centos7 更新openssh脚本

Posted 2022-04-15 1066897515

脚本内容，建议升级过程中，多开几个窗口，避免升级过程中有失败情况加上手抖退出会话，出现再次远程连接失败的情况。

#!/bin/bash
#下载
localpath=`pwd`

#安装依赖
yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel

zlib_version="zlib-1.2.12"
openssl_version="openssl-1.1.1n"
openssh_version="openssh-8.9p1"

install_zlib()
  if [ ! -f $zlib_version.tar.gz ];then
    wget https://www.zlib.net/$zlib_version.tar.gz
  fi
  rm -rf /usr/local/zlib
  #编译安装zlib
  #解压软件
  tar -zvxf $zlib_version.tar.gz
  #编译安装
  cd $zlib_version
  ./configure --prefix=/usr/local/zlib
  make && make install

  cd $localpath


install_openssl()
  if [ ! -f $openssl_version.tar.gz ];then
    wget --no-check-certificate https://ftp.openssl.org/source/$openssl_version.tar.gz
  fi
  rm -rf /usr/local/ssl
  #编译安装openssl
  #解压软件
  tar -zvxf $openssl_version.tar.gz
  #编译安装
  cd $openssl_version
  ./config --prefix=/usr/local/ssl -d shared
  make && make install

  #修改配置
  echo /usr/local/ssl/lib >> /etc/ld.so.conf
  #查看配置
  #ldconfig -v

  cd $localpath


install_openssh()
  read -p "安装openssh前，需已经编译安装ssl和zlib，否则会失败，回车继续，ctrl+c结束...."
  if [ ! -f $openssh_version.tar.gz ];then
    wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_version.tar.gz  
  fi
  rm -rf /usr/local/openssh
  #编译安装openssh
  #解压软件
  tar -zvxf $openssh_version.tar.gz

  #编译安装
  cd $openssh_version
  ./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/ssl --with-selinux --with-zlib=/usr/local/zlib --with-pam

  make && make install

  read -p "按回车继续修改配置...."

  #修改配置
  echo PermitRootLogin yes >>/usr/local/openssh/etc/sshd_config
  echo X11Forwarding yes >>/usr/local/openssh/etc/sshd_config
  echo UsePAM yes >>/usr/local/openssh/etc/sshd_config
  echo PasswordAuthentication yes >>/usr/local/openssh/etc/sshd_config

  #备份/etc/ssh目录下的所有文件
  cp -r /etc/ssh /etc/ssh-bak
  #备份文件：
  mv /usr/sbin/sshd /usr/sbin/sshd.bak
  mv /usr/bin/ssh /usr/bin/ssh.bak
  mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
  mv /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service.bak



  #将/usr/local/openssh/etc/下的文件拷贝到/etc/ssh目录下
  cp -r /usr/local/openssh/etc/ /etc/ssh
  #拷贝文件
  cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
  cp /usr/local/openssh/bin/ssh /usr/bin/ssh
  cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
  #到openssh-8.9p1目录下拷贝
  cp -a contrib/redhat/sshd.init /etc/init.d/sshd
  cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

  #read -p "按回车继续启动openssh...."

  #启动openssh
  #添加启动列表
  chkconfig --add sshd
  #开启开机启动
  systemctl enable sshd
  #设置sshd服务开机启动
  chkconfig sshd on

  #重启服务
  /etc/init.d/sshd restart

  #检查服务版本
  ssh -V
  #查看端口信息
  netstat -lntp

if [ $1 == "all" ];then
  install_zlib
  install_openssl
  install_openssh
elif [ $1 == "zlib" ];then
  install_zlib
elif [ $1 == "openssl" ];then
  install_openssl
elif [ $1 == "openssh" ];then
  install_openssh
else
  echo "输入参数有误，请选择参数传入 all,zlib,openssl,openssh"
fi