天天看點
傳回

更新SSH

1、使用ssh -v檢視目前SSH的版本:

[root@server ~]# ssh -v

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]

           [-D [bind_address:]port] [-e escape_char] [-F configfile]

           [-i identity_file] [-L [bind_address:]port:host:hostport]

           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]

           [-R [bind_address:]port:host:hostport] [-S ctl_path]

           [-w tunnel:tunnel] [user@]hostname [command] 

2、安裝zlib-1.2.8 

注意:

安裝之前確定已經裝有gcc、gcc-c++庫

[root@server src]# rpm -qa gcc

[root@server src]# rpm -qa gcc-c++

如果沒有安裝可以用yum直接聯網安裝:

[root@server src]# yum -y install gcc

[root@server src]# yum -y install gcc-c++ zlib-devel 

確定已經安裝了gcc和gcc-c++庫後,開始安裝zlib-1.2.8

[root@server src]# tar -zxvf zlib-1.2.8.tar.gz

[root@server src]# cd zlib-1.2.8

[root@server zlib-1.2.8]# ./configure --prefix=/usr/local/zlib -share

[root@server zlib-1.2.8]# make

[root@server zlib-1.2.8]# make test

[root@server zlib-1.2.8]# make install

3、安裝openssl 

[root@server src]# tar -zxvf openssl-1.0.1g.tar.gz

[root@server src]# cd openssl-1.0.0g

[root@server openssl-1.0.1g]# ./config shared zlib-dynamic --prefix=/usr/local/openssl --with-zlib-lib=/usr/local/zlib/lib --with-zlib-include=/usr/local/zlib/include

[root@server openssl-1.0.1g]# make

[root@server openssl-1.0.1g]# make test           (這一步是進行 SSL 加密協定的完整測試,如果出現錯誤就要一定先找出原因,否則可能導緻SSH不能用)

[root@server openssl-1.0.1g]# make install

[root@server openssl-1.0.1g]# echo /usr/local/openssl/lib >> /etc/ld.so.conf     #配置庫檔案搜尋路徑

增加下列一行

/usr/local/openssl/lib                               #64位OS 沒有生成lib目錄,是lib64目錄

[root@server openssl-1.0.1g]# ldconfig -v             #重新整理緩存檔案/etc/ld.so.cache

4、接下來開始替換系統原來的SSL

mv /usr/bin/openssl /usr/bin/oldopenssl

mv /usr/lib/openssl /usr/lib/oldopenssl

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/openssl/include/openssl/ /usr/include/openssl

驗證:openssl version -a

OpenSSL 1.0.1g 7 Apr 2014

rm -rf /usr/lib/libcrypto.so

rm -rf /usr/lib/libssl.so

ln -s /usr/local/openssl/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so

ln -s /usr/local/openssl/lib/libssl.so.1.0.0 /usr/lib/libssl.so

echo /usr/local/openssl/lib >> /etc/ld.so.conf

ldconfig -v

openssl version -v        #檢視openssl的新版本号

5、解除安裝目前使用的openssh 

[root@server openssl-1.0.0c]# rpm -e openssh

error: Failed dependencies:

openssh = 4.3p2-41.el5 is needed by (installed) openssh-clients-4.3p2-41.el5.x86_64

openssh = 4.3p2-41.el5 is needed by (installed) openssh-server-4.3p2-41.el5.x86_64

openssh = 4.3p2-41.el5 is needed by (installed) openssh-askpass-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-askpass-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-server-4.3p2-41.el5.x86_64

warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave     --會提示此資訊

[root@server openssl-1.0.0c]# rpm -e openssh-clients-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el5 

6、安裝新版本openssh 

[root@server src]# tar -zxvf openssh-6.5p1.tar.gz

[root@server src]# cd openssh-6.5p1

[root@server openssh-6.5p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-openssl-header-check

出現:configure: error: PAM headers not found 錯誤

說明系統中沒有安裝pam-devel RPM 包,找到安裝CD光牒,安裝pam-devel或者用yum直接安裝

[root@server openssh-6.5p1]# yum -y install pam*

安裝完PAM相關包後,再重新編譯

[root@server openssh-6.5p1]# make

[root@server openssh-6.5p1]# make install

[root@server openssh-6.5p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd

[root@server openssh-6.5p1]# chmod +x /etc/init.d/sshd

[root@server openssh-6.5p1]# chkconfig sshd on

[root@server openssh-6.5p1]# chkconfig --list sshd

[root@server openssh-6.5p1]# service sshd start

正在啟動 sshd:WARNING: initlog is deprecated and will be removed in a future release

[确定]

這時出現“WARNING: initlog is deprecated and will be removed in a future release

”錯誤,可能是前面編譯安裝ssh在啟動服務的時候沒有更改檔案路徑,解決方法是:編輯/etc/init.d/sshd

注釋如下行

#initlog -c "$SSHD $OPTIONS" && success || failure

添加如下行

$SSHD $OPTIONS && success || failure 

然後再重新啟動sshd服務,正常

[root@server openssh-6.5p1]# /etc/init.d/sshd restart

停止 sshd:[确定]

正在啟動 sshd:[确定]

最後使用ssh -v檢視目前的SSH版本:

[root@server openssh-6.5p1]# ssh -v

OpenSSH_6.5p1, OpenSSL 1.0.1g 7 Apr 2014

更新 open ssh
上一篇: zabbix更新
下一篇: 前端工程之子產品化

繼續閱讀