银河麒麟系统升级openssh至9.7p1

升级过程建议参照链接
https://blog.csdn.net/zt19820204/article/details/137877652

当前环境

在这里插入图片描述

开始安装

# 1.查看当前服务器的openssh版本ssh-V# 2.openssh下载地址
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
# 3.升级openssh，很容易导致远程连接失败，强烈建议参照如下链接，开启telnet的备用访问方式；
https://www.cnblogs.com/subsea/p/17628083.html
systemctl start telnet.socket
#查看telnet服务状态
systemctl status telnet.socket
systemctl enable telnet.socket
#要确保telnet服务开机能自启
firewall-cmd --list-all
firewall-cmd --permanent --add-port=23/tcp
firewall-cmd --reload

升级步骤

备份原有OpenSSH

#备份openssh配置cp-rf /etc/ssh /etc/ssh.bak
cp-rf /usr/bin/openssl /usr/bin/openssl.bak
cp-rf /etc/pam.d /etc/pam.d.bak
cp-rf /usr/lib/systemd/system /system.bak
#几个命令find / -name sshd.service
less /usr/lib/systemd/system/sshd.service

安装zlib

#1.进入zlib-1.3.1目录cd /usr/local/soft
tar-zxvf zlib-1.2.13.tar.gz
cd /usr/local/soft/zlib-1.2.13
#2.配置
./configure --prefix=/usr/local/zlib_1.2.13
#3.编译及安装（编译时间预计几分钟，视机器而定）make-j4&&maketest&&makeinstall

升级openssl

#注：如果已安装openssl，则先卸载再安装 kylin v10 sp2: 
yum -y remove openssl
tar-zxvf openssl-3.3.0.tar.gz
cd openssl-3.3.0
mkdir /usr/local/openssl_3.3.0
ls-l /usr/local/openssl_3.3.0
mkdir build
cd build
../config --prefix=/usr/local/openssl_3.3.0
make-j4&&makeinstall#清理旧版本文件rm-rf /usr/bin/openssl
rm-rf /usr/include/openssl
rm-rf /usr/lib64/libssl.so
rm-rf /usr/lib64/libcrypto.so
rm-rf /usr/lib/libssl.so
rm-rf /usr/lib/libcrypto.so
rm-rf /usr/lib/libssl.so.3
rm-rf /usr/lib64/libssl.so.3
rm-rf /usr/lib64/libcrypto.so.3
rm-rf /usr/lib/libcrypto.so.3
#建立库文件软链接sudoln-s /usr/local/openssl_3.3.0/bin/openssl /usr/bin/openssl
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib/libssl.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so /usr/lib64/libssl.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib/libcrypto.so
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so /usr/lib64/libcrypto.so
 
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib/libssl.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudoln-s /usr/local/openssl_3.3.0/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3
#查看openssl版本号
openssl version

升级openssh

#老版本卸载#1.卸载openssh7.4p1
yum remove -y openssh
#2.清理残余文件rm-rf /etc/ssh/*
tar-xzf openssh-9.7p1.tar.gz
#1.进入openssh-9.7p1目录cd openssh-9.7p1
#2.配置
./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl_3.3.0 --with-zlib=/usr/local/zlib_1.2.13
#3.编译及安装make-j4&&makeinstall#4.查看目录版本
/usr/local/ssh/bin/ssh -V#5.复制新ssh文件cp-rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp-rf /usr/local/soft/openssh-9.7p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp-rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd
cp-rf /usr/local/ssh/bin/ssh /usr/bin/ssh
cp-rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
#6.允许root登录echo'PermitRootLogin yes'>> /etc/ssh/sshd_config
echo'PasswordAuthentication yes'>> /etc/ssh/sshd_config
#重启sshd服务
/etc/init.d/sshd restart
#或者
systemctl daemon-reload
#查看服务运行状态
/etc/init.d/sshd status
#添加开机启动chkconfig--add sshd
#查看升级后ssh版本ssh-V

关闭telnet自启动服务

#禁止服务自启动
systemctl disable telnet.socket
systemctl stop telnet.socket
systemctl status telnet.service
#关闭防火墙23端口
firewall-cmd --permanent--zone=public --remove-port=23/tcp
firewall-cmd --reload

标签： ssh linux

本文转载自: https://blog.csdn.net/Tomcow2021/article/details/139601057
版权归原作者 Tomcow2021 所有，如有侵权，请联系我们删除。

银河麒麟系统升级openssh至9.7p1

银河麒麟系统升级openssh至9.7p1

当前环境

开始安装

升级步骤

备份原有OpenSSH

安装zlib

升级openssl

升级openssh

关闭telnet自启动服务

发表评论

“银河麒麟系统升级openssh至9.7p1”的评论:

关于作者

overfit同步小助手

相关阅读

文章导航