银河麒麟系统升级openssh至9.7p1
升级过程建议参照链接
https://blog.csdn.net/zt19820204/article/details/137877652
当前环境
开始安装
# 1.查看当前服务器的openssh版本
ssh -V
# 2.openssh下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
# 3.升级openssh,很容易导致远程连接失败,强烈建议参照如下链接,开启telnet的备用访问方式;
https://www.cnblogs.com/subsea/p/17628083.html
systemctl start telnet.socket
#查看telnet服务状态
systemctl status telnet.socket
systemctl enable telnet.socket
#要确保telnet服务开机能自启
firewall-cmd --list-all
firewall-cmd --permanent --add-port=23/tcp
firewall-cmd --reload
升级步骤
备份原有OpenSSH
#备份openssh配置
cp -rf /etc/ssh /etc/ssh.bak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /etc/pam.d /etc/pam.d.bak
cp -rf /usr/lib/systemd/system /system.bak
#几个命令
find / -name sshd.service
less /usr/lib/systemd/system/sshd.service
安装zlib
#1.进入zlib-1.3.1目录
cd /usr/local/soft
tar -zxvf zlib-1.2.13.tar.gz
cd /usr/local/soft/zlib-1.2.13
#2.配置
./configure --prefix=/usr/local/zlib_1.2.13
#3.编译及安装(编译时间预计几分钟,视机器而定)
make -j 4 && make test && make install
升级openssl
#注:如果已安装openssl,则先卸载再安装 kylin v10 sp2:
yum -y remove openssl
tar -zxvf openssl-3.3.0.tar.gz
cd openssl-3.3.0
mkdir /usr/local/openssl_3.3.0
ls -l /usr/local/openssl_3.3.0
mkdir build
cd build
../config --prefix=/usr/local/openssl_3.3.0
make -j 4 && make install
#清理旧版本文件
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib64/libssl.so
rm -rf /usr/lib64/libcrypto.so
rm -rf /usr/lib/libssl.so
rm -rf /usr/lib/libcrypto.so
rm -rf /usr/lib/libssl.so.3
rm -rf /usr/lib64/libssl.so.3
rm -rf /usr/lib64/libcrypto.so.3
rm -rf /usr/lib/libcrypto.so.3
#建立库文件软链接
sudo ln -s /usr/local/openssl_3.3.0/bin/openssl /usr/bin/openssl
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib/libssl.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib64/libssl.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib/libcrypto.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib64/libcrypto.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib/libssl.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3
#查看openssl版本号
openssl version
升级openssh
#老版本卸载
#1.卸载openssh7.4p1
yum remove -y openssh
#2.清理残余文件
rm -rf /etc/ssh/*
tar -xzf openssh-9.7p1.tar.gz
#1.进入openssh-9.7p1目录
cd openssh-9.7p1
#2.配置
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl_3.3.0 --with-zlib=/usr/local/zlib_1.2.13
#3.编译及安装
make -j 4 && make install
#4.查看目录版本
/usr/local/ssh/bin/ssh -V
#5.复制新ssh文件
cp -rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#6.允许root登录
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
#重启sshd服务
/etc/init.d/sshd restart
#或者
systemctl daemon-reload
#查看服务运行状态
/etc/init.d/sshd status
#添加开机启动
chkconfig --add sshd
#查看升级后ssh版本
ssh -V
关闭telnet自启动服务
#禁止服务自启动
systemctl disable telnet.socket
systemctl stop telnet.socket
systemctl status telnet.service
#关闭防火墙23端口
firewall-cmd --permanent --zone=public --remove-port=23/tcp
firewall-cmd --reload
