centos7.3离线安装telnet用于升级openssh

Posted 2023-03-20

参考技术A

一、检查系统有没有安装过telnet包
rpm -qa|grep telnet
rpm -qa | grep telnet-server
rpm -qa | grep xinetd
————————————————
二、卸载已安装的rpm包（包名参考上一条命令查询的结果）
rpm -e telnet- - . * .x86_64
rpm -e telnet-server- - . * .x86_64
rpm -e xinetd- - . * .x86_64
————————————————
三、通过rz命令上传telnet rpm安装包
————————————————
四、安装rpm包，此处省略上传文件步骤，我用的winscp上传的，各位自便
安装顺序：xinetd--》telnet--》telnet-server
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
rpm -ivh telnet-0.17-65.el7_8.x86_64.rpm
rpm -ivh telnet-server-0.17-65.el7_8.x86_64.rpm
————————————————
五、查看已安装telnet包版本
[root@kps4 src]# rpm -qa|grep telnet
结果如下：
telnet-server-0.17-65.el7_8.x86_64
telnet-0.17-65.el7_8.x86_64
————————————————
六、配置telnet登录的终端类型，在/etc/securetty文件末尾增加一些pts终端，如下
pts/0
pts/1
pts/2
pts/3
编辑
vim /etc/securetty
tail -5 /etc/securetty
查看配置类型，如下
xvc0
pts/0
pts/1
pts/2
pts/3
————————————————
七、启动telnet服务，并设置开机自动启动
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
netstat -lntp|grep 23
启动结果如下：
tcp6 0 0 :::23 :::* LISTEN 1/systemd
————————————————
八、防火墙开放23号端口
firewall-cmd --zone=public --add-port=23/tcp --permanent
重新加载防火墙
firewall-cmd --reload
————————————————
九、检测ssh 可以正常登陆,使用ssh登陆,然后停止telnet服务并移除
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd
systemctl disable telnet.socket

————————————————

centos7离线升级openssh,漏洞修复

参考技术A yum -y install xinetd telnet-server

配置/etc/xinetd.d/telnet

cat > /etc/xinetd.d/telnet <<eof p=""> </eof>

service telnet



disable = yes

flags = REUSE

socket_type = stream

wait = no

user = root

server = /usr/sbin/in.telnetd

log_on_failure += USERID



EOF

配置telnet登录的终端类型

cat >> /etc/securetty <<eof p=""> </eof>

pts/0

pts/1

pts/2

pts/3

EOF

启动telnet

systemctl enable xinetd --now

systemctl enable telnet.socket --now

wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz --no-check-certificate

wget http://www.zlib.net/zlib-1.2.12.tar.gz

tar -zxvf zlib-1.2.12.tar.gz

cd zlib-1.2.12

./configure --prefix=/usr/local/zlib

make && make install

tar -zxvf openssl-1.1.1j.tar.gz

cd openssl-1.1.1j

./config --prefix=/usr/local/ssl -d shared

make && make install

echo '/usr/local/ssl/lib' >> /etc/ld.so.conf

ldconfig -v

openssl version -a

tar -zxvf openssh-8.8p1.tar.gz

cd openssh-8.8p1

./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl

make && make install

配置文件备份和修改

#sshd_config文件修改

echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config

echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config

echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

# 备份原有文件，并将新的配置复制到指定目录

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config

mv /usr/sbin/sshd /usr/sbin/sshd.bak

cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

mv /usr/bin/ssh /usr/bin/ssh.bak

cp /usr/local/openssh/bin/ssh /usr/bin/ssh

mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak

cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak

cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

# 修改systemd参数（去掉Type或改为Type=simple）

vim /usr/lib/systemd/system/sshd.service

[Unit]

Description=OpenSSH server daemon

Documentation=man:sshd(8) man:sshd_config(5)

After=network.target sshd-keygen.service

Wants=sshd-keygen.service

[Service]

#Type=notify

Type=simple

EnvironmentFile=/etc/sysconfig/sshd

ExecStart=/usr/sbin/sshd -D $OPTIONS

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

Restart=on-failure

RestartSec=42s

[Install]

WantedBy=multi-user.target

重启sshd服务

systemctl daemon-reload

systemctl restart sshd

systemctl status sshd

# 验证是否升级成功

ssh -V