Suse11 sp3 下升级 openssh-7.1脚本

Posted 2020-08-31 will

客户系统检测出openssh版本过旧存在漏洞，所以决定写个脚本，需要四个包：openssh-7.1p2.tar，openssl-1.0.1s.tar，telnet-server-1.2-149.1.x86_64，zlib-1.2.8.tar

脚本如下：（亲测，可用）

#!/bin/bash
#program : Server auto deploy
#author : [email protected]
#version : latst
#function : update openssh

##当前路径
current_dir="$(pwd) "
zlib_version="zlib-1.2.8"
openssh_version="openssh-7.1p2"
openssl_version="openssl-1.0.1s"
DATE=`date +%Y%m%d`
Distributor=`lsb_release -i|cut -c 17-`
BLUE_COLOR=‘\E[1;34m‘ #蓝
RED_COLOR=‘\E[1;31m‘ #红
BLACK_COLOR=‘\E[1;30m‘ #黑

echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### openssh install -----[success] #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}################### #################### "
echo -e "${RED_COLOR}########################################################################################${RES}"
echo -e "${BLACK_COLOR} ${RES}"
sleep 5

##检查系统当前用户
if [ `id -u` != 0 ]; then
echo "Error: if you want to run this script,please use root to execute;"
exit 1
fi

##安装telnet
cd $current_dir
rpm -ivh telnet-server-1.2-149.1.x86_64.rpm
sed -e ‘s/yes/no/g‘ /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
chkconfig --list | grep telnet
if [ $? -eq 0 ]; then
echo "install telnet ---------------------------[success]"
fi
sleep 5

##记录当前openssh版本信息
cd $current_dir
touch openssh_version.txt > /dev/null
echo `ssh -V` &> $current_dir/openssh_version.txt

##安装zlib,构建共享库
cd $current_dir
tar -zxvf zlib-1.2.8.tar.gz
cd $zlib_version
./configure --shared
sleep 3
/usr/bin/make install
cp zutil.h /usr/local/include
cp zutil.c /usr/local/include
/sbin/ldconfig -v
sleep 2

##进入安装包上传目录，解压openssl
cd $current_dir
tar -zxvf openssl-1.0.1s.tar.gz
cd $openssl_version
./config shared zlib
sleep 3
/usr/bin/make
sleep 2
/usr/bin/make install
echo "install openssl --------------------------[success]"
sleep 5

##修改配置文件，显示正常版本信息
mv `which openssl` /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
echo `ssh -V` &> /$current_dir/openssh_version.txt
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig -v

##软件安装之-Openssh安装
##禁用sshd服务，卸载原来的openssh版本
/sbin/service sshd stop
cp /etc/init.d/sshd /root/
if rpm -qa | grep openssh &> /dev/null
then
rpm -qa | grep openssh &> $current_dir/openssh_version.txt
while read line
do
rpm -e $line --nodeps
echo "remove $line ------------------------------[success]"
done <$current_dir/openssh_version.txt
fi

##解压缩openssh安装包，并进入解压缩文件编译安装
cd $current_dir
tar -zxvf openssh-7.1p2.tar.gz
cd $openssh_version
./configure --prefix=/usr --with-zlib=/root/zlib-1.2.8 --with-md5-passwords
sleep 2
/usr/bin/make
sleep 2
/usr/bin/make install

##启动调试ssh
#OS type
if [ "$Distributor" == "SUSE LINUX" ]; then
cd contrib/suse
cp rc.sshd /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
else

cd contrib/redhat
cp sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd

fi
sed -i ‘10a PermitRootLogin YES‘ /usr/etc/sshd_config
service sshd restart
chkconfig sshd on
if netstat -tnlp | grep -w 22 &> /dev/null; then
echo "Start debugging-----------------------------------[success]"
echo -e "${BLUE_COLOR}########################################################################################${RES}"
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### openssh install -----[success] #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}################### #################### "
echo -e "${BLUE_COLOR}########################################################################################${RES}"
sleep 3
sed -i ‘s/no/yes/g‘ /etc/xinetd.d/telnet
/etc/init.d/xinetd restart
fi
ssh -V
exit 0