国产麒麟操作系统离线一键升级openssh版本
<p> 根据等保测评结果,一般服务器都需要升级openssh版本和openssl版本,由于2个不同软件之间版本相互有关联,分开下载不知道下载哪个版本才合适,经过本人亲测,在一台服务器跑通后,直接同时4台服务器操作,3分钟内把另外4台服务器的所有关于openssh漏洞的问题都解决了。下面是相应的执行脚本,可以通告创建sh脚本,把下面内容复制存为sh脚本,实现一键升级。</p><div class="cnblogs_Highlighter">
<p> #!/bin/bash<br> #install zlib start !!!!<br> homeway=$(pwd)<br> cd $homeway<br> tar -xf zlib-1.3.1.tar.gz<br> cd zlib-1.3.1<br> ./configure --prefix=/usr/local/zlib.1.3.1<br> make && make test && make install<br> ll /usr/local/zlib.1.3.1/<br> ldconfig -V<br> sleep 2<br><br> #install openssl start !!!<br> cd $homeway<br> tar zxf openssl-3.2.0.tar.gz<br> cd openssl-3.2.0<br> ./config --prefix=/usr/local/openssl-3.2.0 --openssldir=/usr/shared<br> make clean && make -j 4 && make install<br> #更新函数库<br> echo "/usr/local/openssl-3.2.0/lib" >> /etc/ld.so.conf<br> ldconfig<br> sleep 3<br> bak_data=$(date +"%Y%m%d")<br> mv /usr/bin/openssl /usr/bin/openssl_${bak_data}.bak<br> ln -s /usr/local/openssl-3.2.0/bin/openssl /usr/bin/openssl<br> ln -s /usr/local/openssl-3.2.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3<br> ln -s /usr/local/openssl-3.2.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3<br> openssl version -a <br> sleep 3<br> <br> #install opensssh start !!<br> mkdir ~/ssh_openssh_${bak_data}_bak<br> cp /etc/ssh/sshd_config ~/ssh_openssh_${bak_data}_bak<br> cp /etc/pam.d/sshd ~/ssh_openssh_${bak_data}_bak<br> rpm -e --nodeps `rpm -qa | grep openssh`<br> # 安装OpenSSH<br> cd $homeway<br> tar -xf openssh-9.7p1.tar.gz<br> cd openssh-9.7p1<br> ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl-3.2.0 --with-zlib=/usr/local/zlib.1.3.1<br> chmod 0600 /etc/ssh/ssh_host_rsa_key<br> chmod 0600 /etc/ssh/ssh_host_ecdsa_key<br> chmod 0600 /etc/ssh/ssh_host_ed25519_key<br> make -j 4 && make install<br> /usr/local/ssh/bin/ssh -V<br> # 复制新ssh文件<br> cp -rf contrib/redhat/sshd.init /etc/init.d/sshd<br> cp -rf contrib/redhat/sshd.pam /etc/pam.d/sshd.pam<br> cp -rf sshd_config /etc/ssh/sshd_config<br> cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd<br> cp -rf /usr/local/ssh/bin/* /usr/bin/<br> <br> # 开启sshd<br> cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd<br> cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh<br> cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen<br> cp {$bak_data}/openssh-9.6p1/contrib/ssh-copy-id /bin/<br> chmod 0755 /bin/ssh-copy-id<br> chmod u+x /etc/init.d/sshd <br> chkconfig --add sshd<br> chkconfig --list | grep sshd<br> systemctl daemon-reload<br> chkconfig sshd on<br> # 允许root登录<br> echo "PermitRootLogin yes" >> /etc/ssh/sshd_config<br> sed -i "/Subsystem/s/^/# /" "/etc/ssh/sshd_config"<br> echo "Subsystem sftp /usr/local/ssh/libexec/sftp-server" >> /etc/ssh/sshd_config<br> # 添加加密算法<br> echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config<br> echo "HostKeyAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config<br> # 重启sshd服务<br> /etc/init.d/sshd restart<br> /etc/init.d/sshd status<br> # 查看升级后ssh版本<br> ssh -V</p>
</div>
<p> 涉及的相关文件</p>
<p><img src="https://img2024.cnblogs.com/blog/373808/202410/373808-20241015101153434-561098070.png"></p>
<p> 由于文件下载地址:https://download.csdn.net/download/qq_41982913/89888397</p>
<p> </p><br><br>
来源:https://www.cnblogs.com/shuideqing/p/18466890
頁:
[1]