#!/bin/bash
#安装telnet
yum -y install telnet-server
systemctl start telnet.socket
cat >> /etc/securetty << EOF
pts/1
pts/2
pts/3
pts/4
EOF
systemctl restart telnet.socket
#创建备份
\cp -f /etc/pam.d/sshd /usr/local/src/sshd.backup
\cp -raf /etc/ssh /etc/ssh.bak
\cp -af /etc/init.d/sshd /etc/init.d/sshd.bak
\mv -f /usr/bin/openssl /usr/bin/openssl.bak
#安装准备工具
yum install -y wget gcc make pam-devel libselinux-devel zlib-devel openssl-devel
#下载安装openssl1.1.1
cd /usr/local/src
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1p.tar.gz
tar -zxvf openssl-1.1.1p.tar.gz
cd openssl-1.1.1p && ./config --prefix=/usr/local/ssl shared && make -j 2 && make install
echo "/usr/lcoal/ssl/lib" >> /etc/ld.so.conf
ldconfig
\cp /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
#下载openssh9
cd /usr/local/src
wget -O openssh.tar.gz https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
#备份sshd配置文件
\cp -f /etc/ssh/sshd_config sshd_config.backup
\cp -f /etc/pam.d/sshd sshd.backup
#卸载旧版本sshd服务
rpm -e --nodeps `rpm -qa | grep openssh`
#解压openssh压缩包
tar -zxvf openssh.tar.gz
cd openssh-9.0p1
#编译安装
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
make -j 2 && make install
#调整文件权限
#chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
#设置自启动
\cp -af contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
/etc/init.d/sshd start
#恢复备份文件
mv /usr/local/src/sshd.backup /etc/pam.d/sshd
mv /etc/ssh.bak/sshd_config /etc/ssh/sshd_config
#修改sftp-server路径
sed -i '/Subsystem/ s/openssh\///g' /etc/ssh/sshd_config
#重启sshd
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
升级完成后请及时关闭和卸载telnet服务以及防火墙23端口。
网友评论