redhat4.8/6.7以及suse10sp2升级至openssh-7.7p1

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了redhat4.8/6.7以及suse10sp2升级至openssh-7.7p1相关的知识,希望对你有一定的参考价值。


一、准备工作

[[email protected] ~]# mount /dev/cdrom /media/

mount: block device /dev/sr0 is write-protected, mounting read-only

[[email protected] ~]# cp /etc/yum.repos.d/rhel-source.repo /etc/yum.repos.d/yum.repo

[[email protected] ~]# vi /etc/yum.repos.d/yum.repo 

[a]

name=a

baseurl=file:///media

enabled=1

gpgcheck=0

[[email protected] ~]# yum install gcc pam-devel telnet telnet-server  xinetd

[[email protected] ~]# mkdir /soft

[[email protected] ~]# cd /soft/

[[email protected] soft]# ls

openssl-1.0.2o.tar.gz    zlib-1.2.11.tar.gz  openssh-7.7p1.tar.gz  

[[email protected] soft]# vi /etc/xinetd.d/telnet 

修改disible = no

[[email protected] soft]# mv /etc/securetty /etc/securetty.old

[[email protected] soft]# service xinetd restart

停止 xinetd:                                              [失败]

正在启动 xinetd:                                          [确定]

[[email protected] soft]# telnet IP 23

以下是关闭防火墙的步奏,suse和redhat、centos略有不同:

1、centos、redhat关闭防火墙步奏:

[[email protected] soft]# iptables -F

[[email protected] soft]# iptables -X

[[email protected] soft]# service iptables stop

iptables:将链设置为政策 ACCEPT:filter                    [确定]

iptables:清除防火墙规则:                                 [确定]

iptables:正在卸载模块:                                   [确定]

[[email protected] soft]# chkconfig iptables off

2、suse关闭防火墙步奏:

 因为系统重启防火墙会自动开启,导致ssh远程无法登陆,所以需要永久性关闭系统自带的防火墙,命令如下: 

   # chkconfig --list | grep fire

     SuSEfirewall2_init  0:off 1:off 2:off 3:off 4:off 5:off 6:off B:on

     SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off

  

   可以看到B是on的状态,下面的命令来进行关闭B.

(首先停止服务)

#service SuSEfirewall2_init stop

#service SuSEfirewall2_setup  stop

(禁止开机启动)

# chkconfig --level B SuSEfirewall2_init off

# chkconfig  SuSEfirewall2_init off

以上两条命令都可以关闭开机启动,效果相同。

# chkconfig --level B SuSEfirewall2_setup off

# chkconfig  SSuSEfirewall2_setup off

这样就可以永久性关闭防火墙了.

备注:一般情况下,两个服务都开机启动,这时,应该先关闭SuSEfirewall2_setup,然后再关闭SuSEfirewall2_init。没有什么别的原因,只是因为你不先关闭setup,你是关闭不了init服务的,拒绝关闭。

二、安装zlib、openssl、openssh

[[email protected] soft]# tar -xf zlib-1.2.11.tar.gz 

[[email protected] soft]# cd zlib-1.2.11

[[email protected] zlib-1.2.11]# ./configure --prefix=/usr/local/zlib

[[email protected] zlib-1.2.11]# make

[[email protected] zlib-1.2.11]# 【rpm -e --nodeps zlib】最好不要卸载,不然会出现很多问题,以下ssl和ssh也一样。省略此步骤

[[email protected] zlib-1.2.11]# make install

[[email protected] zlib-1.2.11]# rpm -qa | grep openssl

rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory  //如果卸载了zlib,就会出现这样的信息,使用下面的两条命令

[[email protected] zlib-1.2.11]# 【echo '/usr/local/zlib/lib' >>/etc/ld.so.conf】

[[email protected] zlib-1.2.11]# 【ldconfig 】


[[email protected] zlib-1.2.11]# mv /usr/lib64/openssl/  /usr/lib64/openssl.old

[[email protected] zlib-1.2.11]# mv  /usr/bin/openssl  /usr/bin/openssl.old

[[email protected] zlib-1.2.11]# mv  /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old

[[email protected] zlib-1.2.11]# cp  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old

[[email protected] zlib-1.2.11]# cp  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old

[[email protected] zlib-1.2.11]# mv /etc/ssl  /etc/ssl.old

[[email protected] zlib-1.2.11]# mv /usr/include/openssl  /usr/include/openssl.old

以上有些在不同的操作系统上会有文件不存在的提示,直接忽略

[[email protected] zlib-1.2.11]# 【rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}】最好不要卸载,不然会出现很多问题,以下ssh也一样。省略此步骤

[[email protected] zlib-1.2.11]# cd ..

[[email protected] soft]# tar -xf openssl-1.0.2o.tar.gz 

[[email protected] soft]# cd openssl-1.0.2o

[[email protected] openssl-1.0.2o]# ./config --prefix=/usr/local/openssl --openssldir=/etc/ssl

[[email protected] openssl-1.0.2o]# make depend

[[email protected] openssl-1.0.2o]# make

[[email protected] openssl-1.0.2o]# make install

[[email protected] openssl-1.0.2o]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

[[email protected] openssl-1.0.2o]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl

以下两条命令可以忽略。如果卸载了openssl,出现问题,可以执行以下两条

  【echo "/usr/local/openssl/lib" >> /etc/ld.so.conf】

  【ldconfig 】


[[email protected] openssl-1.0.2o]# mv /etc/ssh /etc/ssh.old

openssh-askpass-5.3p1-111.el6.x86_64

[[email protected] openssl-1.0.2o]# 【rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}】最好不要卸载,不然会出现很多问题。省略此步骤

[[email protected] openssl-1.0.2o]# cd ..

[[email protected] soft]# tar -xf openssh-7.7p1.tar.gz 

[[email protected] soft]# cd openssh-7.7p1

[[email protected] openssh-7.7p1]# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib  --with-md5-passwords     --with-pam --without-hardening  && make && make install

[[email protected] openssh-7.7p1]# cp contrib/redhat/sshd.init  /etc/init.d/sshd   //此步奏会根据操作系统不同选用的文件不同,例如suse:#cp contrib/suse/rc.sshd  /etc/init.d/sshd

[[email protected] openssh-7.7p1]# chmod  +x  /etc/init.d/sshd  

[[email protected] openssh-7.7p1]# vi /etc/init.d/sshd 

修改SSHD路径(redhat,centos)

#SSHD=/usr/sbin/sshd

SSHD=/usr/local/openssh/sbin/sshd

#/usr/bin/ssh-keygen -A

/usr/local/openssh/bin/ssh-keygen -A

修改SSHD路径(suse)

#SSHD_BIN=/usr/sbin/sshd

SSHD_BIN=/usr/local/openssh/sbin/sshd

#ssh-keygen -A

/usr/local/openssh/bin/ssh-keygen -A

[[email protected] ~]# vi /etc/ssh/sshd_config 

PermitRootLogin  yes

[[email protected] ~]# mv /usr/bin/ssh   /usr/bin/ssh.old

[[email protected] ~]# ln -s /usr/local/openssh/bin/ssh  /usr/bin/ssh

[[email protected] openssh-7.7p1]# chkconfig --add sshd

[[email protected] openssh-7.7p1]# chkconfig --list |grep sshd

sshd           0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭   

[[email protected] openssh-7.7p1]#  chkconfig  sshd  on

[[email protected] openssh-7.7p1]# service sshd restart

[[email protected] ~]# ssh -v

usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]

[[email protected] ~]# ssh -46AaCfGgKkMNnqsTtVvXxYy

OpenSSH_7.7p1, OpenSSL 1.0.2o  27 Mar 2018

三、结尾

此时,测试好openssh可以正常连接了,就可以卸载掉telnet了,不然又会出现好多漏洞,为了以防万一,可以stop掉telnet,不要加入开机启动,需要的时候直接start就可正常使用了。

[[email protected] ~]# mv /etc/securetty.old /etc/securetty

[[email protected] ~]# chkconfig  xinetd off

[[email protected] ~]# service xinetd stop

停止 xinetd:                                              [确定]

[[email protected] ~]# rpm -qa | grep telnet

telnet-0.17-48.el6.x86_64

telnet-server-0.17-48.el6.x86_64

[[email protected] ~]# rpm -qa | grep telnet|xargs -i rpm -e --nodeps {}

warning: /etc/xinetd.d/telnet saved as /etc/xinetd.d/telnet.rpmsave

[[email protected] ~]# rpm -qa | grep telnet

[[email protected] ~]# exit

四、使用ftp制作局域网yum源

有的时候好多同类型的机器会用到镜像文件,一台一台的上传或者插光盘比较麻烦,这时候就该局域网yum上场了

yum install vsftpd

service vsftpd start

mount /dev/cdrom /var/ftp/pub

ftp服务器上挂载好之后,在其他机器上配置yum文件便可使用了

vi /etc/yum.repos.d/yum.repo 

[a]

name=a

baseurl=ftp://192.168.56.102/pub

enabled=1

gpgcheck=0 


以上是关于redhat4.8/6.7以及suse10sp2升级至openssh-7.7p1的主要内容,如果未能解决你的问题,请参考以下文章

Suse Linux Enterprise Server 11sp2 64位下载地址

SUSE12-SP2安装教程(虚拟机)

生产环境suse11sp2升级至sp4

suselinux12基于ISCSI的共享存储设置

使用 Visual Studio 部署 .NET Core 应用 ——.Net Core 部署到SUSE Linux Enterprise Server 12 SP2 64 位

如何在suse11中安装Vmware?