CentOS升級openssh和openssl

####掛載系統鏡像文件ISO#####

mount -o loop xxxx.iso /mnt/

cd /etc/yum.repos.d/

mkdir backup

mv Cen* backup/

cd backup

mv Cen*Me* /etc/yum.repos.d/

vim Cen*M*

將 enabled設置爲 1 ，在baseurl後面添加掛載路徑：file:///mnt/

 

###############################################
##########先升級ssl，後升級ssh#################
##############################################
yum install gcc  wget -y

在線升級oepnssl
cd /opt && wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz --no-check-certificate
tar  --no-same-owner -zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config --prefix=/usr/local/ssl -d shared
###yum -y install perl  缺少perl的話，需要安裝perl
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -sf /usr/local/ssl/bin/openssl /usr/bin/openssl
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version
 

###############################################
##########先升級ssl，後升級ssh#################
##############################################

在線升級ssh
yum -y install wget

# 1、升級準備
######cd /opt && wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
cd /opt && wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

# 2、安裝依賴軟件包
yum install gcc -y
#yum install pam-devel libselinux-devel zlib-devel openssl-devel -y    ###不用這個
yum install pam-devel libselinux-devel zlib-devel -y

# 3、備份ssh（非常重要，請嚴格執行）
mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak

# 4、編譯安裝
cd /opt && tar -zxvf openssh-8.8p1.tar.gz
chown root.root /opt/openssh-8.8p1
cd /opt/openssh-8.8p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam \
--with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make && make install

# 5、授權
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key

# 6、複製配置文件並設置允許root用戶遠程登錄
cd /opt/openssh-8.8p1
cp -a contrib/redhat/sshd.init  /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod u+x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak

# 7、修改ssh配置
#vim /etc/ssh/sshd_config 
#PermitRootLogin yes
#PasswordAuthentication yes
#UseDNS no
#UsePAM yes

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config 
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config 
echo "UseDNS no" >> /etc/ssh/sshd_config 
echo "UsePAM yes" >> /etc/ssh/sshd_config 

# 8、設置開機自啓
chkconfig --add sshd
chkconfig sshd on

# 9、重啓ssh服務
systemctl daemon-reload
systemctl restart sshd

# 10、驗證
[root@lvs-keepalived-02 ~]# ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips  26 Jan 2017