Openssh升级脚本

Posted rxdxb

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Openssh升级脚本相关的知识,希望对你有一定的参考价值。

  1 #!/bin/bash
  2 :<<! 
  3 注意: : %s/openssh-8.1p1/openssh-8.1p1/g
  4 1.使用脚本前需要在命令行模式下更改文本模式set ff=unix ;  
  5 2. 执行完脚本后,请执行source /etc/profile;
  6 3. 请在/root下执行脚本
  7 4.如出现openssl升级后找不到库文件,可通过查找openssl库文件解决。//find  /  -name  "libssl*”  echo  "/usr/local/lib64"   >>   /etc/ld.so.conf   ldconfig -v
  8 !
  9 
 10 system_init () {
 11                 sed -i s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinux/config                                             #//永久设置selinux为disabled状态
 12                 setenforce 0                                                                                          #//手动设置selinux为Permissive
 13 #               sed -i s/#Port 22/Port 22022 /etc/ssh/sshd_config                                                            #//如果需要更改远程端口,去掉前面注释并修改相应的端口
 14                 sed -i s/#PermitRootLogin prohibit-password/PermitRootLogin yes/ /etc/ssh/sshd_config                   #//允许root用户远程登录,不允许yes改为no
 15                 sed -i 1a nameserver 114.114.114.114 /etc/resolv.conf                                   #//添加NDS地址
 16                 sed -i 1a options timeout:1 attempts:1 rotate /etc/resolv.conf                           #//设置超时时间和重试次数,加上这条可以解决dns解析慢的问题
 17                 echo root | passwd --stdin root
 18                yum -y install wget net-tools httpd-tools sysstat lsof tree
 19             if [ $? = 0 ];then
 20                 systemctl stop firewalld && systemctl disable firewalld
 21             else 
 22                 echo "firewalld is off "
 23             fi
 24 
 25             zone=$(timedatectl |grep Asia/Shanghai)
 26             if [ $? != 0 ];then
 27                 timedatectl set-timezone Asia/Shanghai
 28            else
 29                 echo "Time zone configuration successful"
 30             fi
 31            rpm -qa |grep chrony
 32             if [ $? != 0 ];then
 33                 yum -y install chrony && cp /etc/chrony.conf /etc/chrony.conf.bak
 34                 sed -i /^server/ s/^/#/ /etc/chrony.conf
 35                 sed -i 2a server ntp.ntsc.ac.cn iburst /etc/chrony.conf
 36                 chronyc -a makestep
 37            else
 38                 echo "chrony is sucess"
 39            fi
 40             id SHunicom
 41            if [ $? != 0 ];then
 42                  useradd SHunicom && echo ShCX#9+2uc0$]80! |passwd --stdin SHunicom
 43                 echo "SHunicom add ok"
 44            fi
 45 }
 46 
 47 
 48 zlic_install () {
 49          cd /root
 50          tar  -vxf zlib-1.2.11.tar.gz
 51          cd zlib-1.2.11
 52          ./configure   --prefix=/usr/local/zlib
 53          make  &&  make install
 54          echo " zlib install ok"
 55 }
 56 
 57 openssl_install () {
 58          cd /root 
 59          tar  -vxf openssl-1.1.1a.tar.gz >/dev/null
 60          cd openssl-1.1.1a
 61          ./config  shared  zlib  --prefix=/usr/local/openssl
 62          make  &&  make install
 63          mv  /usr/bin/openssl  /usr/bin/openssl.old
 64          mv  /usr/include/openssl  /usr/include/openssl.old
 65          ln  -s  /usr/local/openssl/bin/openssl   /usr/bin/openssl
 66          ln  -s  /usr/local/openssl/include/openssl   /usr/include/openssl
 67          echo  "/usr/local/openssl/lib"   >>   /etc/ld.so.conf
 68          ldconfig -v
 69 }
 70 
 71 openssh_prepare () {
 72        yum -y install wget
 73        rpm -qa |grep wget
 74        wget_stat=$?
 75        ping -c  3 openbsd.hk
 76        ping_stat=$?
 77      
 78       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
 79              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
 80              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
 81              wget http://www.zlib.net/zlib-1.2.11.tar.gz
 82              yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel tcp_wrappers-devel wget
 83       else
 84             echo -n -e "program:  ‘basename $wget_stat‘  openssh download faifled"
 85       fi
 86      ps -ef |grep sshd | grep -v grep
 87      ssh_stat=$?
 88      rpm -qa |grep openssh
 89      openssh_stat=$?
 90      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
 91           systemctl stop sshd
 92           rpm -qa |grep openssh |xargs -d "
" rpm -e --nodeps
 93           mv /etc/init.d/sshd /etc/init.d/sshd.bak
 94           mv /etc/ssh /etc/ssh.bak
 95      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then  
 96           systemctl stop sshd
 97          mv /usr/local/openssh /usr/local/openssh.bak
 98      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
 99            mv /usr/local/openssh /usr/local/openssh.bak
100      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
101           rpm -qa |grep openssh |xargs -d "
" rpm -e --nodeps
102           mv /etc/init.d/sshd /etc/init.d/sshd.bak
103           mv /etc/ssh /etc/ssh.bak
104      fi
105 }
106 
107 ubuntu_prepare () {
108         echo "0" >/etc/apt-get/sources.list
109        sed -i 1a  deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse /etc/apt/sources.list
110        sed -i 1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse  /etc/aptt/sources.list
111        sed -i 1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse /etc/apt/sources.list
112        sed -i 1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse /etc/apt/sources.list
113        sed -i 1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse /etc/apt/sources.list
114        sed -i 1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse /etc/apt/sources.list
115        sed -i 1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse /etc/apt/sources.list
116        sed -i 1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse /etc/apt/sources.list
117        sed -i 1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse /etc/apt/sources.list
118        sed -i 1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse /etc/apt/sources.list
119        sudo apt-get install wget
120        dpkg -s wget
121        wget_stat=$?
122        ping -c  3 openbsd.hk
123        ping_stat=$?
124      
125       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
126              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
127              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
128              wget http://www.zlib.net/zlib-1.2.11.tar.gz
129             sudo apt-get install wget gcc make zlib1g-dev libssl-dev libpam0g-dev sysv-rc-conf -y
130       else
131             echo -n -e "program:  ‘basename $wget_stat‘  openssh download faifled"
132       fi
133      ps -ef |grep sshd | grep -v grep
134      ssh_stat=$?
135      rpm -qa |grep openssh
136      openssh_stat=$?
137      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
138           systemctl stop sshd
139           mv /etc/init.d/sshd /etc/init.d/sshd.bak
140           mv /etc/ssh /etc/ssh.bak
141      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then  
142           systemctl stop sshd
143          mv /usr/local/openssh /usr/local/openssh.bak
144      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
145            mv /usr/local/openssh /usr/local/openssh.bak
146      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
147           mv /etc/init.d/sshd /etc/init.d/sshd.bak
148           mv /etc/ssh /etc/ssh.bak
149      fi
150 }
151         apt_get=$?
152          if [ apt_get -eq 0 ];then
153              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
154              wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
155              wget http://www.zlib.net/zlib-1.2.11.tar.gz
156          fi
157 
158 openssh_install () {
159          cd /root
160          tar -xvf openssh-8.1p1.tar.gz &&  /root > /dev/null
161          cd openssh-8.1p1
162          var="$1"
163          if [ "$var" = "cen6" ];then
164              ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl -with-md5-passwords --without-hardening 
165              if [ $? = 0 ];then
166                   openssh_init
167              else
168                   echo "system is $var , configure openssh failed " >>/install.log
169              fi
170          elif [ "$var" = "cen7" ];then
171             ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl
172              if [ $? = 0 ];then
173                   openssh_init
174              else
175                   echo "system is $var , configure openssh failed " >>/install.log
176              fi
177          fi
178 }        
179 
180 openssh_init () {
181                make && make install
182                cp $DIRSSH/contrib/redhat/sshd.init /etc/init.d/sshd
183               sed -i 25,25s/SSHD=/usr/sbin/sshd/SSHD=/usr/local/openssh/sbin/sshd/ /etc/init.d/sshd
184               sed -i 41,41s//usr/bin/ssh-keygen -A//usr/local/openssh/bin/ssh-keygen -A/ /etc/init.d/sshd
185               chkconfig --add sshd && systemctl daemon-reload
186 #              sed -i s/#Port 22/Port 22022/ /etc/ssh/sshd_config
187               sed -i s/#PermitRootLogin prohibit-password/PermitRootLogin yes/ /etc/ssh/sshd_config
188               chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
189               systemctl start sshd
190               echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile 
191               source /etc/profile
192 }
193 
194 DIRZLIB=/usr/local/zlib
195 DIRSSL=/usr/local/openssl
196 DIRSSH=/root/openssh-8.1p1
197 INSTALLSSH=/usr/local/openssh
198 SYSSSH=/etc/ssh
199 array_number=(init centos6 centos7 ubuntu)
200 echo -n -e "e[31;47m please input number 0.init 1.centos6 2.centos7 3.ubuntu
 please input number:	e[30"
201 read input
202 number=${array_number["$input"]}
203      case  "$number"    in 
204           ${array_number[0]})
205                    system_init
206                         ;;
207           ${array_number[1]})
208                         openssh_prepare
209                         zlic_install
210                         openssl_install
211                         openssh_install cen6
212                         ;;
213           ${array_number[2]})
214                         openssh_prepare
215                         zlic_install
216                         openssl_install
217                         openssh_install cen7
218                         ;;
219            ${array_number[3]})
220                 ubuntu_prepare 
221                 zlic_install
222                 openssl_install
223                 openssh_install   cen7      
224                 ;;
225             *)
226                 echo "Usage: input number 0.init 1.centos6 2. centos7 3. ubuntu
"
227                 exit 1
228                 ;;
229       esac    

以上是关于Openssh升级脚本的主要内容,如果未能解决你的问题,请参考以下文章

分享一次OPENssh批量升级过程和升级脚本

简单的openssh自动升级脚本

Suse11 sp3 下升级 openssh-7.1脚本

Linux OpenSSH-9.0p1最新版升级步骤详细(附脚本)

centos7 更新openssh脚本

ssh漏洞修复:openssh升级及降级