####掛載系統鏡像文件ISO#####
mount -o loop xxxx.iso /mnt/
cd /etc/yum.repos.d/
mkdir backup
mv Cen* backup/
cd backup
mv Cen*Me* /etc/yum.repos.d/
vim Cen*M*
將 enabled設置爲 1 ,在baseurl後面添加掛載路徑:file:///mnt/
###############################################
##########先升級ssl,後升級ssh#################
##############################################
yum install gcc wget -y
在線升級oepnssl
cd /opt && wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz --no-check-certificate
tar --no-same-owner -zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config --prefix=/usr/local/ssl -d shared
###yum -y install perl 缺少perl的話,需要安裝perl
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -sf /usr/local/ssl/bin/openssl /usr/bin/openssl
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version
###############################################
##########先升級ssl,後升級ssh#################
##############################################
在線升級ssh
yum -y install wget
# 1、升級準備
######cd /opt && wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
cd /opt && wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
# 2、安裝依賴軟件包
yum install gcc -y
#yum install pam-devel libselinux-devel zlib-devel openssl-devel -y ###不用這個
yum install pam-devel libselinux-devel zlib-devel -y
# 3、備份ssh(非常重要,請嚴格執行)
mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
# 4、編譯安裝
cd /opt && tar -zxvf openssh-8.8p1.tar.gz
chown root.root /opt/openssh-8.8p1
cd /opt/openssh-8.8p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam \
--with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make && make install
# 5、授權
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
# 6、複製配置文件並設置允許root用戶遠程登錄
cd /opt/openssh-8.8p1
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod u+x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak
# 7、修改ssh配置
#vim /etc/ssh/sshd_config
#PermitRootLogin yes
#PasswordAuthentication yes
#UseDNS no
#UsePAM yes
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
# 8、設置開機自啓
chkconfig --add sshd
chkconfig sshd on
# 9、重啓ssh服務
systemctl daemon-reload
systemctl restart sshd
# 10、驗證
[root@lvs-keepalived-02 ~]# ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips 26 Jan 2017