麒麟系统升级openssh至openssh-10.0p1
<div><br></div><div>升级openssh需要三个包zlib-1.2.13.tar.gz、openssl-1.1.1t.tar.gz、openssh-10.0p2.tar.gz </div><div><span style="font-size: 0.938rem">并且顺序不能错:</span><span style="">zlib > </span><span style="">openssl > openssh</span></div><div><br></div><div><span style="font-size: 0.938rem"><b style="color: rgba(255, 0, 0, 1)">首先安装一套 telnet 用于备份!! <b style="">首先安装一套 telnet 用于备份!! <b style="">首先安装一套 telnet 用于备份!! </b></b></b></span></div><div data-mode="Shell" data-theme="default"><pre><code>sudo yum install -y telnet-serverecho "pts/0" | sudo tee -a /etc/securetty #允许 root 通过 telnet 登录
sudo systemctl enable telnet.socket
sudo systemctl start telnet.socket
sudo systemctl status telnet.socket
iptables -I INPUT -p tcp --dport 23 -j ACCEPT
service iptables save
#放行防火墙端口
sudo netstat -tnlp | grep 23 #检查端口是否监听
测试:
telnet ip 23</code></pre></div><div><span style="font-size: 0.938rem"><br></span></div><div><span style="font-size: 0.938rem">升级基础包:</span></div><div data-mode="Shell" data-theme="default"><pre><code> yum install -y gcc gcc-c++ zlib-devel libtool autoconf automake perl perl-IPC-Cmd perl-Data-Dumper perl-CPAN</code></pre></div><div><br></div><div><span style="">安装 zlib-1.2.13.tar.gz、openssl-1.1.1t.tar.gz、openssh-10.0p2.tar.gz </span></div><div><span style=""><div style=""><span>下载地址:</span></div><div style=""><span>zlib-1.2.13.tar.gz http://zlib.net/fossils/zlib-1.2.13.tar.gz </span></div><div style=""><span>openssl-1.1.1t.tar.gz https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz</span></div><div style=""><span>openssh-10.0p2</span><span>.tar.gz (解压出来是</span><span>openssh-10.0p1, 只是命名上存在混淆</span><span>)https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.0p2.tar.gz</span></div></span></div><div data-mode="Shell" data-theme="default"><pre><code>#安装 zlib
tar zxvf zlib-1.2.13.tar.gz
cd zlib-1.2.13
./configure --prefix=/usr/local/zlib
make && make install
#安装 openssl
cd ..
tar zxvf openssl-1.1.1t.tar.gz
cd openssl-1.1.1t
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
#卸载旧版openssh
yum -y remove openssh
#安装 openssh
cd ..
tar zxvf openssh-10.0p2.tar.gz
cd openssh-10.0p1 #只是命名上存在混淆
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl --without-openssl-header-check
make && make install
#配置
echo 'PermitRootLogin yes' >> /usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >> /usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >> /usr/local/openssh/etc/sshd_config
cd contrib/redhat/
cp sshd.init/etc/init.d/sshd
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd#出现: Text file busy,就用下面的
## cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd.new
## mv /usr/sbin/sshd.new /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
#启动
systemctl start sshd.service
chkconfig --add sshd
chkconfig sshd on
#验证
systemctl status sshd
## 查看当前运行服务路径
ps -ef | grep sshd
root 1234 10 10:00 ? sshd: /usr/sbin/sshd 0 of 10-100 startups
/usr/sbin/sshd -V #检查当前运行的版本是否正确
sshd -V #检查系统的</code></pre></div><div><div><img src="https://img2023.cnblogs.com/blog/160682/202506/160682-20250606174901302-1049682796.png"></div><div><br></div></div><br><br>
来源:https://www.cnblogs.com/LungGiyo/p/18914465
頁:
[1]