1.OpenSSL版本升级

https://computingforgeeks.com/how-to-install-openssl-1-1-on-centos-rhel-7/

1.1 安装依赖

$ sudo yum -y groupinstall "Development Tools"

1.2 下载openssl且编译

$ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
$ tar xvf openssl-1.1.1w.tar.gz
$ cd openssl-1.1.1w
$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1w (0x1010117fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************

1.3 构建和安装OpenSSL

$ make -j $(nproc)
$ sudo make install

1.4 版本替换

# mv /usr/bin/openssl /usr/bin/openssl.bak
# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
# ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so
# ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so.1.1
# ln -s /usr/local/openssl/lib/libssl.so.1.1 /lib64/libssl.so.1.1
# ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /lib64/libcrypto.so.1.1
# openssl version
OpenSSL 1.1.1w  11 Sep 2023

报错信息openssl: error while loading shared libraries: libssl.so.1.1

解决方案:执行后面三条ln命令

2.OpenSSH版本升级

2.1 安装编译依赖软件包

yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel

2.2 下载Openssh且编译

$ wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
$ tar xzvf openssh-9.6p1.tar.gz
$ ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --without-hardening
......
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
$ make

2.3 备份配置文件

cp /etc/ssh/sshd_config sshd_config.backup
cp /etc/pam.d/sshd sshd.backup

2.4 删除低版本

$ rpm -e --nodeps `rpm -qa | grep openssh`
$ rpm -qa | grep openssh

2.5 安装OpenSSH文件

安装前先修改 /etc/ssh 下私钥的权限
$ chmod 600 /etc/ssh/ssh_host_rsa_key
$ chmod 600 /etc/ssh/ssh_host_ecdsa_key
$ chmod 600 /etc/ssh/ssh_host_ed25519_key
$ make install
(cd openbsd-compat && make)
make[1]: 进入目录“/tmp/openssh-9.5p1/openbsd-compat”
make[1]: 对“all”无需做任何事。
make[1]: 离开目录“/tmp/openssh-9.5p1/openbsd-compat”
/usr/bin/mkdir -p /usr/bin
/usr/bin/mkdir -p /usr/sbin
/usr/bin/mkdir -p /usr/share/man/man1
/usr/bin/mkdir -p /usr/share/man/man5
/usr/bin/mkdir -p /usr/share/man/man8
/usr/bin/mkdir -p /usr/libexec
/usr/bin/mkdir -p -m 0755 /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/libexec/ssh-sk-helper
/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/share/man/man8/ssh-sk-helper.8
/usr/bin/mkdir -p /etc/ssh
/usr/sbin/sshd -t -f /etc/ssh/sshd_config

2.6 复制配置文件

$ cp -a contrib/redhat/sshd.init /etc/init.d/sshd
$ chmod u+x /etc/init.d/sshd

2.7 还原配置文件

$ mv ../sshd.backup /etc/pam.d/sshd
$ mv ../sshd_config.backup /etc/ssh/sshd_config
注意sshd_config文件中PermitRootLogin yes参数前的#注释要取消,否则重启后root账号被禁用,无法登陆

2.8 添加自启动服务

$ chkconfig --add sshd
$ chkconfig sshd on
$ chkconfig --level 6 sshd on
$ chkconfig --list sshd

2.9 启动服务

$ systemctl start sshd

标签: Linux

添加新评论

您是第 68108 位访客