Centos7/麒麟V10升级ssh脚本

zlib下载地址

https://www.zlib.net/fossils/

OpenSSH

https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

openssl

https://openssl-library.org/source/

脚本如下

vim update_ssh.sh

脚本内容

#!/bin/bash






#install zlib start !!!!


lujing=$(pwd)


cd $lujing


tar -xf zlib-1.3.1.tar.gz


cd zlib-1.3.1


./configure --prefix=/usr/local/zlib.1.3.1


make && make test && make install


ll /usr/local/zlib.1.3.1/


ldconfig -V


sleep 2


/sbin/ldconfig


sleep 2






#install openssl start !!!


cd $lujing


tar zxf openssl-3.2.0.tar.gz


cd openssl-3.2.0


./config --prefix=/usr/local/openssl-3.2.0 --openssldir=/usr/shared


make clean && make -j 4 && make install


#更新函数库


echo "/usr/local/openssl-3.2.0/lib" >> /etc/ld.so.conf


ldconfig


sleep 3


bak_data=$(date +"%Y%m%d")


mv /usr/bin/openssl /usr/bin/openssl_${bak_data}.bak


ln -s /usr/local/openssl-3.2.0/bin/openssl /usr/bin/openssl


ln -s /usr/local/openssl-3.2.0/lib64/libssl.so.3 /usr/lib64/libssl.so.3


ln -s /usr/local/openssl-3.2.0/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3


openssl version -a 


sleep 3






#install opensssh start !!


mkdir ~/ssh_openssh_${bak_data}_bak


cp /etc/ssh/sshd_config ~/ssh_openssh_${bak_data}_bak


cp /etc/pam.d/sshd ~/ssh_openssh_${bak_data}_bak


rpm -e --nodeps `rpm -qa | grep openssh`


# 安装OpenSSH


cd $lujing


tar -xf openssh-9.7p1.tar.gz


cd openssh-9.7p1


./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl-3.2.0 --with-zlib=/usr/local/zlib.1.3.1


chmod 0600 /etc/ssh/ssh_host_rsa_key


chmod 0600 /etc/ssh/ssh_host_ecdsa_key


chmod 0600 /etc/ssh/ssh_host_ed25519_key


make -j 4 && make install


/usr/local/ssh/bin/ssh -V


# 复制新ssh文件


cp -rf contrib/redhat/sshd.init /etc/init.d/sshd


cp -rf contrib/redhat/sshd.pam /etc/pam.d/sshd.pam


cp -rf sshd_config /etc/ssh/sshd_config


cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd


cp -rf /usr/local/ssh/bin/* /usr/bin/






# 开启sshd


cp -rf /usr/local/ssh/sbin/sshd /usr/sbin/sshd


cp -rf /usr/local/ssh/bin/ssh /usr/bin/ssh


cp -rf /usr/local/ssh/bin/ssh-keygen /usr/bin/ssh-keygen


cp {$bak_data}/openssh-9.6p1/contrib/ssh-copy-id /bin/


chmod 0755 /bin/ssh-copy-id


chmod u+x /etc/init.d/sshd 


chkconfig --add sshd


chkconfig --list | grep sshd


systemctl daemon-reload


chkconfig sshd on


# 允许root登录


echo "PermitRootLogin yes" >> /etc/ssh/sshd_config


sed -i "/Subsystem/s/^/# /" "/etc/ssh/sshd_config"


echo "Subsystem sftp /usr/local/ssh/libexec/sftp-server" >> /etc/ssh/sshd_config


# 添加加密算法


echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config


echo "HostKeyAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config


# 重启sshd服务


/etc/init.d/sshd restart


/etc/init.d/sshd status


# 查看升级后ssh版本


ssh -V