CentOS7.4升级OpenSSH7.6p1
来源:互联网 发布:杭州java工资 编辑:程序博客网 时间:2024/06/07 07:55
1.安装Telnet服务
包源:mirrors.163.com/centos/7/os/x86_64/Packages/
先安装zlib pam
rpm -ivh zlib-devel-1.2.7-15.el7.x86_64.rpm
rpm -ivh pam-devel-1.1.8-12.el7_1.1.x86_64.rpm
防止安装中途,断开连接导致无法连接。
Ctrl+F 搜索下列包即可。
rpm -ivh xinetd-2.3.14-40.el6.x86_64.rpm
rpm -ivh telnet-server-0.17-48.el6.x86_64.rpm
rpm -ivh telnet-0.17-48.el6.x86_64.rpm
#关闭SELinux
vi /etc/selinux/config
修改“SELINUX=enforcing”值改为“disabled”
#关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service
(查看关闭状态)
#启动Telnet服务
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl enable xinetd
systemctl start xinetd
2.升级OpenSSL-1.0.2m
卸载旧版本
rpm -qa|grep openssl
rpm -e --nodeps xxx
rpm -qa|grep openssh
rpm -e --nodeps xxx
# 下载 https://www.openssl.org/source/openssl-1.0.2m.tar.gz
# 解压openssl-1.0.2m.tar.gz
tar xvf openssl-1.0.2m.tar.gz
# 进入openssl-1.0.2m目录
cd /openssl-1.0.2m
# 编译安装,编译后在其他机器安装只需执行make install即可
./config shared && make && make install
# 更新ld
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v
# 配置openssl库
cp /usr/local/ssl/lib/libssl.so.1.0.0 /usr/lib64
cp /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/lib64
chmod 555 /usr/lib64/libssl.so.1.0.0
chmod 555 /usr/lib64/libcrypto.so.1.0.0
ln -s /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10
ln -s /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so
ln -s /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
# 查看openssl版本
openssl version -a
3.升级OpenSSH-7.6p1
# 下载http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gz
# 解压openssh-7.6p1.tar.gz
tar xvf openssh-7.6p1.tar.gz
# 进入openssh-7.6p1目录
cd openssh-7.6p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords--with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl--without-hardening
make && make install
到这里我的会出现几个说Key的权限过于open,所以我都改成600了
cd /etc/ssh/
chmod 600 ssh_host_ecdsa_key
chmod 600 ssh_host_rsa_key
chmod 600 ssh_host_ed25519_key
之后再把目录切回openssh-7.6p1内进行
make && make install
#替换key,并赋权限
cp ./contrib/redhat/sshd.init/etc/init.d/sshd
chmod u+x /etc/init.d/sshd
#复制配置
cp ssh_config /etc/ssh/ssh_config
y
cp -p sshd_config /etc/ssh/sshd_config
y
#修改配置
vi /etc/ssh/sshd_config
替换为以下内容
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wideconfiguration file. See
# sshd_config(5) for more information.
# This sshd was compiled withPATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in thedefault sshd_config shipped with
# OpenSSH is to specify options withtheir default value where
# possible, but leave themcommented. Uncommented options overridethe
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicitactivation of protocol 1
Protocol2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keysand .ssh/authorized_keys2
# but this is overridden soinstallations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also needhost keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust~/.ssh/known_hosts for
# RhostsRSAAuthentication andHostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear textpasswords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/keypasswords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAMauthentication, account processing,
# and session processing. If this isenabled, PAM authentication will
# be allowed through theChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication viaChallengeResponseAuthentication may bypass
# the setting of "PermitRootLoginwithout-password".
# If you just want the PAM account andsession checks to run without
# PAM authentication, then enable thisbut set PasswordAuthentication
# and ChallengeResponseAuthentication to'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Example of overriding settings on aper-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
Banner /etc/sshbanner
新建/etc/pam.d/sshd
内容:
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be thefirst session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only befollowed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
# 服务设置自启动
chkconfig --add sshd
chkconfig sshd on
chkconfig --list|grep sshd
#检查是否成功
ssh -V
#重启服务
service sshd restart
阅读全文1 0
- CentOS7.4升级OpenSSH7.6p1
- 升级OpenSSH7.2p1到OpenSSH7.6P1,升级openssl
- RHEL6.5上升级OpenSSH7.4p1
- centos7 升级openssh7.5 操作
- CentOS 6.5上升级openssh7.4
- CentOS 6.5上升级openssh7.5
- openssh-7.5p1升级
- Redhat Linux x64 升级SSH到OpenSSH_7.4p1
- CentOS7 php5.4 升级 php5.6
- linux升级openssh-6.7p1
- Centos6.4 升级 centos7.2
- Centos 6.5 x64升级SSH到OpenSSH_6.6p1完整步骤
- 升级openssh步骤(7.6p1)
- p1
- centos7 升级 php 5.4 -> php5.6
- CentOS7 安装 OpenSSL 1.0.1m 和 OpenSSH 6.8p1
- CentOS 5.5下升级OpenSSH-4.3p2到5.6p1
- CentOS 6.8 升级OpenSSH至最新版本7.5p1
- 【算法】李国杰院士:AI创业光靠算法走不远,警惕命运魔咒
- MFC 静态文本框使用/更改button背景色/不使能button/设置标题/不显示控件/窗口最大最小化
- df和du显示的磁盘空间使用情况不一致的原因及处理
- mybatis配置优化
- JS基础学习第四天:条件控制语句、循环语句、函数模块、事件等通用代码块
- CentOS7.4升级OpenSSH7.6p1
- Galois开始写的三个前端页面记录
- 【资料合集】2017云栖大会·广东分会回顾合集:PDF下载
- JavaScript深入系列15篇正式完结!
- easyui combobox组合框使用简介(一)
- 深入理解拉格朗日乘子法(Lagrange Multiplier) 和KKT条件
- ace tree和前台表格 的学习笔记
- 自顶向下,逐步求精
- C++/python解决无穷皇后问题