1 ssh版本检查
本文档针对于ssh版本低于7.0的系统,升级为openssh7.5 p1。
ssh –V
[root@kuajing-db3 ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
2 OPENssh7.5安装步骤
卸载原有openssh
yum remove openssh -y
准备编译环境:
yum install gcc openssl-devel zlib-devel
上传openssh安装包到/mnt并解压进行编译:
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install
拷贝ssh服务文件
cp /usr/local/bin/ssh /usr/bin/ssh
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
cp /mnt/openssh-.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
修改配置文件
修改/etc/ssh/sshd_config
将#PermitRootLogin修改为PermitRootLogin yes
修改/usr/libexec/sftp-server为/usr/local/libexec/sftp-server
修改 /etc/init.d/sshd
将SSHD=/usr/sbin/sshd 改为 SSHD=/usr/local/sbin/sshd
将/usr/sbin/ssh-keygen -A 改为 /usr/local/bin/ssh-keygen -A
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
加入系统服务
chkconfig --add sshd
chkconfig sshd on
检查服务
chkconfig --list |grep sshd
sshd :off :off :on :on :on :on :off
启动服务
service sshd start
检查ssh版本
[root@oracle ~]# ssh -V
OpenSSH_7.5p1, OpenSSL 1.0.1e-fips Feb
3 OPENssh升级脚本
根据以上升级过程编写了脚本自动执行操作,脚本内容如下
#!/bin/bash
sshInst()
{
yum remove openssh -y
yum install gcc openssl-devel zlib-devel -y
cd /mnt
tar zxvf openssh-.5p1.tar.gz -C /mnt/
cd ./openssh-.5p1
./configure
make && make install } CHG_SSHD()
{
chmod +x /etc/init.d/sshd
OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"'
OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd`
if [ -z "${OPT_EXIST}" ];then
sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshd
else
echo ${OPT_EXIST}
fi
PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd`
if [ -n "${PATH_EXIST}" ];then
echo "${PATH_EXIST}"
else
sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd
fi
echo "/etc/init.d/sshd file changes completed."
}
CHG_CONF()
{
##Chenge /etc/ssh/sshd_config
cp sshd_config /etc/ssh/sshd_config
sed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config
PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config`
if [ -z "${PATH_EXIST}" ];then
sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config
else
echo "${PATH_EXIST}"
fi
echo "/etc/ssh/sshd_config file changes completed."
} OPATH=/usr/
NPATH=/usr/local/
echo -n "The SSH current version is:"
ssh -V
while true;do
echo -n "Continue to update?(yes/no)"
read INPUT
case $INPUT in
Y|y|YES|yes)
sshInst
echo -n "Press any key to continue....."
read AnyKey cp /usr/local/bin/ssh /usr/bin/ssh
echo "Copying ssh....Done."
cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "Copying ssh_host_ecdsa_key.pub....Done."
cp /mnt/openssh-.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
echo "Copying sshd....Done."
CHG_SSHD
CHG_CONF
break;;
N|n|NO|no)
echo exited
exit ;;
"")
break;;
esac
done ssh -V chkconfig --add sshd #解决root用户无法登陆
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
chkconfig sshd on
service sshd start
echo "Operation is completed." #centos7重启ssh操作
#systemctl daemon-reload
#systemctl restart sshd
注意:代码copy可能出现编译错误,需要先进行如下处理
sed -i 's/\r$//' XXX.sh
会把 XXX.sh 中的\r 替换成空白!
再次编译!成功!!
如果没有安装zlib,需要先安装zlib,再行脚本:
yum install zlib