linux openssh升級

一.先安裝telnet服務

a、以防卸載openssh後連接不到服務器

yum install telnet-server
yum install telnet
yum install -y telnet-server
yum install -y xinetd 
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd

b、默認情況下，系統是不允許root用戶telnet遠程登錄的。如果要使用root用戶直接登錄，需設置如下內容:

echo  'pts/0'  >>/etc/securetty
echo 'pts/1' >>/etc/securetty

systemctl restart xinetd.service

c、測試

[root@localhost ~]#telnet

二.升級開始:(注意 : 關閉SELinux)

先把openssh-7.9p1.tar.gz傳到服務器上 , 在進行升級的一系列操作.

1.yum安裝依賴
yum install -y gcc openssl openssl-devel pam-devel rpm-build pam-devel

2.卸載openssh

[root@localhost src]# rpm -qa | grep openssh
[root@localhost src]# rpm -e `rpm -qa | grep openssh` --nodeps
[root@localhost src]# rpm -qa | grep openssh

3.安裝openssh7.9
(參考,包在這裏下載 http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html )
install -v -m700 -d /var/lib/sshd && chown -v root:sys /var/lib/sshd && groupadd -g 50 sshd && useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

[root@localhost src]# tar -zxvf openssh-7.9p1.tar.gz 
[root@localhost src]# cd openssh-7.9p1

 

[root@localhost src]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ed25519_key
[root@localhost src]#  make && make install

4.執行如下命令
install -v -m755 contrib/ssh-copy-id /usr/bin && install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 && install -v -m755 -d /usr/share/doc/openssh-7.9p1 && install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1

[root@localhost openssh-7.9p1]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2k-fips  26 Jan 2017

5.允許root遠程登錄 , 開機自啓

[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-7.9p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-7.9p1]# chkconfig --add sshd
[root@localhost openssh-7.9p1]# chkconfig sshd on
[root@localhost openssh-7.9p1]# service sshd start
Starting sshd (via systemctl):                             [  OK  ]
[root@localhost openssh-7.9p1]# service sshd restart
Restarting sshd (via systemctl):                           [  OK  ]
[root@localhost openssh-7.9p1]# chkconfig --list sshd

三.把telnet關掉

[root@localhost openssh-7.9p1]# rpm -qa telnet-server
telnet-server-0.17-64.el7.x86_64
[root@localhost openssh-7.9p1]# systemctl stop telnet.socket 
[root@localhost openssh-7.9p1]# systemctl stop xinetd
[root@localhost openssh-7.9p1]# systemctl disable xinetd.service   
Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.
[root@localhost openssh-7.9p1]# systemctl disable telnet.socket
Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.

[root@RHEL5 ~]# rpm -qa | grep telnet
telnet-0.17-38.el5
telnet-server-0.17-38.el5
[root@RHEL5 ~]# rpm -e telnet-0.17-38.el5 # -e參數表示刪除rpm包
[root@RHEL5 ~]# rpm -e telnet-server-0.17-38.el5