

3270/tty1

hvc0

hvc1

hvc2

hvc3

hvc4

hvc5

hvc6

hvc7

hvsi0

hvsi1

hvsi2

xvc0

pts/0

pts/1

pts/2

pts/3

[root@test ~]# 

方法二:

mv /etc/securetty /etc/securetty.bak 這樣ROOT就可以用ROOT登陸了

驗證telnet

[root@test ~]# telnet 192.168.195.141 23  或者: telnet 192.168.195.141進行驗證

Trying 192.168.195.141...

Connected to 192.168.195.141.

Escape character is '^]'.

Kernel 3.10.0-693.el7.x86_64 on an x86_64

test login: root

Password: 

Last failed login: Thu Apr 12 14:22:29 CST 2018 from ::ffff:192.168.195.141 on pts/1

There was 1 failed login attempt since the last successful login.

Last login: Thu Apr 12 13:51:21 from 192.168.195.1

[root@test ~]# 

[root@test ~]# 

關閉selinux

[root@test ~]# vi /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

#SELINUX=enforcing

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted

安裝編譯所需工具包

[root@test ~]# yum -y install gcc pam-devel zlib-devel perl*

安裝unzip軟件:

[root@test soft]# yum -y install unzip

解壓Openssh&Openssl&zlib version.zip

[root@test soft]# unzip Openssh\&Openssl\&zlib\ version.zip 

[root@test soft]# ll Openssh\&Openssl\&zlib\ version

-rw-r--r--. 1 root root 1489788 Mar 30 12:42 openssh-7.6p1.tar.gz

-rw-r--r--. 1 root root 5329472 Mar 30 12:56 openssl-1.0.2o.tar.gz

-rw-r--r--. 1 root root  607698 Mar 30 10:08 zlib-1.2.11.tar.gz

[root@test soft]# 

升級ZLIB

解壓zlib_1.2.11源碼

[root@test soft]# tar -xvzf zlib-1.2.11.tar.gz 

[root@test soft]# cd zlib-1.2.11

[root@test zlib-1.2.11]# ls 

adler32.c       deflate.h  infback.c    make_vms.com   trees.h          zlib.h

amiga           doc        inffast.c    msdos          uncompr.c        zlib.map

ChangeLog       examples   inffast.h    nintendods     watcom           zlib.pc.cmakein

CMakeLists.txt  FAQ        inffixed.h   old            win32            zlib.pc.in

compress.c      gzclose.c  inflate.c    os400          zconf.h          zutil.c

configure       gzguts.h   inflate.h    qnx            zconf.h.cmakein  zutil.h

contrib         gzlib.c    inftrees.c   README         zconf.h.in

crc32.c         gzread.c   inftrees.h   test           zlib2ansi

crc32.h         gzwrite.c  Makefile     treebuild.xml  zlib.3

deflate.c       INDEX      Makefile.in  trees.c        zlib.3.pdf

配置檢查zlib

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# ./configure --prefix=/usr

Checking for gcc...

Checking for shared library support...

Building shared library libz.so.1.2.11 with gcc.

Checking for size_t... Yes.

Checking for off64_t... Yes.

Checking for fseeko... Yes.

Checking for strerror... Yes.

Checking for unistd.h... Yes.

Checking for stdarg.h... Yes.

Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf().

Checking for vsnprintf() in stdio.h... Yes.

Checking for return value of vsnprintf()... Yes.

Checking for attribute(visibility) support... Yes.

[root@test zlib-1.2.11]# 

編譯zlib庫

[root@test zlib-1.2.11]# make

[root@test zlib-1.2.11]# make

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o example.o test/example.c

……………………………………………………………………省略……………………………………………………………………………………………………………………………………

rm -f libz.so libz.so.1

ln -s libz.so.1.2.11 libz.so

ln -s libz.so.1.2.11 libz.so.1

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o examplesh example.o -L. libz.so.1.2.11

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzipsh minigzip.o -L. libz.so.1.2.11

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o example64.o test/example.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example64 example64.o -L. libz.a

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o minigzip64.o test/minigzip.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip64 minigzip64.o -L. libz.a

[root@test zlib-1.2.11]# 

卸載當前zlib

    注意:此步驟必須在步驟A執(zhí)行完畢后再執(zhí)行,否則先卸載zlib后,/lib64/目錄下的zlib相

關庫文件會被刪除,步驟A編譯zlib會失敗。(補救措施:從其他相同系統(tǒng)的服務器上復

制/lib64、/usr/lib和/usr/lib64目錄下的libcrypto.so.10、libssl.so.10、libz.so.1、libz.so.1.2.3

四個文件到相應目錄即可??赏ㄟ^whereis、locate或find命令找到這些文件的位置)

[root@test zlib-1.2.11]# rpm -qa|grep zlib

zlib-1.2.7-17.el7.x86_64

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# rpm -e --nodeps zlib

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# rpm -qa|grep zlib

rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# 

安裝之前編譯好的zlib

[root@test zlib-1.2.11]# make install

rm -f /usr/lib/libz.a

cp libz.a /usr/lib

chmod 644 /usr/lib/libz.a

cp libz.so.1.2.11 /usr/lib

chmod 755 /usr/lib/libz.so.1.2.11

rm -f /usr/share/man/man3/zlib.3

cp zlib.3 /usr/share/man/man3

chmod 644 /usr/share/man/man3/zlib.3

rm -f /usr/lib/pkgconfig/zlib.pc

cp zlib.pc /usr/lib/pkgconfig

chmod 644 /usr/lib/pkgconfig/zlib.pc

rm -f /usr/include/zlib.h /usr/include/zconf.h

cp zlib.h zconf.h /usr/include

chmod 644 /usr/include/zlib.h /usr/include/zconf.h

[root@test zlib-1.2.11]# 

共享庫注冊

zlib安裝完成后,會在/usr/lib目錄中生產zlib相關庫文件,需要將這些共享庫文件注冊到系統(tǒng)

中:echo '/usr/lib' >> /etc/ld.so.conf

[root@test zlib-1.2.11]# echo '/usr/lib' >> /etc/ld.so.conf

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# cat /etc/ld.so.conf

include ld.so.conf.d/*.conf

/usr/lib

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# ll /usr/lib/libz.so.1

lrwxrwxrwx. 1 root root 14 Apr 12 14:42 /usr/lib/libz.so.1 -> libz.so.1.2.11

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# ll /usr/lib/libz.so

lrwxrwxrwx. 1 root root 14 Apr 12 14:42 /usr/lib/libz.so -> libz.so.1.2.11

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# ll /usr/lib/libz.so.1

lrwxrwxrwx. 1 root root 14 Apr 12 14:42 /usr/lib/libz.so.1 -> libz.so.1.2.11

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# ldconfig 

[root@test zlib-1.2.11]# 

升級OpenSSL

官方升級文檔

http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/openssl.html

備份當前openssl

[root@test zlib-1.2.11]# find / -name openssl

/usr/bin/openssl

/usr/lib64/openssl

/etc/pki/ca-trust/extracted/openssl

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# mv /usr/lib64/openssl /usr/lib64/openssl.old

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# mv /usr/bin/openssl /usr/bin/openssl.old

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old

[root@test zlib-1.2.11]#

[root@test zlib-1.2.11]# cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old

[root@test zlib-1.2.11]# 

卸載當前openssl

[root@test zlib-1.2.11]# rpm -qa|grep openssl |xargs

openssl-libs-1.0.2k-8.el7.x86_64 

xmlsec1-openssl-1.2.20-5.el7.x86_64 

openssl-1.0.2k-8.el7.x86_64

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}

warning: file /usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines: remove failed: No such file or directory

warning: file /usr/lib64/openssl: remove failed: No such file or directory

warning: file /usr/bin/openssl: remove failed: No such file or directory

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# 

[root@test zlib-1.2.11]# rpm -qa|grep openssl |xargs

[root@test zlib-1.2.11]# 

解壓openssl_1.0.2k源碼

[root@test soft]# tar -xvzf openssl-1.0.2o.tar.gz 

[root@test soft]# cd openssl-1.0.2o

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# ls

ACKNOWLEDGMENTS  CONTRIBUTING  GitMake        INSTALL.W32      makevms.com   README.ASN1

apps             crypto        include        INSTALL.W64      ms            README.ENGINE

appveyor.yml     demos         INSTALL        INSTALL.WCE      Netware       shlib

bugs             doc           install.com    LICENSE          NEWS          ssl

certs            engines       INSTALL.DJGPP  MacOS            openssl.doxy  test

CHANGES          e_os2.h       INSTALL.MacOS  Makefile         openssl.spec  tools

CHANGES.SSLeay   e_os.h        INSTALL.NW     Makefile.bak     os2           util

config           FAQ           INSTALL.OS2    Makefile.org     PROBLEMS      VMS

Configure        GitConfigure  INSTALL.VMS    Makefile.shared  README

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib #由于系統(tǒng)是最小化安裝,因此會缺省Perl,通過yum進行安裝即可

Operating system: x86_64-whatever-linux2

You need Perl 5.

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

Operating system: x86_64-whatever-linux2

You need Perl 5.

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]# yum install perl* -y   #建議在安裝編譯工具時安裝Perl,若之前已安裝則此處忽略,若此處理再進行安裝則需要再次刪除openssl相關包;

[root@test openssl-1.0.2o]#  

./config --prefix=/usr --openssldir=/etc/ssl --shared zlib  #必須加上--shared,否則編譯時會找不到新安裝的openssl的庫而報錯

[root@test openssl-1.0.2o]# ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib

………………………………………………………………………………………………省略………………………………………………………………………………………………………………………………

make[1]: Leaving directory `/soft/openssl-1.0.2o/ssl'

making links in engines...

make[1]: Entering directory `/soft/openssl-1.0.2o/engines'

making links in engines/ccgost...

make[2]: Entering directory `/soft/openssl-1.0.2o/engines/ccgost'

make[2]: Nothing to be done for `links'.

make[2]: Leaving directory `/soft/openssl-1.0.2o/engines/ccgost'

make[1]: Leaving directory `/soft/openssl-1.0.2o/engines'

making links in apps...

make[1]: Entering directory `/soft/openssl-1.0.2o/apps'

make[1]: Nothing to be done for `links'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/apps'

making links in test...

make[1]: Entering directory `/soft/openssl-1.0.2o/test'

make[1]: Nothing to be done for `links'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/test'

making links in tools...

make[1]: Entering directory `/soft/openssl-1.0.2o/tools'

make[1]: Nothing to be done for `links'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/tools'

generating dummy tests (if needed)...

make[1]: Entering directory `/soft/openssl-1.0.2o/test'

make[1]: Nothing to be done for `generate'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/test'

Configured for linux-x86_64.

[root@test openssl-1.0.2o]# 

編譯Openssl

[root@test openssl-1.0.2o]# make 

…………………………………………………………………………………………………省略………………………………………………………………………………………………………………

make[2]: Entering directory `/soft/openssl-1.0.2o/test'

make[2]: Leaving directory `/soft/openssl-1.0.2o/test'

make[1]: Leaving directory `/soft/openssl-1.0.2o/test'

making all in tools...

make[1]: Entering directory `/soft/openssl-1.0.2o/tools'

make[1]: Nothing to be done for `all'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/tools'

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

測試Openssl

[root@test openssl-1.0.2o]# make test

……………………………………………………………………………………省略………………………………………………………………………………………………………………………………

**---- START OF HANDSHAKE MESSAGE FRAGMENT ----

**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----

*---- END OF RECORD ----

---- END OF PACKET ----

PASS

test_bad_dtls

../util/shlib_wrap.sh ./bad_dtls_test

test_fatalerr

../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem

SSL_accept() failed -1, 1

140677601674944:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:

make[1]: Leaving directory `/soft/openssl-1.0.2o/test'

OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a

OpenSSL 1.0.2o  27 Mar 2018

built on: reproducible build, date unspecified

platform: linux-x86_64

options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 

compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/etc/ssl"

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

安裝Openssl

[root@test openssl-1.0.2o]# make install

make[2]: Leaving directory `/soft/openssl-1.0.2o/engines/ccgost'

make[1]: Leaving directory `/soft/openssl-1.0.2o/engines'

making install in apps...

make[1]: Entering directory `/soft/openssl-1.0.2o/apps'

installing openssl

installing CA.sh

installing CA.pl

installing tsget

make[1]: Leaving directory `/soft/openssl-1.0.2o/apps'

making install in test...

make[1]: Entering directory `/soft/openssl-1.0.2o/test'

make[1]: Nothing to be done for `install'.

make[1]: Leaving directory `/soft/openssl-1.0.2o/test'

making install in tools...

make[1]: Entering directory `/soft/openssl-1.0.2o/tools'

make[1]: Leaving directory `/soft/openssl-1.0.2o/tools'

installing libcrypto.a

installing libssl.a

installing libcrypto.so.1.0.0

installing libssl.so.1.0.0

make[1]: Entering directory `/usr/lib64'

make[2]: Entering directory `/usr/lib64'

make[2]: Leaving directory `/usr/lib64'

make[2]: Entering directory `/usr/lib64'

make[2]: Leaving directory `/usr/lib64'

make[1]: Leaving directory `/usr/lib64'

cp libcrypto.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/libcrypto.pc

cp libssl.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/libssl.pc

cp openssl.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/openssl.pc

[root@test openssl-1.0.2o]# 

驗證Openssl升級是否成功

[root@test openssl-1.0.2o]# openssl version   #查看是否升級成功

OpenSSL 1.0.2o  27 Mar 2018

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]#

恢復共享庫

由于OpenSSL_1.0.2k不提供libcrypto.so.10和libssl.so.10這兩個庫,而yum、wget等工具又依賴此庫,因此需要將先前備份的這兩個庫進行恢復,其他的可視情況考慮是否恢復。

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10

mv: overwrite `/usr/lib64/libcrypto.so.10'? y

[root@test openssl-1.0.2o]# mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10

mv: overwrite `/usr/lib64/libssl.so.10'? y

[root@test openssl-1.0.2o]# 

升級OpenSSH

10.1官方升級文檔

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html

備份當前openssh

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# mv /etc/ssh /etc/ssh.old

[root@test openssl-1.0.2o]# 

卸載當前openssh

[root@test openssl-1.0.2o]# rpm -qa|grep openssh

openssh-server-7.4p1-11.el7.x86_64

openssh-7.4p1-11.el7.x86_64

openssh-clients-7.4p1-11.el7.x86_64

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

rpm -qa |grep openssh|xargs -i rpm -e --nodeps {} 或rpm -e --nodeps 包名 如:rpm -e --nodeps openssh-5.3p1-111.el6.x86_64逐一刪除

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

warning: file /etc/ssh/sshd_config: remove failed: No such file or directory

warning: file /etc/ssh/moduli: remove failed: No such file or directory

warning: file /etc/ssh: remove failed: No such file or directory

warning: file /etc/ssh/ssh_config: remove failed: No such file or directory

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# rpm -qa |grep openssh|xargs

[root@test openssl-1.0.2o]# 

[root@test openssl-1.0.2o]# 

Openssh安裝前環(huán)境配置

[root@test openssl-1.0.2o]# install  -v -m700 -d /var/lib/sshd

install: creating directory `/var/lib/sshd'

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]# chown  -v root:sys /var/lib/sshd

changed ownership of `/var/lib/sshd' to root:sys

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]# groupadd -g 50 sshd

groupadd: group 'sshd' already exists

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]# useradd  -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

useradd: user 'sshd' already exists

[root@test openssl-1.0.2o]#

[root@test openssl-1.0.2o]#

解壓openssh-7.6p1.tar.gz源碼

[root@test soft]# tar -xvzf openssh-7.6p1.tar.gz 

[root@test soft]# cd openssh-7.6p1

配置Openssh

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam--with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd

……………………………………………………………………………………………………省略……………………………………………………………………………………………………………………………………

config.status: creating config.h

configure: WARNING: unrecognized options: --with-pam--with-zlib, --with-openssl-includes

OpenSSH has been configured with the following options:

                     User binaries: /usr/bin

                   System binaries: /usr/sbin

               Configuration files: /etc/ssh

                   Askpass program: /usr/libexec/ssh-askpass

                      Manual pages: /usr/share/man/manX

                          PID file: /var/run

  Privilege separation chroot path: /var/lib/sshd

            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin

                    Manpage format: doc

                       PAM support: no

                   OSF SIA support: no

                 KerberosV support: no

                   SELinux support: no

                 Smartcard support: 

                     S/KEY support: no

              MD5 password support: yes

                   libedit support: no

                   libldns support: no

  Solaris process contract support: no

           Solaris project support: no

         Solaris privilege support: no

       IP address in $DISPLAY hack: no

           Translate v4 in v6 hack: yes

                  BSD Auth support: no

              Random number source: OpenSSL internal ONLY

             Privsep sandbox style: seccomp_filter

              Host: x86_64-pc-linux-gnu

          Compiler: gcc

    Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE  

Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE

      Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie 

         Libraries: -lcrypto -ldl -lutil -lz  -lcrypt -lresolv

[root@test openssh-7.6p1]# 

編譯Openssh

[root@test openssh-7.6p1]# make

………………………………………………………………………………省略……………………………………………………………………………………………………

cc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie  -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz  -lcrypt -lresolv 

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# 

安裝Openssh

[root@test openssh-7.6p1]# make install

(cd openbsd-compat && make)

make[1]: Entering directory `/soft/openssh-7.6p1/openbsd-compat'

make[1]: Nothing to be done for `all'.

make[1]: Leaving directory `/soft/openssh-7.6p1/openbsd-compat'

./mkinstalldirs /usr/bin

./mkinstalldirs /usr/sbin

./mkinstalldirs /usr/share/man

./mkinstalldirs /usr/share/man/man1

./mkinstalldirs /usr/share/man/man5

./mkinstalldirs /usr/share/man/man8

./mkinstalldirs /usr/libexec

(umask 022 ; ./mkinstalldirs /var/lib/sshd)

/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh

/usr/bin/install -c -m 0755 -s scp /usr/bin/scp

/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add

/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent

/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen

/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan

/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd

/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign

/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper

/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp

/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server

/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1

/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1

/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1

/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1

/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1

/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1

/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5

/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5

/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5

/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8

/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1

/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8

/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8

/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8

if [ ! -d /etc/ssh ]; then \

        ./mkinstalldirs /etc/ssh; \

fi

mkdir /etc/ssh

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 

/usr/sbin/sshd -t -f /etc/ssh/sshd_config

[root@test openssh-7.6p1]# 

Openssh安裝后環(huán)境配置

# 在openssh編譯目錄執(zhí)行如下命令

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# install -v -m755    contrib/ssh-copy-id /usr/bin

[root@test openssh-7.6p1]# 

‘contrib/ssh-copy-id’ -> ‘/usr/bin/ssh-copy-id’

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# install -v -m644    contrib/ssh-copy-id.1 /usr/share/man/man1 

‘contrib/ssh-copy-id.1’ -> ‘/usr/share/man/man1/ssh-copy-id.1’

[root@test openssh-7.6p1]#

[root@test openssh-7.6p1]# install -v -m755 -d /usr/share/doc/openssh-7.6p1

install: creating directory ‘/usr/share/doc/openssh-7.6p1’

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# install -v -m644    INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.6p1

`INSTALL' -> `/usr/share/doc/openssh-7.6p1/INSTALL'

`LICENCE' -> `/usr/share/doc/openssh-7.6p1/LICENCE'

`OVERVIEW' -> `/usr/share/doc/openssh-7.6p1/OVERVIEW'

`README' -> `/usr/share/doc/openssh-7.6p1/README'

`README.dns' -> `/usr/share/doc/openssh-7.6p1/README.dns'

`README.platform' -> `/usr/share/doc/openssh-7.6p1/README.platform'

`README.privsep' -> `/usr/share/doc/openssh-7.6p1/README.privsep'

`README.tun' -> `/usr/share/doc/openssh-7.6p1/README.tun'

驗證Openssh是否升級成功

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# ssh -V

OpenSSH_7.6p1, OpenSSL 1.0.2o  27 Mar 2018

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# 

啟用OpenSSH服務

[root@test openssh-7.6p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config

[root@test openssh-7.6p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允許root用戶通過ssh登錄

[root@test openssh-7.6p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd

[root@test openssh-7.6p1]# chmod +x /etc/init.d/sshd

[root@test openssh-7.6p1]# chkconfig  --add  sshd

[root@test openssh-7.6p1]# chkconfig  sshd  on

[root@test openssh-7.6p1]# chkconfig  --list  sshd

Note: This output shows SysV services only and does not include native

      systemd services. SysV configuration data might be overridden by native

      systemd configuration.

      If you want to list systemd services use 'systemctl list-unit-files'.

      To see services enabled on particular target use

      'systemctl list-dependencies [target]'.

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off

[root@test openssh-7.6p1]# 

[root@test openssh-7.6p1]# 

7版本命令查看

[root@test ~]# systemctl status sshd

● sshd.service - SYSV: OpenSSH server daemon

   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

   Active: active (running) since Thu 2018-04-12 16:24:03 CST; 8min ago

     Docs: man:systemd-sysv-generator(8)

  Process: 917 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)

 Main PID: 944 (sshd)

   CGroup: /system.slice/sshd.service

           ├─ 944 /usr/sbin/sshd

           ├─1119 sshd: root@pts/1

           ├─1121 -bash

           └─1215 systemctl status sshd

Apr 12 16:24:02 test systemd[1]: Starting SYSV: OpenSSH server daemon...

Apr 12 16:24:03 test systemd[1]: Started SYSV: OpenSSH server daemon.

Apr 12 16:24:03 test sshd[917]: Starting sshd:[  OK  ]

Apr 12 16:24:03 test sshd[944]: Server listening on 0.0.0.0 port 22.

Apr 12 16:24:03 test sshd[944]: Server listening on :: port 22.

Apr 12 16:25:56 test sshd[1119]: Accepted password for root from 192.168.195.1 port 61...sh3

Hint: Some lines were ellipsized, use -l to show in full.

[root@test ~]# 

重啟sshd服務

[root@test openssh-7.6p1]# service sshd restart  或者用7版本命令:systemctl restart sshd

Restarting sshd (via systemctl):  [  OK  ]

[root@test openssh-7.6p1]# 

方法二:

systemctl status sshd.service

啟動服務:

systemctl start sshd.service

重啟服務:

systemctl restart sshd.service

開機自啟:

systemctl enable sshd.service

重啟操作系統(tǒng)生效

reboot

查看Openssh、Openssl升級情況

[root@test ~]# ssh -V

OpenSSH_7.6p1, OpenSSL 1.0.2o  27 Mar 2018

[root@test ~]# 

[root@test ~]# 

查看Bash當前版本

[root@test ~]# rpm -qa|grep bash

bash-4.2.46-28.el7.x86_64

[root@test ~]# 

升級Bash

[root@test ]# cd /soft

[root@test soft]# ll

total 8506556

-rw-r--r--   1 root root     1036336 Apr 18 14:00 bash-4.2.46-29.el7_4.x86_64.rpm

[root@test soft]# 

[root@test soft]# 

[root@test soft]# rpm -Uvh bash-4.2.46-29.el7_4.x86_64.rpm 

warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bash-4.2.46-29.el7_4             ################################# [ 50%]

Cleaning up / removing...

   2:bash-4.2.46-28.el7               ################################# [100%]

[root@test soft]# 

[root@test soft]# 

[root@test ~]# rpm -qa|grep bash

bash-4.2.46-29.el7_4.x86_64

[root@test ~]# 

上述內容就是RHEL7X_CentOS7X_怎么升級成Openssh7.6p1,你們學到知識或技能了嗎?如果還想學到更多技能或者豐富自己的知識儲備,歡迎關注億速云行業(yè)資訊頻道。

向AI問一下細節(jié)

免責聲明:本站發(fā)布的內容(圖片、視頻和文字)以原創(chuàng)、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI