一、掛載光盤鏡像,建立本地yum源
1.上傳系統鏡像到服務器中的software目錄下面
2. #掛載Linux鏡像
mount -o loop -t iso9660 software/CentOS-7-x86_64-DVD-1708.iso /media
3.備份原有yum源
cd /etc/yum.repos.d
mkdir old_repo
mv *.repo old_repo/
4.#配置本地yum,新建
vi /etc/yum.repos.d/local.repo
添加:
[local_server]
name=This is a local repo
baseurl=file:///media
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
5.對yum進行初始化操作:
//清除緩存
yum clean all
//建立新緩存
yum makecache
6.使用統計個數
yum list | wc -l
二、安裝Openssh7.9
安裝包:
openssh-7.9p1.tar.gz
openssl-1.0.2m.tar.gz
zlib-1.2.11.tar.gz
(下載鏈接 openssh7.9安裝包資源)
- 將文件夾上傳到software文件夾中
- 安裝GCC
yum -y install gcc
gcc --version
- 安裝telnet服務
yum install -y telnet-server
yum install -y xinetd
systemctl start telnet.socket
systemctl start xinetd
開啓telnet防火牆23端口:
查看telnet23端口是否打開
firewall-cmd --query-port=23/tcp
no
顯示23端口沒有開啓使用下面命令開啓23端口
firewall-cmd --zone=public --add-port=23/tcp --permanent
success
重新加載firewall-cmd
firewall-cmd --complete-reload
success
重新查詢23端口是否開放
firewall-cmd --query-port=23/tcp
yes
新建一個用戶用於telnet遠程登錄
cp -r /etc/ssh /etc/ssh.old #開始準備安裝openssh
rpm -qa|grep openssh
rpm -e --nodeps openssh-clients-7.4p1-11.el7.x86_64
rpm -e --nodeps openssh-7.4p1-11.el7.x86_64
rpm -e --nodeps openssh-server-7.4p1-11.el7.x86_64
rpm -qa|grep openssh
4.安裝
install -v -m700 -d /var/lib/sshd &&
chown -v root:sys /var/lib/sshd &&
groupadd -g 50 sshd &&
useradd -c 'sshd PrivSep' \
-d /var/lib/sshd \
-g sshd \
-s /bin/false \
-u 50 sshd
5.安裝zlib
cd /root/software/openssh7.9
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib-1.2.11 -share
make
make test
make install
echo "/usr/local/zlib-1.2.11/lib" >> /etc/ld.so.conf
ldconfig -v
ln -s /usr/local/zlib-1.2.11 /usr/local/zlib
6.安裝Perl5
yum install perl*
7.安裝openssl-1.0.2m
cd /root/software/openssh7.9
tar zxvf openssl-1.0.2m.tar.gz
cd openssl-1.0.2m
./config shared zlib-dynamic --prefix=/usr/local/openssl-1.0.2m --with-zlib-lib=/usr/local/zlib-1.2.11/lib --with-zlib-include=/usr/local/zlib-1.2.11/include
make
make test
make install
echo "/usr/local/openssl-1.0.2m/lib" >> /etc/ld.so.conf
ldconfig -v
ln -s /usr/local/openssl-1.0.2m /usr/local/openssl
echo "export PATH=/usr/local/openssl/bin:\$PATH" >> /etc/profile
8.安裝pam-devel
yum install –y pam-devel
9.安裝
cd /root/software/openssh7.9
tar zxf openssh-7.9p1.tar.gz
cd openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib
make
註釋配置文件:
vi /etc/ssh/sshd_config #找到並註釋掉GSSAPIAuthentication和GSSAPICleanupCredentials
修改權限:
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
make install
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chmod +x /etc/init.d/sshd
chkconfig sshd on
chkconfig --list sshd
systemctl restart sshd.service
ssh -V
10.關閉seLinux
驗證selinux是否關閉
getenforce
如果未關閉,關閉之
setenforce 0
上面只是臨時關閉了,重啓後不生效。下面改配置文件,使永久生效。
vi /etc/selinux/config
修改:
SELINUX=disabled
保存退出
11.關閉telnet服務
systemctl disable telnet.socket
rpm -e --nodeps telnet-server
systemctl restart xinetd
vi /etc/services #註釋23號端口
完成!