【升级openssh】时人不识凌云木,直待凌云始道高。这篇文章主要讲述升级openssh相关的知识,希望能为你提供帮助。
升级openssh1.官网下载最新的包openssh-8.8p1.tar.gz下载地址:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
x11-ssh-askpass依赖文件下载地址:http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-1.2.4.1.tar.gz
2.制作rpm安装包参考 https://blog.csdn.net/u011394161/article/details/108995428
tar -zxvf openssh-8.8p1.tar.gz
mkdir -p /root/rpmbuild/SOURCES,SPECS
cp openssh-8.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
cp /root/openssh-8.8p1.tar.gz /root/x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
cd /root/rpmbuild/SPECS/
chown sshd: openssh.spec
rpmbuild -bb openssh.spec--打包rpm (yum -y install rpm-build -y命令不存在就安装)
制作过程报错处理 https://www.jianshu.com/p/930c698ebf89
3.开一个服务器升级openssh测试包是否有问题,没有问题在升级正式执行下面的升级步骤
4.升级步骤
*备份/etc/pam.d/sshd 和/etc/ssh/sshd_config 文件
mkdir /speedec/backup/
cp -rf /etc/pam.d/sshd/speedec/backup/sshd20220110
cp -rf /etc/ssh/sshd_config/speedec/backup/sshd_config20220110
ll /speedec/backup/
*关闭selinux
临时关闭 setenforce 0
vi /etc/selinux/config将SELINUX=enforcing改为SELINUX=disabled永久关闭
*多开连接会话信息,防止升级过后连不上服务器
*解压zip文件更新安装里面的rpm文件rpm -Uvh *.rpm
openssh-8.8p1-1.el7.x86_64.rpm
openssh-clients-8.8p1-1.el7.x86_64.rpm
openssh-debuginfo-8.8p1-1.el7.x86_64.rpm
openssh-server-8.8p1-1.el7.x86_64.rpm
openssh-askpass-8.8p1-1.el7.x86_64.rpm--这个文件不要,不升级
openssh-askpass-gnome-8.8p1-1.el7.x86_64.rpm--这个文件不要,不升级
*修改 vi /etc/init.d/sshd
在$SSHD $OPTIONS & & success || failure这句话前面加一句:OPTIONS="-f /etc/ssh/sshd_config"
*修改 vi /etc/ssh/sshd_config 配置文件
设置 PermitRootLogin为yes,取消注释,允许root直接ssh登录,核查监听端口是否与连接端口一致
*核查/etc/ssh/ssh*key 的权限是否为600
chmod 600 /etc/ssh/ssh*key
*还原/etc/pam.d/sshd文件
cp -rf /speedec/backup/sshd20220110 /etc/pam.d/sshd
*重启sshd服务器
systemctl daemon-reload& & systemctl restart sshd
*新开连接会话,测试是否能正常ssh,检查版本
ssh -V
推荐阅读
- linux fedora升级操作
- 一只会铲史的猫(我开发的软件一览)
- [Linux用户空间编程-1](Linux进程间主要的通信方式)
- linux fedora35禁用或启用仓库
- ruoyi-cloud 实施部署
- [Linux用户空间编程-3](Linux定时机制的几种实现方法)
- Unable to select a master clock domain because no path can be found from “SYSTRACE“ to “LINUX_FTRACE
- linux fedora35安装deepin-wine(deepin-wine-on-fedora项目)
- Centos7 docker部署监控Prometheus+Grafana