升级之前需要注意几点:
1 必须要有自己的镜像,必须自己做好本地yum源(可以连接外网,能够有网络yum源也可以)
2 配置好基本的升级环境。在升级openssh时需要依赖openssl和zlib。一般系统自带的版本都比较低,而要升级到较高版本的openssh,就对依赖软件的版本有要求
一般试用源码编译的方式进行升级。需要编译则必须要有编译环境
3 依次按顺序升级zlib,openssl和openssh
4 在安装zlib之前,需要试用telnet连接到服务器,并且需要验证ftp是否可以正常上传文件(使用的匿名方式)。这两种途径是解决openssh升级失败的唯一方法。
5 待所有软件升级完毕之后,需要在telnet连接的服务端哪里启动sshd服务,注意不要直接试用restart。需要先试用start,然后在次试用restart。否则服务器会断开。
6 环境及依赖版本:openssh-7.7p1.tar.gz openssl-1.0.2o.tar.gz zlib-1.2.11.tar.gz
对应软件下载地址:
zlib下载地址:链接:https://pan.baidu.com/s/1Ez10B_16pOytBZMQ9JueKQ 提取码:yr98
openssl下载地址:链接:https://pan.baidu.com/s/1oJKL77ZB1n6kzQQYMDOsaQ 提取码:9x0a
openssh下载地址:链接:https://pan.baidu.com/s/1Lr4Ww_2NDBLwaQAvSB-7jw 提取码:fpg5
7 下面是不成熟的脚本,没有逻辑判断,假设的是所有的命令执行成功的情况下进行的,如果要试用下面的脚本,需要谨慎试用。
#!/bin/bash #Describle:update openssh to 7.7p1 on linux6.7 #Tue Oct 9 17:15:19 CST 2018 #Mail:Michael92@126.com #Before updating openssh,you need to be ready for some environments. #In order to avoid downloading too many rpm packages,the best way is downloading the right iso images and make a local yum repository. #After that,you can use the yum install some local servers,such as perl,vsftpd,telnet,telnet-server,pam-devel,gcc,gcc-c++. #Then,you have to update the zlib to 1.2.11 and update openssl to 1.0.2o(This is the lowest version that openssh7.7p1 have dependence) #The last but not the least,update openssh to 7.7p1 and clean up your environment. #1 Now,the next is building a local repository mkdir /iso #$1 is the directory of your iso images mount -o loop $1 /iso cat >>/etc/yum.repos.d/local.repo<<EOF [localrepo] name = localrepo baseurl = file:///iso enabled = 1 gpgcheck = 0 EOF yum clean all yum repolist # 2 Try to use yum install some basical environment yum -y install perl vsftpd telnet telnet-server pam-devel gcc gcc-c++ #Check whether install successfully gcc -v perl -v # 3 install telnet and vsftpd. telnet is the last way to link you server and vsftp is the last way to transfer files echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anonymous_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "anon_umask=022" >> /etc/vsftpd/vsftpd.conf echo "no_anon_password=YES" >> /etc/vsftpd/vsftpd.conf chown ftp /var/ftp -R /etc/init.d/vsftpd restart echo "You have 60 seconds to check whether you can use telnet" for ((i=30;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done # Modify telnet configure file and check it sed -i 's/yes/no/g' /etc/xinetd.d/telnet mv /etc/securetty /etc/securetty.old chkconfig xinetd on echo "You have 30 seconds to check whether you can use telnet" for ((i=30;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done #4 Update zlib to use resource way tar -zxvf ./zlib-1.2.11.tar.gz || exit 6 cd zlib-1.2.11 ./configure --prefix=/usr make || exit 6 rpm -e --nodeps zlib make install echo '/usr/lib' >> /etc/ld.so.conf ldconfig cd .. ZlibDirectory=`find /usr/ -name zlib.pc` cat $ZlibDirectory #5 Update openssl
tar -zxvf ./openssl-1.0.2o.tar.gz || exit 7
mv /usr/lib64/openssl /usr/lib64/openssl.old mv /usr/bin/openssl /usr/bin/openssl.old mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old rpm -qa |grep openssl|xargs -i rpm -e --nodeps {} cd openssl-1.0.2o ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib #必须加上--shared,否则编译时会找不到新安装的openssl的库而报错 make make test #必须执行这一步结果为pass才能继续,否则即使安装完成,ssh也无法使用 make install openssl version -a cd .. sleep 10 mv /usr/lib64/libcrypto.so.10.old /usr/lib64/libcrypto.so.10 mv /usr/lib64/libssl.so.10.old /usr/lib64/libssl.so.10 #6 Update openssh
tar -zxvf ./openssh-7.7p1.tar.gz || exit 8
mv /etc/ssh /etc/ssh.old rpm -qa |grep openssh|xargs -i rpm -e --nodeps {} install -v -m700 -d /var/lib/sshd chown -v root:sys /var/lib/sshd groupadd -g 50 sshd useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd cd openssh-7.7p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd --with-tcp-wrappers make make install install -v -m755 contrib/ssh-copy-id /usr/bin install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 install -v -m755 -d /usr/share/doc/openssh-7.7p1 install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.7p1 ssh -V for ((i=10;i>0;i--));do echo -e "\033[31m$i\033[0m" sleep 1 done echo 'X11Forwarding yes' >> /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允许root用户通过ssh登录 cp -p contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd chkconfig sshd on # The last you have to use telnet to link the server and reboot the sshd /etc/init.d/sshd start /etc/init.d/sshd restart
tar -zxvf ./openssl-1.0.2o.tar.gz