Contents
2.23. Openssh更新升级¶
2.23.1. centos7.2 离线升级openssh7.9¶
环境介绍¶
centos7.2 64位 , OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips
准备工作,安装基础包¶
[root@host-10-144-114-75 admin]# yum -y install lrzsz glibc-devel gcc gcc-c++ zlib-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package glibc-devel-2.17-222.el7.x86_64 already installed and latest version
Package gcc-4.8.5-28.el7.x86_64 already installed and latest version
Package gcc-c++-4.8.5-28.el7.x86_64 already installed and latest version
Package zlib-devel-1.2.7-17.el7.x86_64 already installed and latest version
Nothing to do
FQ:安装gcc-c++报错
[root@host-10-144-114-75 admin]# yum -y install gcc-c++
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package gcc-c++.x86_64 0:4.8.5-28.el7 will be installed
--> Processing Dependency: libstdc++-devel = 4.8.5-28.el7 for package: gcc-c++-4.8.5-28.el7.x86_64
--> Processing Dependency: libstdc++ = 4.8.5-28.el7 for package: gcc-c++-4.8.5-28.el7.x86_64
--> Running transaction check
---> Package gcc-c++.x86_64 0:4.8.5-28.el7 will be installed
--> Processing Dependency: libstdc++ = 4.8.5-28.el7 for package: gcc-c++-4.8.5-28.el7.x86_64
---> Package libstdc++-devel.x86_64 0:4.8.5-28.el7 will be installed
--> Processing Dependency: libstdc++(x86-64) = 4.8.5-28.el7 for package: libstdc++-devel-4.8.5-28.el7.x86_64
--> Finished Dependency Resolution
Error: Package: gcc-c++-4.8.5-28.el7.x86_64 (base)
Requires: libstdc++ = 4.8.5-28.el7
Installed: libstdc++-4.8.5-28.el7_5.1.i686 (@local_updates)
libstdc++ = 4.8.2-16.el7_5
libstdc++ = 4.8.5-28.el7_5.1
Available: libstdc++-4.8.5-28.el7.i686 (base)
libstdc++ = 4.8.5-28.el7
libstdc++ = 4.8.2-16.el7
Error: Package: libstdc++-devel-4.8.5-28.el7.x86_64 (base)
Requires: libstdc++(x86-64) = 4.8.5-28.el7
Installed: libstdc++-4.8.5-28.el7_5.1.x86_64 (@local_updates)
libstdc++(x86-64) = 4.8.5-28.el7_5.1
Available: libstdc++-4.8.5-28.el7.x86_64 (base)
libstdc++(x86-64) = 4.8.5-28.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
[root@host-10-144-114-75 admin]# rpm -qa| grep libstdc++
libstdc++-4.8.5-28.el7_5.1.i686
libstdc++-4.8.5-28.el7_5.1.x86_64
### 先卸载libstdc++之后,再安装,出现的版本不兼容现象
[root@host-10-144-114-75 admin]# rpm -qa| grep libstdc++|xargs rpm -e --nodeps
[root@host-10-144-114-75 admin]# yum -y install gcc-c++
升级openssl¶
下载安装包:openssh-7.9p1.tar.gz、openssl-1.0.2h.tar.gz、zlib-1.2.11.tar.xz
rpm -e --nodeps `rpm -qa|grep openss`
解压缩openssl软件包:
tar -zxvf openssl-1.0.2h.tar.gz
进入解压路径:
cd openssl-1.0.2h
编译安装openssl:
./config --prefix=/usr --shared && make && make install
创建软链接:
ln -s /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10
ln -s /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so.10
验证版本信息:
openssl version -a
到此openssl升级完毕
升级openssh¶
备份旧ssh配置文件 /etc/ssh :
cp -rf /etc/ssh/ /home/ssh-bak
解压:
tar -zxvf openssh-7.9p1.tar.gz
进入解压路径:
cd openssh-7.9p1
编译安装:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords
make && make install
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.9p1
install -v -m644 INSTALL LICENCE OVERVIEW README*
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
#直接使用root登录
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
复制启动脚本:
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
#设置开机启动:
chkconfig sshd on
chkconfig --list sshd
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
#重启ssh服务
service sshd restart
## 升级完ssh之后会出现ssh能连接,但是sftp传输文件会出现问题。
#查看sftp-server程序的目录
[root@host-10-144-114-118 admin]# find / -name sftp-server
/home/admin/openssh-7.9p1/sftp-server
/usr/libexec/sftp-server
vim /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/sftp-server
验证版本信息:¶
[root@host-10-144-114-83 ssh]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2h 3 May 2016