CNDBA社区
UOS1050e-openssh 升级到9.1个人安装总结,以便后续使用。
留后路
安装telnet,不安装也行,但升级过程不要关闭已连接SSH窗口,以免ssh不进去,建议还是安装telnet
yum install xinetd telnet -y
systemctl restart xinetd
systemctl restart telnet.socket
systemctl enable xinetd
systemctl enable telnet.socket
ps aux | grep xinetd
##查看防火墙
systemctl status firewalld
测试telnet
安装依赖包
可能这不是全部包和必须的包
yum -y install zlib zlib-devel openssl-devel pam-devel
个人的环境内网没有yum源,rpm安装了以下安装包,根据实际情况。
rpm -ivh openssl-devel-1.1.1f-13.uel20.x86_64.rpm
krb5-devel-1.18.2-5.uel20.x86_64.rpm
e2fsprogs-devel-1.45.6-7.uel20.x86_64.rpm
keyutils-libs-devel-1.6.3-1.uel20.x86_64.rpm
libverto-devel-0.3.1-2.uel20.x86_64.rpm
pam-devel-1.4.0-8.up2.uel20.x86_64.rpm
下载opnssh安装包
https://mirrors.tuna.tsinghua.edu.cn/pub/OpenBSD/OpenSSH/portable/
安装openssh安装包
注意全部功能没测试完成不要关闭已连接SSH窗口,ssh会连接不上!!!!!!!!!!!!!!!!!!
##1、查看版本
ssh -V
##2、备份
个人感觉不备份也行,大不了重新装openssh,但telnet建议要安装
#####小方法/bin/cp -rf 强制覆盖,无需输入Y
####安装过去中最好不要关闭已连接SSH窗口,以免ssh不进去
##3、编译安装
--------------------------------
1、源码安装opnssl完成后,rpm包也行(RPM安装忽略这个)
echo 'PATH=/usr/local/openssl/bin:$PATH' > /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
which openssl
ldd /usr/local/openssl/bin/openssl
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
export C_INCLUDE_PATH=/usr/local/openssl/include:$C_INCLUDE_PATH
sh -c 'echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf'
ldconfig
openssl version
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl
备注--/usr/local/openssl的安装目录
----------------------------------
安装openssh
cd /root
tar -zxvf openssh-9.1p1.tar.gz
cd openssh-9.1p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so
#完成后会有pam相关提示
#PAM is enabled. You may need to install a PAM control file
#for sshd, otherwise password authentication may fail.
#Example PAM control files can be found in the contrib/
#subdirectory
#######
make && make install
##4、在/etc/init.d/和/etc/pam.d/中添加sshd文件
cd /root/openssh-9.1p1/contrib/redhat
/bin/cp -rf sshd.init /etc/init.d/sshd
/bin/cp -rf sshd.pam /etc/pam.d/sshd
systemctl restart sshd ###发现重启不了
##5、重启sshd
rm -f /usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl restart sshd
systemctl enable sshd
###注意不要关闭已连接的ssh窗口,因为此时其他位置/窗口ssh不上来
##6、修改/etc/pam.d/sshd文件
vim /etc/pam.d/sshd
#######
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
###################################
systemctl restart sshd
systemctl enable sshd
##6、安装后验证
ssh -V ###版本查看
客户端、服务端验证
再测试ssh,可以从此时其他位置/窗口ssh上来
问题1主机上使用scp、ssh远端主机报错
#/etc/crypto-policies/back-ends/openssh.config: line 3: Bad configuration option: gssapikexalgorithms
#/etc/crypto-policies/back-ends/openssh.config: terminating, 1 bad configuration options
个人测试是openssh-clients的问题
yum remove openssh-clients -y
ssh -V #查看版本,测试ssh服务端和客户端
如果报错
编译安装openssh安装再操作一遍,步骤看上面
问题2主机上无法被ssh
vim /etc/ssh/sshd_config
PermitRootLogin yes
#######
vim /etc/pam.d/sshd
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
删除telnet
一定要测试ssh正常后删除telnet
yum remove xinetd telnet -y
不要轻易执行
环境查看openssh-clients
rpm -qa | grep openssh-clients
如果存在,请卸载,不卸载后期发现服务器ssh客户端无法使用,下面描述的问题1
yum remove openssh-clients -y
原因不详,是测试、排查多次发现的
版权声明:本文为博主原创文章,未经博主允许不得转载。
网络yum rpm 内网yum
- 上一篇:UOS1050e,openssh 升级到9.1
- 下一篇:tcpdump
