正文

centos6.5中openssh怎么从5.3升级到7.3

sixvps
sixvps V管理员 /0 评论 /9325 阅读
0907

centos6.5中openssh怎么从5.3升级到7.3

今天就跟大家聊聊有关centos6.5中openssh怎么从5.3升级到7.3,可能很多人都不太了解,为了让大家更加了解,小编给大家总结了以下内容,希望大家根据这篇文章可以有所收获。CentOS6.5 自带的SSH版本5.3太低,安全检查报有漏洞,需要升级版本。本文使用openssh-7.3p1的版本进行源码升级安装。升级OpenSSH不难,难的是在升级前的基础环境安装。需要以下的软件:gcc-c++,zlib,OpenSSL,pam升级过程ssh中断,需先将telnet服务打开。如能直接登陆系统,则不需要安装telnet.需要先安装xinted,telnet-server参考:http://www.cnblogs.com/xlmeng1988/archive/2012/04/24/telnet-server.html需要安装如下包:telnet-server-1.2-134.24.1.x86_64.rpmxinetd-2.3.14-40.el6.x86_64.rpmxinetd-2.3.14-40.el6.src.rpm启动TELNET服务编辑/etc/xinetd.d/telnet, 将其中的 disable = yes 的yes改为no.使用chkconfig命令直接开启:[root@localhost loong]# chkconfig telnet on激活xinetd服务:service xinetd restart允许root使用telnet登陆:不建议开放telnet的root登录,容易带来安全隐患。注:默认情况下,系统只允许普通用户telnet登录,不允许root用户登录。要想获得root权限,可以使用普通用户登录,然后执行su,来获得root权限。或使用一下方法,允许root登录telnet:方法一:# mv /etc/securetty /etc/securetty.bak (不建议这种方法,测试完后再改回去吧!)方法二:修改/etc/pam.d/remote,注释掉:auth required pam_securetty.so升级OpenSSH基础环境安装三种方式,YUM、rpm、源码安装1、yum安装应该是最方便的方法了。yum -y gcc-c++,zlib,zlib-devel,openssl,openssl-devel,pam-devel2、rpm安装2.1、gcc-c++安装步骤顺序不能颠倒,否则会报错rpm -ivh ppl-0.10.2-11.el6.x86_64.rpmrpm -ivh cloog开发云主机域名-ppl-0.15.7-1.2.el6.x86_64.rpmrpm -ivh mpfr-2.4.1-6.el6.x86_64.rpmrpm -ivh cpp-4.4.7-17.el6.x86_64.rpmrpm -Uvh kernel-headers-2.6.32-642.el6.x86_64.rpmrpm -Uvh tzdata-2016c-1.el6.noarch.rpmrpm -Uvh glibc-devel-2.12-1.192.el6.x86_64.rpm glibc-2.12-1.192.el6.x86_64.rpm glibc-headers-2.12-1.192.el6.x86_64.rpm glibc-common-2.12-1.192.el6.x86_64.rpmrpm -Uvh libgcc-4.4.7-17.el6.x86_64.rpmrpm -Uvh libgomp-4.4.7-17.el6.x86_64.rpmrpm -ivh gcc-4.4.7-17.el6.x86_64.rpmrpm -Uvh libstdc++-4.4.7-17.el6.x86_64.rpmrpm -ivh libstdc++-devel-4.4.7-17.el6.x86_64.rpmrpm -ivh gcc-c++-4.4.7-17.el6.x86_64.rpm2.2、zlib安装步骤rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm2.3、OpenSSL安装步骤开发云主机域名顺序不能颠倒,否则会报错。rpm -Uvh keyutils-1.4-5.el6.x86_64.rpm keyutils-libs-1.4-5.el6.x86_64.rpm keyutils-libs-devel-1.4-5.el6.x86_64.rpmrpm -Uvh krb5-libs-1.10.3-57.el6.x86_64.rpm krb5-workstation-1.10.3-57.el6.x86_64.rpmrpm -Uvh libselinux-2.0.94-7.el6.x86_64.rpm libselinux-utils-2.0.94-7.el6.x86_64.rpm libselinux-python-2.0.94-7.el6.x86_64.rpmrpm -ivh libsepol-devel-2.0.41-4.el6.x86_64.rpmrpm -ivh libselinux-devel-2.0.94-7.el6.x86_64.rpmrpm -Uvh e2fsprogs-libs-1.41.12-22.el6.x86_64.rpm e2fsprogs-1.41.12-22.el6.x86_64.rpm libss-1.41.12-22.el6.x86_64.rpm libcom_err-1.41.12-22.el6.x86_64.rpmrpm -ivh krb5-devel-1.10.3-57.el6.x86_64.rpm libcom_err-devel-1.41.12-22.el6.x86_64.rpmrpm -Uvh openssl-devel-1.0.1e-48.el6.x86_64.rpm openssl-1.0.1e-48.el6.x86_64.rpm2.4、pam安装步骤rpm -Uvh pam-devel-1.1.1-22.el6.x86_64.rpm pam-1.1.1-22.el6.x86_64.rpm3、源码安装只做过zlib和OpenSSL的源码安装。rpm已安装,就不用安装了。3.1、zlib源码安装[root@localhost tmp]# tar xf zlib-1.2.8.tar.gz[root@localhost tmp]# cd zlib-1.2.8[root@localhost zlib-1.2.8]# ./configure –prefix=/usr/local/zlibChecking for gcc…Checking for shared library support…Building shared library libz.so.1.2.8 with gcc.Checking for off64_t… Yes.Checking for fseeko… Yes.Checking for strerror… Yes.Checking for unistd.h… Yes.Checking for stdarg.h… Yes.Checking whether to use vs[n]printf() or s[n]printf()… using vs[n]printf().Checking for vsnprintf() in stdio.h… Yes.Checking for return value of vsnprintf()… Yes.Checking for attribute(visibility) support… Yes.[root@localhost zlib-1.2.8]# make[root@localhost zlib-1.2.8]# make install3.2、OpenSSL源码安装[root@localhost tmp]# tar zxf openssl-1.0.2h.tar.gz[root@localhost tmp]# cd openssl-1.0.2h[root@localhost openssl-1.0.2h]# ./config –prefix=/usr/local/openssl –shared[root@localhost openssl-1.0.2h]# make depend[root@localhost openssl-1.0.2h]# make[root@localhost openssl-1.0.2h]# make test[root@localhost openssl-1.0.2h]# make install4、源码安装OpenSSH安装前最好先开启telnet服务,以防升级失败,无法使用ssh登录时可以使用telnet。# 卸载旧版本openssh,卸载可以在make之后进行。rpm -qa | grep opensshrpm -e –nodeps `rpm -qa | grep openssh`# 升级新版本# –with-ssl-dir=*** 选项,在OpenSSL不是默认安装路径的时候添加。./configure –prefix=/usr –sysconfdir=/etc/ssh –with-zlib=/usr/local/zlib –with-md5-passwords –with-pam./configure –prefix=/usr –sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/openssl –with-zlib=/usr/local/zlib –with-md5-pa开发云主机域名sswords –with-pammakemake install# 复制配置文件cp ssh_config /etc/ssh/cp sshd_config /etc/ssh/cp moduli /etc/ssh/# 复制启动脚本到/etc/init.d# 根据安装路径情况,可能需要修改启动脚本中sshd的路径cp contrib/redhat/sshd.init /etc/init.d/sshd/usr/sbin/sshd -t -f /etc/ssh/sshd_config# 加入开机自启chkconfig –add sshdchkconfig sshd onchkconfig sshd –list# 开启root用户远程登录。# 此步骤不是必须。建议是关闭该选项,开启会有安全隐患。vi /etc/ssh/sshd_configPermitRootLogin yes# 开启SSH服务service sshd start5、关闭telnet服务,编辑/etc/xinetd.d/telnet, 将其中的 disable = yes 的yes改为no.使用chkconfig命令直接开启:[root活动:慈云数据爆款香港服务器,CTG+CN2高速带宽、快速稳定、平均延迟10+ms 速度快,免备案,每月仅需19元!! 点击查看@localhost loong]# chkconfig telnet off 恢复securetty:# cp /etc/securetty.bak /etc/securetty6、问题:重启系统后,需直接登陆控制台,重启sshd服务方可远程正常访问;service sshd stopservice sshd start看完上述内容,你们对centos6.5中openssh怎么从5.3升级到7.3有进一步的了解吗?如果还想了解更多知识或者相关内容,请关注开发云行业资讯频道,感谢大家的支持。

本文从转载,原作者保留一切权利,若侵权请联系删除。

《centos6.5中openssh怎么从5.3升级到7.3》来自互联网同行内容,若有侵权,请联系我们删除!


相关阅读:

1、win10重置电脑需要多长时间(win10重置电脑 多长时间)

2、昌邑云服务器存储(昌邑服务器 存储云化)

3、远程连接服务器(远程连接服务器操作简易教程)

4、远程连接服务器:简单易用(易用的远程服务器连接)

5、远程连接服务器:简单快捷!(远程连接服务器:省时实用!)

-- 展开阅读全文 --