openssh升级文档centos6/c7
一、做准备工作
- 关闭防火墙、关闭selinux服务
firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service
vim vim /etc/selinux/config 修改SELINUX=enforcing 为 SELINUX=distable
- 安装基础包
yum install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel pcre-devel pam-devel pam zlib
- 备份ssh、sshd文件
cp -rf /etc/ssh/ /etc/ssh/ssh.bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
二、安装telnet服务(可以选择不安装,安装的目的是ssh升级失败,可以备用连接)
1.安装软件
# yum -y install telnet-server* telnet
2.启用telnet服务
mv /etc/securetty /etc/securetty.old #允许root用户通过telnet登录
- 修改securetty文件,增加pts配置。如果登录用户较多,需要更多的pts/*。
vim /etc/securetty (卸载防护措施)
......
pts/0
pts/1
pts/2
添加开机启动
chkconfig telnet on #使telnet服务开机启动,避免升级过程中服务器意
- centos7启动telnet服务
systemctl enable xinetd.server
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd.service
- 卸载当前系统openssh
rpm -qa | grep openssh
rpm -e --nodeps rpm -qa | grep openssh
三、安装openssh
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
- 编译安装openssh
tar zxvf openssh-8.6p1.tar.gz
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
make
make install
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
- 回收权限
chmod -R 600 /etc/ssh/
- openssh7.5默认root用户是不能用ssh远程登录的,需要修改配置文件:
sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
找到#PermitRootLogin prohibit-password项,去掉注释并把prohibit-password改为yes
PermitRootLogin yes
重启ssh服务:
systemctl restart sshd.service
- 关闭telnet
- xinetd stop
chkconfig xinetd off
service iptables start
chkconfig iptables on
将之前改过的disable=yes又改回去成no.
随后再将修改iptables将23端口关闭,并重启iptables服务.
至此,可以再开ssh登录,用ssh -V查看版本号.
参考资料:
https://www.cnblogs.com/kevingrace/p/9478614.html
https://blog.csdn.net/qq_25934401/article/details/83419849
https://www.cnblogs.com/winstom/p/9515949.html
https://blog.csdn.net/qq_37311616/article/details/80686922
https://www.cnblogs.com/nmap/p/10779658.html //C7参考
https://www.cnblogs.com/AmbitiousMice/p/11504850.html //报错解决
/usr/sbin/sshd -T //检查是否有错
评论 (0)