CentOS7源码升级OpenSSL和OpenSSH

时间:2021-01-06 13:09:07

 

一、CentOS7升级OpenSSL

1、查看ssl版本及下载相关依赖包

  openssl version -a

  yum install -y gcc openssl-devel pam-devel rpm-build

 

2、下载安装包(查询最新安装包)

  wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root

  tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr

 

3、卸载当前openssl

  rpm -qa | grep openssl

  rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}

 

4、解压openssl_1.0.2q源码并编译安装

  cd /usr/openssl-1.0.2q

  ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib

  make && make test && make install

 

5、创建库文件软链接并查看版本

  由于OpenSSL不提供libcrypto.so.10和libssl.so.10这两个库,而yum、wget等工具又依赖此库,需要创建软连接使用

  ll /usr/lib64/libssl.so*

  ll /usr/lib64/libcrypto.so*

  ln -s /usr/lib64/libssl.so.1.0.0  libssl.so.10

  ln -s /usr/lib64/libcrypto.so.1.0.0  libcrypto.so.10

  openssl version -a

 

二、CentOS7升级OpenSSH

1、查看版本下载相关依赖包

  ssh -V

  yum install -y gcc openssl-devel pam-devel rpm-build

 

2、下载安装包(查询最新安装包)

  wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root

 

3、卸载原Openssh

  rm -rf /etc/ssh

  rpm -qa |grep openssh

  for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done

 

4、解压openssh安装包

  tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr

  cd /usr/openssh-7.9p1

 

5、编译安装

  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening

  make && make install

 

6、安装完成,执行配置

  rm -rf /etc/init.d/sshd

  cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd

  chkconfig --add sshd

  chkconfig --list|grep sshd

  echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

  systemctl enable sshd

  systemctl restart sshd

  systemctl status sshd

  ssh -V

 

三、OpenSSL-OpenSSH升级脚本如下

#!/bin/bash ############################################ ############# 升级OpenSSL ########## ############################################ #查看ssl版本及安装编译工具、下载OpenSSL源码包 openssl version -a yum install -y gcc openssl-devel pam-devel rpm-build wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root
tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr #卸载当前版本openssl rpm -qa | grep openssl rpm -qa |grep openssl|xargs -i rpm -e --nodeps {} #编译安装新版openssl cd /usr/openssl-1.0.2q ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib make && make test && make install #创建库文件软链接并查看版本 ll /usr/lib64/libssl.so* ll /usr/lib64/libcrypto.so*
ln -s /usr/lib64/libssl.so.1.0.0  libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0  libcrypto.so.10 openssl version -a ########################################## ################ 升级OpenSSH ########## ########################################## #查看版本并安装编译工具、下载源码包 ssh -V yum install -y gcc openssl-devel pam-devel rpm-build wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root
 #删除原openssh软件 rm -rf /etc/ssh rpm -qa |grep openssh for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done #安装openssh源码包 tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr cd /usr/openssh-7.9p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers  --without-hardening make && make install #配置并重启openssh,查看版本 rm -rf /etc/init.d/sshd cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd chkconfig --add sshd chkconfig --list|grep sshd echo "PermitRootLogin yes" >> /etc/ssh/sshd_config systemctl enable sshd systemctl restart sshd systemctl status sshd ssh -V