关于openssh介绍:
OpenSSH 是使用 SSH 协议进行远程登录的首要连接工具。它对所有流量进行加密,以消除窃听、连接劫持和其他攻击。此外,OpenSSH 提供了大量的安全隧道功能、多种身份验证方法和复杂的配置选项
升级详细过程:
升级所需的安装包都应提前放到服务器,以免后面无法连接
#####准备工作#####
一、配置更新 yum源
1.备份当前所有yum源文件
cd /etc/yum.repos.d
mkdir reposbak
mv *.repos reposbak
2.编辑新的yum源文件
#详细内容如下:
vi rhel6.7.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/6/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirrors.163.com/centos/6/updates/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirrors.163.com/centos/6/extras/x86_64/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirrors.163.com/centos/6/centosplus/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirrors.163.com/centos/6/contrib/x86_64/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.163.com/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
3.清除yum缓存,使当前配置生效
yum clean all
4.新建yum缓存 (如果无法执行确定服务器是否能联网,需要配置网关)
yum makecache
5.更新yum库
yum -y update
6.查看是否配置成功
yum list
7、yum 源配置好以后,开始安装编译所需工具包
yum -y install gcc pam-devel zlib-devel
yum install -y openssl-devel
二、为了避免更新过程中ssh 远程无法连接,需要启用telnet登陆重新配置,开启telnet远程登录
1.查看是否安装了telnet
rpm -qa telnet-server
2.若未安装先xinetd
#开始安装
rpm -ivh xinetd-2.3.14-34.el6.x86_64.rpm
3.安装telnet-server
#查看telnet 版本
yum provides telnet
rpm -ivh telnet-server-0.17-47.el6.x86_64.rpm
或 yum install telnet-server
4.重新启动xinetd守护进程
service xinetd restart
5.测试
netstat -tnl | grep 23
6.上一步测试没有返回信息,则需要配置xinetd
vi /etc/xinetd.d/telnet
改disable为no
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
7.重新启动xinetd守护进程
service xinetd restart
9.root是无法远程telnet登录的,所以要使用其他用户先登录然后使用
useradd jstuser 创建用户testuser
passwd jstuser 给已创建的用户testuser设置密码
su - root
输入密码登录
三、正式开始升级
1.安装zlib-1.2.11.tar.gz依赖
wget -c http://zlib.net/zlib-1.2.11.tar.gz 在线下载的,不行就直接用下好安装包放进去
tar zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib && make && make install
2.安装ssl
wget https://openssl.org/source/openssl-1.0.2t.tar.gz
tar -zxvf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config --prefix=/usr/local/openssl --openssldir=/etc/ssl --shared zlib
安装 测试 编译
make
make test
make install
检查安装是否成功
openssl version -a
3.安装ssh包
wget -c http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
tar -zxvf openssh-8.1p1.tar.gz
cd openssh-8.1p
./configure --prefix=/usr/local/openssh --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl/bin --with-zlib=/usr/local/zlib --with-md5-passwords && make && make install
复制启动脚本到/etc/init.d
cp -p /etc/init.d/sshd /etc/init.d/sshd.lod_$(date +%Y-%m-%d_%H-%M)
删除旧的
rm /etc/init.d/sshd
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
赋予执行权限
chmod u+x /etc/init.d/sshd
加入开机启动
chkconfig --add sshd
chkconfig sshd on
解决root用户不能登陆的问题:
修改配置文件/etc/ssh/sshd_config,添加下面的设置
PermitRootLogin yes
X11Forwarding yes -- 核实配置文件有没有
PubkeyAuthentication yes
/etc/init.d/sshd restart
ssh -V 查看是否更新成功
四、卸载telnet服务,因为telnet是不安全的
查找已经安装的telnet
rpm -qa | grep telnet
根据查出的,指定卸载
rpm -e telnet-0.17-48.el6.x86_64
rpm -e telnet-server-0.17-48.el6.x86_64
