openssh內網升級

一、安裝telnet

1.上傳如下的rpm安裝包

http://mirrors.163.com/centos/7.6.1810/os/x86_64/Packages/telnet-0.17-64.el7.x86_64.rpm
http://mirrors.163.com/centos/7.6.1810/os/x86_64/Packages/telnet-server-0.17-64.el7.x86_64.rpm
http://mirrors.163.com/centos/7.6.1810/os/x86_64/Packages/xinetd-2.3.15-13.el7.x86_64.rpm

2.安裝telnet

rpm -ivh xinetd-2.3.15-13.el7.x86_64.rpm
rpm -ivh telnet-server-0.17-64.el7.x86_64.rpm
rpm -ivh telnet-0.17-64.el7.x86_64.rpm

3.配置telnet（這步必須確保操作正確，否則telnet無法連接）

cat <<EOF>> /etc/securetty
pts/0
pts/1
pts/2
pts/3
pts/4
EOF
tail -n 5 /etc/securetty

4.啓動telnet

systemctl enable xinetd
systemctl start xinetd
systemctl status xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl status telnet.socket

5.防火牆放行（也可直接關閉防火牆）

firewalld-cmd --permanent --zone=public --add-port=23/tcp
firewalld-cmd --reload

二、安裝pam-devel

1.先查看是否安裝了pam及其版本

rpm -qa | grep pam

 

2.若已經安裝了pam，則安裝同一個版本的pam-devel

例如rpm -qa | grep pam搜出的rpm版本是pam-1.1.8-18.el7.x86_64
那麼就需要安裝pam-devel-1.1.8-18.el7.x86_64.rpm
在這個頁面中的搜索框中搜一下就有了：http://rpm.pbone.net/index.php3/stat/3/limit/2/srodzaj/1/dl/40/search
ftp://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/7.4/x86_64/os/Packages/pam-devel-1.1.8-18.el7.x86_64.rpm
rpm -ivh pam-devel-1.1.8-18.el7.x86_64.rpm

 

3.若未安裝pam，則下載最新版的安裝即可

http://mirrors.aliyun.com/centos/7/os/x86_64/Packages/pam-1.1.8-22.el7.x86_64.rpm
http://mirrors.aliyun.com/centos/7/os/x86_64/Packages/pam-devel-1.1.8-22.el7.x86_64.rpm
rpm -ivh pam-1.1.8-22.el7.x86_64.rpm 
rpm -ivh pam-devel-1.1.8-22.el7.x86_64.rpm

三、安裝zlib

1.上傳如下的安裝包

http://www.zlib.net/fossils/zlib-1.2.11.tar.gz

 

2.解壓並安裝

tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib-1.2.11 -share
make && make install
ln -s /usr/local/zlib-1.2.11 /usr/local/zlib

 

3.將zlib動態函數庫加載到高速緩存中

echo "/usr/local/zlib-1.2.11/lib" >> /etc/ld.so.conf
ldconfig -v

四、安裝openssl

1.上傳如下的安裝包

http://distfiles.macports.org/openssl/openssl-1.0.2m.tar.gz

 

2.解壓並安裝

tar zxvf openssl-1.0.2m.tar.gz
cd openssl-1.0.2m
./config shared zlib-dynamic --prefix=/usr/local/openssl-1.0.2m --with-zlib-lib=/usr/local/zlib-1.2.11/lib --with-zlib-include=/usr/local/zlib-1.2.11/include
make
make test   #若有報錯時一定要先解決，不要往下執行
make install
ln -s /usr/local/openssl-1.0.2m /usr/local/openssl

3.將openssl動態函數庫加載到高速緩存中

echo "/usr/local/openssl-1.0.2m/lib" >> /etc/ld.so.conf   
ldconfig -v

 

4.將openssl工具集路徑加入到path路徑中

echo 'export PATH=/usr/local/openssl/bin:$PATH' >> /etc/profile
source /etc/profile

 

5.查看openssl的版本號，以驗正是否安裝正確

openssl version -a 

 

五、卸載舊版openssh

1.如果舊版是rpm安裝的話

rpm -qa | grep openssh | xargs rpm -e --nodeps
rm -rf /etc/ssh/ssh_host*

 

2.如果舊版是編譯安裝的話

找到之前的安裝包，在裏面執行：
make uninstall
rm -rf /etc/ssh/ssh_host*

六、安裝新版openssh

1.上傳如下的安裝包

https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

2.解壓並安裝

tar -xzvf openssh-8.0p1.tar.gz
cd openssh-8.0p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib --mandir=/usr/share/man 
make && make install

3.進行必要的配置

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i '/UsePAM no/c\UsePAM yes' /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd 
chmod +x /etc/init.d/sshd 
sed -i '/^Subsystem/c\Subsystem sftp /usr/libexec/sftp-server' /etc/ssh/sshd_config
sed -i '/^SELINUX=enforcing/c\SELINUX=disabled' /etc/selinux/config
setenforce 0

 

4.設置sshd開機自啓動

chkconfig --add sshd 
chkconfig sshd on 
chkconfig --list sshd 

 

5.重啓sshd並查看版本

systemctl restart sshd
ssh -V