一、挂载光盘镜像,建立本地yum源
1.上传系统镜像到服务器中的software目录下面
2. #挂载Linux镜像
mount -o loop -t iso9660 software/CentOS-7-x86_64-DVD-1708.iso /media
3.备份原有yum源
cd /etc/yum.repos.d
mkdir old_repo
mv *.repo old_repo/
4.#配置本地yum,新建
vi /etc/yum.repos.d/local.repo
添加:
[local_server]
name=This is a local repo
baseurl=file:///media
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
5.对yum进行初始化操作:
//清除缓存
yum clean all
//建立新缓存
yum makecache
6.使用统计个数
yum list | wc -l
二、安装Openssh7.9
安装包:
openssh-7.9p1.tar.gz
openssl-1.0.2m.tar.gz
zlib-1.2.11.tar.gz
(下载链接 openssh7.9安装包资源)
- 将文件夹上传到software文件夹中
- 安装GCC
yum -y install gcc
gcc --version
- 安装telnet服务
yum install -y telnet-server
yum install -y xinetd
systemctl start telnet.socket
systemctl start xinetd
开启telnet防火墙23端口:
查看telnet23端口是否打开
firewall-cmd --query-port=23/tcp
no
显示23端口没有开启使用下面命令开启23端口
firewall-cmd --zone=public --add-port=23/tcp --permanent
success
重新加载firewall-cmd
firewall-cmd --complete-reload
success
重新查询23端口是否开放
firewall-cmd --query-port=23/tcp
yes
新建一个用户用于telnet远程登录
cp -r /etc/ssh /etc/ssh.old #开始准备安装openssh
rpm -qa|grep openssh
rpm -e --nodeps openssh-clients-7.4p1-11.el7.x86_64
rpm -e --nodeps openssh-7.4p1-11.el7.x86_64
rpm -e --nodeps openssh-server-7.4p1-11.el7.x86_64
rpm -qa|grep openssh
4.安装
install -v -m700 -d /var/lib/sshd &&
chown -v root:sys /var/lib/sshd &&
groupadd -g 50 sshd &&
useradd -c 'sshd PrivSep' \
-d /var/lib/sshd \
-g sshd \
-s /bin/false \
-u 50 sshd
5.安装zlib
cd /root/software/openssh7.9
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib-1.2.11 -share
make
make test
make install
echo "/usr/local/zlib-1.2.11/lib" >> /etc/ld.so.conf
ldconfig -v
ln -s /usr/local/zlib-1.2.11 /usr/local/zlib
6.安装Perl5
yum install perl*
7.安装openssl-1.0.2m
cd /root/software/openssh7.9
tar zxvf openssl-1.0.2m.tar.gz
cd openssl-1.0.2m
./config shared zlib-dynamic --prefix=/usr/local/openssl-1.0.2m --with-zlib-lib=/usr/local/zlib-1.2.11/lib --with-zlib-include=/usr/local/zlib-1.2.11/include
make
make test
make install
echo "/usr/local/openssl-1.0.2m/lib" >> /etc/ld.so.conf
ldconfig -v
ln -s /usr/local/openssl-1.0.2m /usr/local/openssl
echo "export PATH=/usr/local/openssl/bin:\$PATH" >> /etc/profile
8.安装pam-devel
yum install –y pam-devel
9.安装
cd /root/software/openssh7.9
tar zxf openssh-7.9p1.tar.gz
cd openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib
make
注释配置文件:
vi /etc/ssh/sshd_config #找到并注释掉GSSAPIAuthentication和GSSAPICleanupCredentials
修改权限:
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
make install
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chmod +x /etc/init.d/sshd
chkconfig sshd on
chkconfig --list sshd
systemctl restart sshd.service
ssh -V
10.关闭seLinux
验证selinux是否关闭
getenforce
如果未关闭,关闭之
setenforce 0
上面只是临时关闭了,重启后不生效。下面改配置文件,使永久生效。
vi /etc/selinux/config
修改:
SELINUX=disabled
保存退出
11.关闭telnet服务
systemctl disable telnet.socket
rpm -e --nodeps telnet-server
systemctl restart xinetd
vi /etc/services #注释23号端口
完成!