Centos6升级OpenSSH版本为最新版本

in 互联网技术 with 0 comment  访问: 514 次

1. 关闭selinux

if [[ ! -z `getenforce` ]];then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux && setenforce 0 ;fi

2. 备份旧版ssh配置

cp -rf /etc/ssh /etc/ssh.bak

3. 安装配置新版本openssh

3.1: 安装编译依赖

yum install -y gcc openssl-devel pam-devel rpm-build

3.2: 编译安装openssh8.1

mkdir -pv /data/pkgs/  把安装包也拷贝到这个路径下
if [[ ! -f /data/pkgs/openssh-8.1p1.tar.gz ]];then echo "Not 8.1 install packages";fi

tar zxf /data/pkgs/openssh-8.1p1.tar.gz -C /usr/local/src/
cd /usr/local/src/openssh-8.1p1/
./configure --prefix=/usr  --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make -j 4
make install

包下载地址: wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz

3.3: 用户登录设置

sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
grep RootLogin /etc/ssh/sshd_config

4. 重启ssh

[root@nock-test openssh-8.1p1]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials
                                                           [  OK  ]

报错解决方 , 只需把提示错误的行加#号注释掉即可

[root@nock-test openssh-8.1p1]# vim /etc/ssh/sshd_config
[root@nock-test openssh-8.1p1]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

5. 查看SSH服务版本

[root@nock-test openssh-8.1p1]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

在升级SSH时你的SSH是不会因为升级或重启服务而断掉的

注意 :

OpenSSH升级后,一定要修改/etc/ssh/sshd_config的 PermitRootLogin no 改为 PermitRootLogin yes ,然后再重启OpenSSH服务

否则,再另开一个终端窗口,使用root用户ssh登录该机器就会失败了,因为此时ssh已经禁止root用户登录了

6. 另开终端登录测试

nock:work nock$ ssh nock@42.159.88.51
Password: 
Last login: Wed Dec  4 10:48:37 2019 from 219.148.158.41
[nock@nock-test ~]$ sudo su
[sudo] password for nock: 
[root@nock-test nock]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

到这里OpenSSH版本升级成功, 参考:https://www.cnblogs.com/bigdevilking/p/9532664.html

一键安装脚本参考:

#!/bin/bash
#关闭iptables防火墙和selinux
/etc/init.d/iptables stop
/bin/sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
/usr/sbin/setenforce 0
#备份ssh原来配置
cp -rf /etc/ssh /etc/ssh.bak
#安装配置telnet,暂时允许root用户远程telnet,以防ssh升级后远程登录不了
echo "Y"|/usr/bin/yum install telnet-server
/bin/sed -i 's/= yes/= no/g' /etc/xinetd.d/telnet
/etc/init.d/xinetd start
/etc/init.d/xinetd restart
mv /etc/securetty /etc/securetty.bak
#安装配置新版本openssh
echo "Y"|/usr/bin/yum install -y gcc openssl-devel pam-devel rpm-build
cd /usr/local/src
/usr/bin/wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
/bin/tar -xf openssh-8.1p1.tar.gz
cd /usr/local/src/openssh-8.1p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make -j 4 && make install
/bin/sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
/bin/sed -i 's_#PermitRootLogin yes_PermitRootLogin yes_g' /etc/ssh/sshd_config
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd start
service sshd restart
/usr/bin/ssh -V

# 关闭telnet远程登录
NUM=$(/usr/sbin/lsof -i:23|wc -l)
if [ $NUM -ne 0 ];then
  mv /etc/securetty.bak /etc/securetty
fi
WeZan
Responses