侧边栏壁纸
博主昵称
WX

  • 累计撰写 13 篇文章
  • 累计收到 1 条评论

centos7升级ssh

W●X
2021-06-25 / 0 评论 / 48 阅读 / 正在检测是否收录...

openssh升级文档centos6/c7
一、做准备工作

  1. 关闭防火墙、关闭selinux服务

firewall-cmd --state

systemctl stop firewalld.service

systemctl disable firewalld.service

vim vim /etc/selinux/config 修改SELINUX=enforcing 为 SELINUX=distable

  1. 安装基础包

yum install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel pcre-devel pam-devel pam zlib

  1. 备份ssh、sshd文件

cp -rf /etc/ssh/ /etc/ssh/ssh.bak

cp /usr/sbin/sshd /usr/sbin/sshd.bak

二、安装telnet服务(可以选择不安装,安装的目的是ssh升级失败,可以备用连接)
1.安装软件
# yum -y install telnet-server* telnet
2.启用telnet服务

mv /etc/securetty /etc/securetty.old #允许root用户通过telnet登录

  1. 修改securetty文件,增加pts配置。如果登录用户较多,需要更多的pts/*。

vim /etc/securetty (卸载防护措施)

......
pts/0
pts/1
pts/2
添加开机启动

chkconfig telnet on #使telnet服务开机启动,避免升级过程中服务器意

  1. centos7启动telnet服务

systemctl enable xinetd.server

systemctl enable telnet.socket

systemctl start telnet.socket

systemctl start xinetd.service

  1. 卸载当前系统openssh

rpm -qa | grep openssh

rpm -e --nodeps rpm -qa | grep openssh

三、安装openssh

  1. 下载最新openssh
    https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/

wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz

  1. 编译安装openssh

tar zxvf openssh-8.6p1.tar.gz

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers

make

make install

cp contrib/redhat/sshd.init /etc/init.d/sshd

chkconfig --add sshd

  1. 回收权限

chmod -R 600 /etc/ssh/

  1. openssh7.5默认root用户是不能用ssh远程登录的,需要修改配置文件:

sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config

vim /etc/ssh/sshd_config

找到#PermitRootLogin prohibit-password项,去掉注释并把prohibit-password改为yes

PermitRootLogin yes
重启ssh服务:

systemctl restart sshd.service

  1. 关闭telnet
  2. xinetd stop

chkconfig xinetd off
service iptables start
chkconfig iptables on
将之前改过的disable=yes又改回去成no.
随后再将修改iptables将23端口关闭,并重启iptables服务.

至此,可以再开ssh登录,用ssh -V查看版本号.

参考资料:
https://www.cnblogs.com/kevingrace/p/9478614.html
https://blog.csdn.net/qq_25934401/article/details/83419849
https://www.cnblogs.com/winstom/p/9515949.html
https://blog.csdn.net/qq_37311616/article/details/80686922
https://www.cnblogs.com/nmap/p/10779658.html //C7参考
https://www.cnblogs.com/AmbitiousMice/p/11504850.html //报错解决
/usr/sbin/sshd -T //检查是否有错

0

评论 (0)

取消