CentOS 5.X自带的OpenSSH版本很低,还是4.3P2的。不支持SFTP Chroot功能。下面总结了三种升级到新版本的方法:
为了升级安全,可先启用telnet服务,默认系统是没有启用这个服务的。
启用Telnet远程管理
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
vi /etc/xinetd.d/krb5-telnet
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet
{
flags = REUSE socket_type = stream wait = no
user = root server = /usr/kerberos/sbin/telnetd log_on_failure += USERID disable = no }
|
修改disable为no,默认为yes,即禁用telnet服务。修改为no,即表示启用telnet服务。
重启xinetd,开启Telnet服务
1 2 3 4 |
service xinetd restart
停止 xinetd: [确定] 启动 xinetd: [确定] |
检查Telnet是否正常启动
1 2 3 |
netstat -tnlp | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20938/xinetd
|
注意:为了安全,Telnet是不能以root直接登陆的。以普通用户登录后再su切换root。SSH升级成功后,记得关闭telnet服务。
方法一:源码包编译安装
1 2 3 4 5 6 |
wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
tar xvf openssh-5.8p2.tar.gz
cd openssh-5.8p2
./configure --prefix=/usr --sysconfdir=/etc/ssh make
make install
|
上面的方法会覆盖原版本的文件,make install覆盖/etc/ssh下配置文件时可能会报错。这时删掉/etc/ssh下的原配置文件,再make install一次就可以了
建议安装还是换个路径比较好,特别是线上服务器。下面给出的是官方给出的几种方案,根据自己情况调整吧!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
To install OpenSSH with default options: ./configure
make
make install
This will install the OpenSSH binaries in /usr/local/bin, configuration files in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different installation prefix, use the --prefix option to configure: ./configure --prefix=/opt
make
make install
Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override specific paths, for example: ./configure --prefix=/opt --sysconfdir=/etc/ssh make
make install
This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. |
方法二:编译RPM包安装
用上面下载的源码包来自己编译生成RPM包。这个方法相对比较麻烦,因为有不少和X相依的库需要安装。
安装相依包,我的系统上就只差这些。如果你的编译时报错,请根据报错装上其它相依包。
1 2 3 4 5 |
tar xvf openssh-5.8p2.tar.gz
cp openssh-5.8p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ cp openssh-5.8p2.tar.gz /usr/src/redhat/SOURCES/
cp x11-ssh-askpass-1.2.4.1.tar.gz /usr/src/redhat/SOURCES/
rpmbuild -bb /usr/src/redhat/SPECS/openssh.spec
|
编译成功后生成的OpenSSH安装包
1 2 3 4 |
cd /usr/src/redhat/RPMS/`uname -i`
ls -l
openssh-5.8p2-1.i386.rpm openssh-askpass-5.8p2-1.i386.rpm openssh-askpass-gnome-5.8p2-1.i386.rpm openssh-clients-5.8p2-1.i386.rpm openssh-debuginfo-5.8p2-1.i386.rpm openssh-server-5.8p2-1.i386.rpm |
安装RPM包,升级OpenSSH到5.8p2
1 |
rpm -Uvh openssh*rpm
|
验证SSH的新版本
1 2 3 |
ssh -v
OpenSSH_5.8p2, OpenSSL 0.9.8b 04 May 2006
|
方法三:通过rpmfind.net直接下载编译好的rmp包是最简单的方法。
1 2 3 4 5 6 |
OpenSSH 5.8p2 32位
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-server-5.8p2-1.fc16.1.i686.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/source/SRPMS/openssh-5.8p2-1.fc16.1.src.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-askpass-5.8p2-1.fc16.1.i686.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-clients-5.8p2-1.fc16.1.i686.rpm
|
1 2 3 4 5 6 |
OpenSSH 5.8p2 64位
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-server-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-askpass-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-clients-5.8p2-1.fc16.1.x86_64.rpm
|
安装RPM包,升级OpenSSH到5.8p2
1 |
rpm -Uvh openssh*rpm
|
验证SSH的新版本
1 2 3 |
ssh -v
OpenSSH_5.8p2, OpenSSL 0.9.8b 04 May 2006
|
转帖非原创,其中只尝试了安装方式一,其他有待验证。