标签:x86 root用户 passwords sysconf zlib export ssh config dha
实施步骤:
1.把源码包上传到各服务器,共3个
zlib-1.2.11.tar.gz,pam-devel-1.1.1-13.el6.x86_64.rpm
openssl-fips-2.0.16.tar.gz
openssl-1.0.2p.tar.gz openssh-7.8p1.tar.gz
2.安装telnet服务,并保证可以正常登录
yum -y install telnet-server
chkconfig telnet on
service xinetd restart
(进行远程登录,su到root后,设置TMOUT=0,并使用此终端操作)
3.卸载原openssh
service sshd stop
cp /etc/init.d/sshd /etc/init.d/sshd.OLD
cp /etc/pam.d/sshd /etc/pam.d/sshd. OLD
cp -r /etc/ssh /etc/ssh. OLD
rpm -qa | grep openssh
rpm -e openssh --nodeps
rpm -e openssh-server --nodeps
rpm -e openssh-clients --nodeps
rpm -e openssh-askpass --nodeps
4.安装zlib
tar xf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make
make install
5.安装openssl-fips
tar -xzvf openssl-fips-2.0.16.tar.gz
cd openssl-fips-2.0.16
./config
make
make install
6.安装openssl
tar xf openssl -1.0.2p.tar.gz
cd openssl -1.0.2p
./config shared zlib --prefix=/usr/local/openssl?
make
make install
./config -t
make depend
vi?/etc/ld.so.conf? /usr/local/openssl/lib
#ldconfig
在etc/的profile的最后一行,添加:
????? export?OPENSSL=/usr/local/openssl/bin
????? export?PATH=$OPENSSL:$PATH:$HOME/bin
?
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -sf /usr/local/openssl/lib/libcrypto.so.1.0.0 /lib/libcrypto.so.6
echo ‘/usr/local/ssl/lib’ >> /etc/ld.so.conf
ldconfig
openssl version -a
7.安装openssh
tar zxf openssh-7.8p1.tar.gz
cd openssh-7.8p1
rm -rf /etc/ssh
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
make
make install
cp contrib/redhat/sshd.init /etc/init.d/sshd
chmod 755 /etc/init.d/sshd
chkconfig --add sshd
vim /etc/ssh/sshd_config #修改默认端口号
chkconfig sshd on
vi /etc/sshd/sshd_config
把#PermitRootLogin prohibit-password改为PermitRootLogin no
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/
ssh -V
service sshd start
8.验证ssh登录是否正常
9.关闭telnet服务
回退方法
回退方法
1.使用telnet登录并切换到root用户
2.恢复openssl
service sshd stop
ln -sf /lib64/libcrypto.so.0.9.8e /lib64/libcrypto.so.6
ln -sf /lib64/libssl.so.0.9.8e /lib64/libssl.so.6
rm /usr/include/openssl
mv /usr/include/openssl.OFF1 /usr/include/openssl
rm /usr/bin/openssl
mv /usr/bin/openssl.OFF1 /usr/bin/openssl
vi /etc/ld.so.conf
删除 /usr/local/ssl/lib这行
ldconfig
openssl version -a
3.恢复opensh
chkconfig --del sshd
rm -rf /etc/sshd
rm -f /etc/pam.d/sshd
yum -y install openssh-*
ssh -V
cp /etc/ssh.OFF1/sshd_config /etc/ssh/
cp /etc/pam.d/sshd.OFF1 /etc/pam.d/
service sshd start
linux6 ssh升级7.8
标签:x86 root用户 passwords sysconf zlib export ssh config dha
原文地址:http://blog.51cto.com/twj0413/2340994
