FAQ 最佳实践 Linux相关
Linux系统服务升级

一、升级OpenSSH

(1)开启telnet远程访问,防止出现升级失败,服务器无法登录等情况

yum install xinetd telnet-server -y
echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
echo "pts/3" >> /etc/securetty
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
netstat -lntp|grep 23

(2)升级openssh至最新版本

yum install openssh -y

(3)安装依赖

yum -y install gcc gcc-c++ kernel-devel

(4)下载升级包

wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
wget http://www.zlib.net/zlib-1.2.11.tar.gz

(5)解压

tar xf zlib-1.2.11.tar.gz -C /usr/local/src/
tar xf openssl-1.1.1h.tar.gz -C /usr/local/src/
tar xf openssh-8.4p1.tar.gz -C /usr/local/src/

(6)安装zlib

cd /usr/local/src/zlib-1.2.11/
./configure --prefix=/usr/local/zlib 
make -j 4
make install​ 
cd /usr/local/src/openssl-1.1.1h/
./config --prefix=/usr/local/ssl -d shared
make -j 4 && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
mv /etc/ssh /etc/ssh.bak​
cd /usr/local/src/openssh-8.4p1/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/usr/local/zlib
make -j 4 && make install
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11UseLocalhost no" >> /etc/ssh/sshd_config                
echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
echo 'KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1'  >> /etc/ssh/sshd_config
systemctl stop sshd.service
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
rm -rf /lib/systemd/system/sshd.service
systemctl daemon-reload
cp /usr/local/src/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart
systemctl status sshd 
chkconfig --add sshd
chkconfig --list sshd

(7)查看是否安装成功

ssh -V

(8)卸载telnet-server xinetd 服务

systemctl disable xinetd.service
systemctl stop xinetd.service
systemctl disable telnet.socket
systemctl stop telnet.socket
netstat -lntp​
yum remove telnet-server xinetd -y