银河麒麟系统升级openssh至9.7p1
升级过程建议参照链接
https://blog.csdn.net/zt19820204/article/details/137877652
当前环境
开始安装
# 1.查看当前服务器的openssh版本
ssh -V# 2.openssh下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/# 3.升级openssh,很容易导致远程连接失败,强烈建议参照如下链接,开启telnet的备用访问方式;
https://www.cnblogs.com/subsea/p/17628083.htmlsystemctl start telnet.socket#查看telnet服务状态
systemctl status telnet.socketsystemctl enable telnet.socket#要确保telnet服务开机能自启firewall-cmd --list-allfirewall-cmd --permanent --add-port=23/tcpfirewall-cmd --reload
升级步骤
备份原有OpenSSH
#备份openssh配置cp -rf /etc/ssh /etc/ssh.bak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /etc/pam.d /etc/pam.d.bak
cp -rf /usr/lib/systemd/system /system.bak#几个命令
find / -name sshd.serviceless /usr/lib/systemd/system/sshd.service
安装zlib
#1.进入zlib-1.3.1目录
cd /usr/local/soft
tar -zxvf zlib-1.2.13.tar.gz
cd /usr/local/soft/zlib-1.2.13
#2.配置
./configure --prefix=/usr/local/zlib_1.2.13
#3.编译及安装(编译时间预计几分钟,视机器而定)
make -j 4 && make test && make install
升级openssl
#注:如果已安装openssl,则先卸载再安装 kylin v10 sp2: yum -y remove openssltar -zxvf openssl-3.3.0.tar.gzcd openssl-3.3.0mkdir /usr/local/openssl_3.3.0ls -l /usr/local/openssl_3.3.0mkdir buildcd build../config --prefix=/usr/local/openssl_3.3.0make -j 4 && make install#清理旧版本文件
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib64/libssl.so
rm -rf /usr/lib64/libcrypto.so
rm -rf /usr/lib/libssl.so
rm -rf /usr/lib/libcrypto.sorm -rf /usr/lib/libssl.so.3
rm -rf /usr/lib64/libssl.so.3
rm -rf /usr/lib64/libcrypto.so.3
rm -rf /usr/lib/libcrypto.so.3#建立库文件软链接sudo ln -s /usr/local/openssl_3.3.0/bin/openssl /usr/bin/openssl
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib/libssl.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib64/libssl.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib/libcrypto.so
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib64/libcrypto.sosudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib/libssl.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudo ln -s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3#查看openssl版本号
openssl version
升级openssh
#老版本卸载
#1.卸载openssh7.4p1
yum remove -y openssh
#2.清理残余文件
rm -rf /etc/ssh/*tar -xzf openssh-9.7p1.tar.gz#1.进入openssh-9.7p1目录
cd openssh-9.7p1#2.配置
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl_3.3.0 --with-zlib=/usr/local/zlib_1.2.13
#3.编译及安装
make -j 4 && make install
#4.查看目录版本
/usr/local/ssh/bin/ssh -V
#5.复制新ssh文件
cp -rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.pam /etc/pam.d/sshdcp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#6.允许root登录
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config#重启sshd服务
/etc/init.d/sshd restart
#或者
systemctl daemon-reload
#查看服务运行状态
/etc/init.d/sshd status
#添加开机启动
chkconfig --add sshd
#查看升级后ssh版本
ssh -V
关闭telnet自启动服务
#禁止服务自启动
systemctl disable telnet.socketsystemctl stop telnet.socketsystemctl status telnet.service#关闭防火墙23端口
firewall-cmd --permanent --zone=public --remove-port=23/tcpfirewall-cmd --reload