OpenSSH 是 SSH (Secure SHell) 协议的免费开源实现。SSH协议族可以用来进行远程控制, 或在计算机之间传送文件。而实现此功能的传统方式,如telnet(终端仿真协议)、 rcp ftp、 rlogin、rsh都是极为不安全的,并且会使用明文传送密码。OpenSSH提供了服务端后台程序和客户端工具,用来加密远程控制和文件传输过程中的数据,并由此来代替原来的类似服务。
网络安全一刻也不能放松,为了系统安全尽量将 OPENSSH 升级到最新版本,目前最新版本为 8.2 P1,下面开始准备升级。
pts/0
pts/1
pts/2
pts/3
备份原先的 openssl 文件
mv /usr/bin/openssl /usr/bin/openssl.old编译、安装无误后,下面开始配置 OPENSSL
设置 openssl 命令的软链接!/bin/bash
************************************
author: GF
version: 1.0
date: 2021-05-23
description:
FileName: openssh.sh
************************************
if [[ `id -u` != "0" ]]; then
echo "not root!"
exit 1;
fi
if [[ -n `ping -c3 www.baidu.com` ]]; then
yum -y install epel-release &> /dev/null
sleep 1;yum -y install perl gcc gcc-c++ glibc make &> /dev/null
sleep 1;yum -y group install 'Development Tools' &> /dev/null
sleep 1;yum -y install pam-devel libselinux-devel zlib-devel openssl-devel &> /dev/null
sleep 1;echo "Dependency installed successfully !"
sleep 1
else
echo "Network is unreachable !"
exit 2;
fi
if [[ `echo $?` == "0" ]]; then
echo "Dependency installed successfully !"
else
echo "Dependency installed not successfully!"
exit 3;
fi
if [[ -f ./openssl-1.1.1j.tar.gz ]]; then
tar xf ./openssl-1.1.1j.tar.gz &> /dev/null
sleep 2;cd ./openssl-1.1.1j
sleep 2;./config --prefix=/usr/local/openssl &> /dev/null && make clean &> /dev/null && make -j 4 &> /dev/null && make install &> /dev/null
fi
if [[ `echo $?` != "0" ]]; then
echo "openssl 1.1.1j make install is faild !"
exit 4;
else
echo "openssl 1.1.1j make and make install is OK!"
sleep 1
sleep 1;mv -f /usr/bin/openssl /usr/bin/openssl.old &> /dev/null
sleep 1;mv -f /usr/lib64/openssl /usr/lib64/openssl.old &> /dev/null
sleep 1;mv -f /usr/lib64/libssl.so /usr/lib64/libssl.so.old &> /dev/null
sleep 1; ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl &> /dev/null
sleep 1; ln -s /usr/local/openssl/include/openssl /usr/include/openssl &> /dev/null
sleep 1; ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so &> /dev/null
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
ldconfig -v &> /dev/null
fi
/usr/bin/openssl version | grep -o "OpenSSL 1.1.1j" &> /dev/null
if [[ `echo $?` != "0" ]]; then
echo "openssl 1.1.1j is not updata !"
exit 5;
else
echo "openssl 1.1.1j updata is ok!"
cd ../
rm -rf ./openssl-1.1.1j
fi
if [[ -f ./openssh-8.5p1.tar.gz ]]; then
mkdir -p /bak/sshbak &> /dev/null
mv -f /etc/ssh/* /bak/sshbak
tar xf ./openssh-8.5p1.tar.gz &> /dev/null
sleep 2;cd ./openssh-8.5p1
sleep 2;./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-pam=enable &> /dev/null&& make clean &> /dev/null&& make -j 4 &> /dev/null && make install &> /dev/null
else
echo "openssh-8.5p1.tar.gz not found !"
exit 12;
fi
if [[ `echo $?` != "0" ]]; then
echo "openssh 8.5p1 not make install !"
exit 6;
else
echo "openssh 8.5p1 make install is ok!"
fi
if [[ -f ./contrib/redhat/sshd.init ]]; then
install ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
else
echo "sshd.init file not found!"
exit 7;
fi
if [[ -f ./contrib/redhat/sshd.pam ]]; then
install ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
else
echo "sshd.pam file not found!"
exit 11;
fi
if [[ `echo $?` != "0" ]]; then
echo "openssh not make install !"
exit 8;
fi
if [[ -f /etc/ssh/sshd_config ]]; then
sed -i "s/PermitRootLogin .*/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/PermitRootLogin .*/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "s/PasswordAuthentication .*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/PasswordAuthentication .*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/PermitEmptyPasswords .*/PermitEmptyPasswords no/g" /etc/ssh/sshd_config
sed -i "s/PermitEmptyPasswords .*/PermitEmptyPasswords no/g" /etc/ssh/sshd_config
sed -i "s/UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
sed -i "s/UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
sed -i "s/UseDNS no/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
else
echo "file /etc/ssh/sshd_config is not found !"
exit 9:
fi
if [[ `echo $?` = "0" ]]; then
mv -f /usr/lib/systemd/system/sshd.service /bak/sshbak &> /dev/null
mv -f /usr/lib/systemd/system/sshd.socket /bak/sshbak &> /dev/null
systemctl daemon-reload && sleep 1 &&systemctl restart sshd &&chkconfig sshd on
else
echo "sshd service not start !"
exit 10;
fi
if [[ `echo $?` == "0" ]]; then
echo "sshd service is start!"
cd ../
rm -rf ./openssh-8.5p1
else
echo "sshd service is not start !"
exit 13;
fi
ss -a|grep ssh
ssh -V
openssl version
测试
网站声明:如果转载,请联系本站管理员。否则一切后果自行承担。
加入交流群
请使用微信扫一扫!