Linux 部署或升级openssh

Posted 2021-01-27 浊酒三杯

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了Linux 部署或升级openssh相关的知识，希望对你有一定的参考价值。

运维Linux系统，部署或升级openssh是经常面临的事,以下已redhat6和redhat7为例。

在redhat6中部署openssh会有什么坑,在编辑openssh源码包时会报一些类似的错误，如下：

checking OpenSSL header version... 10000003 (OpenSSL 1.0.0 29 Mar 2010)
checking OpenSSL library version... configure: error: OpenSSL >= 1.0.1 required (have "10000003 (OpenSSL 1.0.0-fips 29 Mar 2010)")

　 checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.

这是原因openssh在编辑时加上--without-hardening. 下面是写的一个shell安装openssh的过程. 在redhat7中没有这个问题.

openssh安装脚本

#!/bin/bash
# soft openssh install

ftp -n <<EOF
open 10.204.202.67
user itom 1qaz)P(O
binary
cd soft
lcd /tmp
prompt
get openssh-7.5p1.zip
close
bye
EOF


# rpm -e ssh
ps -ef |grep sshd | grep -v grep
if [ $? -eq 0 ];then
service sshd stop
fi

LIST=`rpm -qa |grep openssh`
for i in $LIST
do
rpm -e $i --nodeps
if [ $? -eq 0 ];then
echo "$i rpm delete ok"
else
echo "$i rpm delete warn"
fi
done
if [ -d /etc/ssh ];then
mv /etc/ssh /etc/ssh.bak
fi

DIRSOFT=‘/tmp‘
if [ -f $DIRSOFT/openssh-7.5p1.zip ];then
unzip openssh-7.5p1.zip
fi

# install zlib
sleep 3
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib && make && make install
if [ $? -eq 0 ];then
echo "soft zlib install ok!"
fi
sleep 1

# install openssl
cd $DIRSOFT
tar -xzvf openssl-1.0.2l.tar.gz > /dev/null
sleep 3
cd openssl-1.0.2l
./config --prefix=/usr/local/openssl && make && make install
if [ $? -eq 0 ];then
echo "soft openssl install ok!"
fi
sleep 1
echo "/usr/local/openssl/lib/" >> /etc/ld.so.conf
ldconfig

# install openssh
cd $DIRSOFT
tar -xzvf openssh-7.5p1.tar.gz > /dev/null
sleep 3
cd openssh-7.5p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl
--with-zlib=/usr/local/zlib --with-md5-passwords --without-hardening && make && make install
if [ $? -eq 0 ];then
echo "soft openssh install ok!"
fi
sleep 1

cp contrib/redhat/sshd.init /etc/init.d/sshd
sed -i ‘s/SSHD=/usr/sbin/sshd/SSHD=/usr/local/openssh/sbin/sshd/g‘ /etc/init.d/sshd
sed -i ‘s//usr/bin/ssh-keygen -A//usr/local/openssh/bin/ssh-keygen -A/g‘ /etc/init.d/sshd

chkconfig --add sshd
service sshd start
echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile

以上是关于Linux 部署或升级openssh的主要内容，如果未能解决你的问题，请参考以下文章

redhat linux6.5升级openssh到7.5p1

Linux 升级OpenSSH

升级openssh需要把旧的卸载吗

Jenkins自动发布-openssh7.1配置

linux openssh 升级

openssh升级到7.5 为啥无法登陆