银河麒麟系统升级openssh至9.7p1

银河麒麟系统升级openssh至9.7p1

升级过程建议参照链接
https://blog.csdn.net/zt19820204/article/details/137877652

当前环境

开始安装

# 1.查看当前服务器的openssh版本ssh-V# 2.openssh下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

# 3.升级openssh，很容易导致远程连接失败，强烈建议参照如下链接，开启telnet的备用访问方式；
https://www.cnblogs.com/subsea/p/17628083.html

systemctl start telnet.socket

#查看telnet服务状态
systemctl status telnet.socket

systemctl enable telnet.socket

#要确保telnet服务开机能自启

firewall-cmd --list-all

firewall-cmd --permanent --add-port=23/tcp

firewall-cmd --reload

升级步骤

备份原有OpenSSH

#备份openssh配置cp-rf /etc/ssh /etc/ssh.bak
cp-rf /usr/bin/openssl /usr/bin/openssl.bak
cp-rf /etc/pam.d /etc/pam.d.bak
cp-rf /usr/lib/systemd/system /system.bak

#几个命令find / -name sshd.service

less /usr/lib/systemd/system/sshd.service

安装zlib

#1.进入zlib-1.3.1目录cd /usr/local/soft
tar-zxvf zlib-1.2.13.tar.gz
cd /usr/local/soft/zlib-1.2.13
#2.配置
./configure --prefix=/usr/local/zlib_1.2.13
#3.编译及安装（编译时间预计几分钟，视机器而定）make-j4&&maketest&&makeinstall

升级openssl

#注：如果已安装openssl，则先卸载再安装 kylin v10 sp2: 

yum -y remove openssl

tar-zxvf openssl-3.3.0.tar.gz

cd openssl-3.3.0

mkdir /usr/local/openssl_3.3.0

ls-l /usr/local/openssl_3.3.0

mkdir build

cd build

../config --prefix=/usr/local/openssl_3.3.0

make-j4&&makeinstall#清理旧版本文件rm-rf /usr/bin/openssl
rm-rf /usr/include/openssl
rm-rf /usr/lib64/libssl.so
rm-rf /usr/lib64/libcrypto.so
rm-rf /usr/lib/libssl.so
rm-rf /usr/lib/libcrypto.so

rm-rf /usr/lib/libssl.so.3
rm-rf /usr/lib64/libssl.so.3
rm-rf /usr/lib64/libcrypto.so.3
rm-rf /usr/lib/libcrypto.so.3

#建立库文件软链接sudoln-s /usr/local/openssl_3.3.0/bin/openssl /usr/bin/openssl
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib/libssl.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib64/libssl.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib/libcrypto.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib64/libcrypto.so
 
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib/libssl.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3

#查看openssl版本号
openssl version

升级openssh

#老版本卸载#1.卸载openssh7.4p1
yum remove -y openssh
#2.清理残余文件rm-rf /etc/ssh/*

tar-xzf openssh-9.7p1.tar.gz

#1.进入openssh-9.7p1目录cd openssh-9.7p1

#2.配置
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl_3.3.0 --with-zlib=/usr/local/zlib_1.2.13
#3.编译及安装make-j4&&makeinstall#4.查看目录版本
/usr/local/ssh/bin/ssh -V#5.复制新ssh文件cp-rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp-rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.pam /etc/pam.d/sshd

cp-rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
cp-rf /usr/local/ssh/bin/ssh /usr/bin/ssh
cp-rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#6.允许root登录echo'PermitRootLogin yes'>> /etc/ssh/sshd_config
echo'PasswordAuthentication yes'>> /etc/ssh/sshd_config

#重启sshd服务
/etc/init.d/sshd restart
#或者
systemctl daemon-reload
#查看服务运行状态
/etc/init.d/sshd status
#添加开机启动chkconfig--add sshd
#查看升级后ssh版本ssh-V

关闭telnet自启动服务

#禁止服务自启动
systemctl disable telnet.socket

systemctl stop telnet.socket

systemctl status telnet.service

#关闭防火墙23端口
firewall-cmd --permanent--zone=public --remove-port=23/tcp

firewall-cmd --reload