我是將自帶的openssh升級到6.0
參考了原文。
要注意的幾點是:
1.sshd一旦停止運行,就不能在通過ssh連接該機器。要通過別的登陸方法啓動ssh。
2.如果出現sshd dead but subsys locked,應該是sshd的配置等不對。
儘量在./configure --prefix=/usr --sysconfdir=/etc/ssh指定config的放置目錄。
我在跟新時,configure只帶了--prefix=/usr --sysconfdir=/etc/ssh 兩個參數,也成功安裝了ssh
原文請看:http://300second.blog.51cto.com/7582/788560
上傳至/usr/local/src目錄,查看: [root@server ~]# cd /usr/local/src [root@server src]# ls [root@server src]# ls openssh-5.6p1.tar.gz openssl-1.0.0c.tar.gz zlib-1.2.5.tar.gz [root@server src]# |
[root@server ~]# ssh -v OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-w tunnel:tunnel] [user@]hostname [command] |
注意: 安裝之前確保已經裝有gcc、gcc-c++庫 [root@server src]# rpm -qa gcc [root@server src]# rpm -qa gcc-c++ 如果沒有安裝可以用yum直接聯網安裝: [root@server src]# yum -y install gcc [root@server src]# yum -y install gcc-c++ |
確保已經安裝了gcc和gcc-c++庫後,開始安裝zlib-1.2.5
[root@server zlib-1.2.5]# vi /etc/ld.so.conf #配置庫文件搜索路徑 |
[root@server src]# tar -zxvf openssl-1.0.0c.tar.gz [root@server src]# cd openssl-1.0.0c [root@server openssl-1.0.0c]# ./config shared zlib-dynamic --prefix=/usr/local/openssl-1.0.0c --with-zlib-lib=/usr/local/zlib-1.2.5/lib --with-zlib-include=/usr/local/zlib-1.2.5/include [root@server openssl-1.0.0c]# make [root@server openssl-1.0.0c]# make test (這一步是進行 SSL 加密協議的完整測試,如果出現錯誤就要一定先找出原因,否則可能導致SSH不能用) [root@server openssl-1.0.0c]# make install [root@server openssl-1.0.0c]# vi /etc/ld.so.conf #配置庫文件搜索路徑 增加下列一行 /usr/local/openssl-1.0.0c/lib #64位OS 沒有生成lib目錄,是lib64目錄 [root@server openssl-1.0.0c]# ldconfig -v #刷新緩存文件/etc/ld.so.cache [root@server openssl-1.0.0c]# vi /etc/profile #將新的ssl加入PATH變量中 增加下列兩行 PATH=/usr/local/openssl/bin:$PATH export PATH 保存、退出 [root@server openssl-1.0.0c]# find / -name openssl #查找openssl所在系統位置 /usr/lib/openssl #舊的 /usr/local/openssl-1.0.0c/include/openssl #新的 /usr/local/openssl-1.0.0c/bin/openssl #新的 /usr/bin/openssl #舊的 接下來開始替換系統原來的SSL [root@server openssl-1.0.0c]# cp -R /usr/bin/openssl /usr/bin/oldopenssl [root@server openssl-1.0.0c]# cp -R /usr/lib/openssl /usr/lib/oldopenssl [root@server openssl-1.0.0c]# rm -rf /usr/lib/libcrypto.so [root@server openssl-1.0.0c]# rm -rf /usr/lib/libssl.so [root@server openssl-1.0.0c]# ln -s /usr/local/openssl-1.0.0c/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so [root@server openssl-1.0.0c]# ln -s /usr/local/openssl-1.0.0c/lib/libssl.so.1.0.0 /usr/lib/libssl.so [root@server openssl-1.0.0c]# cp -r /usr/local/openssl-1.0.0c/lib/* /usr/lib/openssl [root@server openssl-1.0.0c]# echo /usr/local/openssl-1.0.0c/lib >> /etc/ld.so.conf [root@server openssl-1.0.0c]# ldconfig -v [root@server openssl-1.0.0c]# openssl version -v #查看openssl的新版本號 OpenSSL 1.0.0c 2 Dec 2010 |
[root@server openssl-1.0.0c]# rpm -qa openssh openssh-4.3p2-41.el5 [root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el5 error: Failed dependencies: openssh = 4.3p2-41.el5 is needed by (installed) openssh-clients-4.3p2-41.el5.i386 openssh = 4.3p2-41.el5 is needed by (installed) openssh-server-4.3p2-41.el5.i386 openssh = 4.3p2-41.el5 is needed by (installed) openssh-askpass-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-askpass-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-server-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-clients-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el |
[root@server src]# tar -zxvf openssh-5.6p1.tar.gz [root@server src]# cd openssh-5.6p1 [root@server openssh-5.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl-1.0.0c --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib-1.2.5 --without-openssl-header-check 出現:configure: error: PAM headers not found 錯誤 說明系統中沒有安裝pam-devel RPM 包,找到安裝光盤,安裝pam-devel或者用yum直接安裝 [root@server openssh-5.6p1]# yum -y install pam* 安裝完PAM相關包後,再重新編譯 [root@server openssh-5.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl-1.0.0c --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib-1.2.5 --without-openssl-header-check [root@server openssh-5.6p1]# make [root@server openssh-5.6p1]# make install [root@server openssh-5.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd [root@server openssh-5.6p1]# chmod +x /etc/init.d/sshd [root@server openssh-5.6p1]# chkconfig --add sshd [root@server openssh-5.6p1]# service sshd start 正在啓動 sshd:WARNING: initlog is deprecated and will be removed in a future release [確定] 這時出現“WARNING: initlog is deprecated and will be removed in a future release ”錯誤,可能是前面編譯安裝ssh在啓動服務的時候沒有更改文件路徑,解決方法是:編輯/etc/init.d/sshd
然後再重新啓動sshd服務,正常 [root@server openssh-5.6p1]# /etc/init.d/sshd restart 停止 sshd:[確定] 正在啓動 sshd:[確定] 最後使用ssh -v查看當前的SSH版本: [root@server openssh-5.6p1]# ssh -v OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010 usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] OK,升級完成。 |