linux系统SSH源码升级安装步骤
发布时间:2018-10-10 16:55:56
作者:ynkulusi
近期又被扫描到ssh漏洞,没有最新的rpm包,懒得做了,系统版本多,直接源码编译安装吧!
下载编译系统所缺软件包
RHEL和CentOS系统各版本:http://vault.centos.org
用scp上传升级需要的所有文档到服务器上(根据实际需求和不同系统版本选择)
glibc-headers-2.12-1.209.el6.x86_64.rpm
glibc-devel-2.12-1.209.el6.x86_64.rpm
ppl-0.10.2-11.el6.x86_64.rpm
kernel-headers-2.6.32-696.el6.x86_64.rpm
mpfr-2.4.1-6.el6.x86_64.rpm
gcc-4.4.7-18.el6.x86_64.rpm
cpp-4.4.7-18.el6.x86_64.rpm
cloog-ppl-0.15.7-1.2.el6.x86_64.rpm
zlib-devel-1.2.3-29.el6.x86_64.rpm
openssh-7.6p1.tar.gz
openssl-1.0.2k.tar.gz
pam-1.1.1-24.el6.x86_64.rpm
pam-devel-1.1.1-24.el6.x86_64.rpm
telnet-0.17-48.el6.x86_64.rpm
telnet-server-0.17-48.el6.x86_64.rpm
xinetd-2.3.14-40.el6.x86_64.rpm
先安装telnet-server和xinetd服务,启动telnet测试登录正常,已经安装的服务就不需要安装了
查看openssl版本
openssl version
备份openssl文件
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
卸载旧版本openssl(这步可以不操作)
rpm -qa | grep openssl
rpm -e --nodeps openssl-1.0.1e-57.el6.x86_64
没有gcc编译环境,需要安装如下包
glibc-headers-2.12-1.209.el6.x86_64.rpm
glibc-devel-2.12-1.209.el6.x86_64.rpm
ppl-0.10.2-11.el6.x86_64.rpm
kernel-headers-2.6.32-696.el6.x86_64.rpm
mpfr-2.4.1-6.el6.x86_64.rpm
gcc-4.4.7-18.el6.x86_64.rpm
cpp-4.4.7-18.el6.x86_64.rpm
cloog-ppl-0.15.7-1.2.el6.x86_64.rpm
zlib-devel-1.2.3-29.el6.x86_64.rpm
安装顺序如下:
# rpm -ivh mpfr-2.4.1-6.el6.x86_64.rpm cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.7-18.el6.x86_64.rpm ppl-0.10.2-11.el6.x86_64.rpm zlib-devel-1.2.3-29.el6.x86_64.rpm
# rpm -ivh kernel-headers-2.6.32-696.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm gcc-4.4.7-18.el6.x86_64.rpm
编译安装openssl
# cd openssl-1.0.2k
# ./config --prefix=/usr/local/ssl --openssldir=/etc/ssl --shared zlib
echo $? 为0没错继续下面步骤
make
make install
echo $?
安装成功,创建软链接环境
# ln -sv /usr/local/ssl/bin/openssl /usr/bin/openssl
给/usr/local/ssl目录添加其他用户rx权限,不然root用户外其他用户用ssh -V命令查看ssh版本报错ssh: symbol lookup error: ssh: undefined symbol: EVP_aes_128_ctr
# chmod o+rx -R /usr/local/ssl
在/etc/ld.so.conf追加如下行:
/usr/local/openssl/lib
或者:echo /usr/local/ssl/lib >> /etc/ld.so.conf
# ldconfig -v #在ld.so.conf中新增动态链接库路径的时候要加载一下
查看是否升级成功
# openssl version
OpenSSL 1.0.2k 26 Jan 2017
备份ssh配置文件,卸载旧版本openssh
cd /etc/ssh
tar -czvf ssh.tar.gz ./*
rpm -qa |grep openssh
rpm -e `rpm -qa |grep openssh`
openssh编译安装
cd openssh-7.9p1
./configure --with-pam --with-md5-passwords --with-tcp-wrappers --sysconfdir=/etc/ssh --without-zlib-version-check --with-ssl-dir=/usr/local/ssl --with-ssl-headers=/usr/local/ssl/include/ --with-ssl-lib=/usr/local/ssl/lib/
报错汇总及解决方案如下:
configure: error: *** zlib.h missing - please install first or check config.log ***
echo $? 值为1,上面报错需要安装zlib-devel
configure: error: *** OpenSSL headers missing - please install first or check config.log ***
echo $? 值为1,上面报错需要升级openssl,参考上面编译安装openssl-1.0.2k
configure: error: PAM headers not found
echo $? 值为1,上面报错安装pam-devel(此处升级pam,顺带安装pam-devel)
处理好报错后接着继续安装
make
make install
openssh安装后环境配置
#在openssh编译目录执行如下命令,或者是创建软链接到相应目录
# install -v -m755 ./ssh /usr/bin
# install -v -m755 ./sshd /usr/sbin
# install -v -m755 ./scp /usr/bin
# install -v -m755 ./sftp /usr/bin
# install -v -m755 ./ssh-keygen /usr/bin
# install -v -m755 contrib/ssh-copy-id /usr/bin
# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
# install -v -m755 -d /usr/share/doc/openssh-7.9p1
# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
# ssh -V #验证是否升级成功
配置启用OpenSSH服务
#在openssh编译目录执行如下命令
# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允许root用户通过ssh登录
# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
# chown root:root /etc/init.d/sshd
# chmod +x /etc/init.d/sshd
# chkconfig --add sshd
# chkconfig sshd on
# chkconfig --list sshd
# service sshd start
# netstat -tnlp |grep :22
验证SSH是否能正常登录
关闭telnet服务,先更改/etc/xinetd.d/telnet,然后重启或停止xinetd服务
下载编译系统所缺软件包
RHEL和CentOS系统各版本:http://vault.centos.org
用scp上传升级需要的所有文档到服务器上(根据实际需求和不同系统版本选择)
glibc-headers-2.12-1.209.el6.x86_64.rpm
glibc-devel-2.12-1.209.el6.x86_64.rpm
ppl-0.10.2-11.el6.x86_64.rpm
kernel-headers-2.6.32-696.el6.x86_64.rpm
mpfr-2.4.1-6.el6.x86_64.rpm
gcc-4.4.7-18.el6.x86_64.rpm
cpp-4.4.7-18.el6.x86_64.rpm
cloog-ppl-0.15.7-1.2.el6.x86_64.rpm
zlib-devel-1.2.3-29.el6.x86_64.rpm
openssh-7.6p1.tar.gz
openssl-1.0.2k.tar.gz
pam-1.1.1-24.el6.x86_64.rpm
pam-devel-1.1.1-24.el6.x86_64.rpm
telnet-0.17-48.el6.x86_64.rpm
telnet-server-0.17-48.el6.x86_64.rpm
xinetd-2.3.14-40.el6.x86_64.rpm
先安装telnet-server和xinetd服务,启动telnet测试登录正常,已经安装的服务就不需要安装了
查看openssl版本
openssl version
备份openssl文件
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
卸载旧版本openssl(这步可以不操作)
rpm -qa | grep openssl
rpm -e --nodeps openssl-1.0.1e-57.el6.x86_64
没有gcc编译环境,需要安装如下包
glibc-headers-2.12-1.209.el6.x86_64.rpm
glibc-devel-2.12-1.209.el6.x86_64.rpm
ppl-0.10.2-11.el6.x86_64.rpm
kernel-headers-2.6.32-696.el6.x86_64.rpm
mpfr-2.4.1-6.el6.x86_64.rpm
gcc-4.4.7-18.el6.x86_64.rpm
cpp-4.4.7-18.el6.x86_64.rpm
cloog-ppl-0.15.7-1.2.el6.x86_64.rpm
zlib-devel-1.2.3-29.el6.x86_64.rpm
安装顺序如下:
# rpm -ivh mpfr-2.4.1-6.el6.x86_64.rpm cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.7-18.el6.x86_64.rpm ppl-0.10.2-11.el6.x86_64.rpm zlib-devel-1.2.3-29.el6.x86_64.rpm
# rpm -ivh kernel-headers-2.6.32-696.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm gcc-4.4.7-18.el6.x86_64.rpm
编译安装openssl
# cd openssl-1.0.2k
# ./config --prefix=/usr/local/ssl --openssldir=/etc/ssl --shared zlib
echo $? 为0没错继续下面步骤
make
make install
echo $?
安装成功,创建软链接环境
# ln -sv /usr/local/ssl/bin/openssl /usr/bin/openssl
给/usr/local/ssl目录添加其他用户rx权限,不然root用户外其他用户用ssh -V命令查看ssh版本报错ssh: symbol lookup error: ssh: undefined symbol: EVP_aes_128_ctr
# chmod o+rx -R /usr/local/ssl
在/etc/ld.so.conf追加如下行:
/usr/local/openssl/lib
或者:echo /usr/local/ssl/lib >> /etc/ld.so.conf
# ldconfig -v #在ld.so.conf中新增动态链接库路径的时候要加载一下
查看是否升级成功
# openssl version
OpenSSL 1.0.2k 26 Jan 2017
备份ssh配置文件,卸载旧版本openssh
cd /etc/ssh
tar -czvf ssh.tar.gz ./*
rpm -qa |grep openssh
rpm -e `rpm -qa |grep openssh`
openssh编译安装
cd openssh-7.9p1
./configure --with-pam --with-md5-passwords --with-tcp-wrappers --sysconfdir=/etc/ssh --without-zlib-version-check --with-ssl-dir=/usr/local/ssl --with-ssl-headers=/usr/local/ssl/include/ --with-ssl-lib=/usr/local/ssl/lib/
报错汇总及解决方案如下:
configure: error: *** zlib.h missing - please install first or check config.log ***
echo $? 值为1,上面报错需要安装zlib-devel
configure: error: *** OpenSSL headers missing - please install first or check config.log ***
echo $? 值为1,上面报错需要升级openssl,参考上面编译安装openssl-1.0.2k
configure: error: PAM headers not found
echo $? 值为1,上面报错安装pam-devel(此处升级pam,顺带安装pam-devel)
处理好报错后接着继续安装
make
make install
openssh安装后环境配置
#在openssh编译目录执行如下命令,或者是创建软链接到相应目录
# install -v -m755 ./ssh /usr/bin
# install -v -m755 ./sshd /usr/sbin
# install -v -m755 ./scp /usr/bin
# install -v -m755 ./sftp /usr/bin
# install -v -m755 ./ssh-keygen /usr/bin
# install -v -m755 contrib/ssh-copy-id /usr/bin
# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
# install -v -m755 -d /usr/share/doc/openssh-7.9p1
# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
# ssh -V #验证是否升级成功
配置启用OpenSSH服务
#在openssh编译目录执行如下命令
# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允许root用户通过ssh登录
# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
# chown root:root /etc/init.d/sshd
# chmod +x /etc/init.d/sshd
# chkconfig --add sshd
# chkconfig sshd on
# chkconfig --list sshd
# service sshd start
# netstat -tnlp |grep :22
验证SSH是否能正常登录
关闭telnet服务,先更改/etc/xinetd.d/telnet,然后重启或停止xinetd服务
分类:linux
评论数:0
阅读数:991