#!/bin/bash
cd /opt
# 更新 openssh
yum update openssh -y
# 安装依赖
for i in pcre pcre-devel git wget gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel;do
rpm -q $i || yum -y install $i
done
yum install -y pam* zlib*
# 下载 openssh、openssl 源码
if [[ ! -f "/opt/openssh-8.4p1.tar.gz" ]];then
wget -c http://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
fi
if [[ ! -f "/opt/openssl-1.1.1i.tar.gz" ]];then
wget -O /opt/openssl-1.1.1i.tar.gz https://www.openssl.org/source/openssl-1.1.1i.tar.gz
fi
# 解压操作
tar zxf openssh-8.4p1.tar.gz
# 解压、备份、安装 openssl
if [[ `openssl version |awk '{print $2}'` == 1.1.1i ]];then
echo "openssl is ok,Don't need update"
else
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
tar zxf openssl-1.1.1i.tar.gz
cd /opt/openssl-1.1.1i/
make clean
./config shared --openssldir=/usr/local/openssl --prefix=/usr/local/openssl
make && make install
echo $?
fi
cd /opt
# 链接文件
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -sf /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/openssl/lib/" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version
# 编译安装 openssh
cd /opt/openssh-8.4p1
chown -R root.root /opt/openssh-8.4p1
cp -r /etc/ssh /tmp/
rm -rf /etc/ssh
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam && make && make install
echo $?
# 修改配置文件
cat > /etc/ssh/sshd_config <<EOF
port 22201
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
Subsystem sftp /usr/libexec/sftp-server
EOF
grep "^PermitRootLogin" /etc/ssh/sshd_config
cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$'
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /opt/
mv /usr/lib/systemd/system/sshd.socket /opt/
chkconfig sshd on
# 启动
service sshd restart
# 测试
openssl version
ssh -V
centos7下自动编译升级openssh和OpenSSL的shell
原创文章标签 openssh openssl openssh8.4p1 openssh-8.4p1 centos7 文章分类 开源
©著作权归作者所有:来自51CTO博客作者喵来个鱼的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
CentOS7升级openssh-9.6p1(漏洞修复)(含自动化升级脚本)
CentOS7升级openssh-9.6p1(修复)(含自动化升级脚本)
linux openssh openssh升级 openssh漏洞消缺 漏洞 -
CentOS7下升级OpenSSL和OpenSSH
CentOS7下升级OpenSSL和OpenSSH
centos 新版本 函数库 -
Centos7 编译安装openssl和openssh
CentOS7 编译升级openssl 1.1.1 编译 openssh8.6
CentOS7 openssl openssh 编译安装 漏洞 -
centos7下自动打包OpenSSH8.4的RPM并集成OpenSSL-1.1.1i
安全更新openssh的方法,编译打包RPM,然后升级。
openssh openssh8.4P1 centos openssl rpm -
Java 实现 B/S 架构详解:从基础到实战,彻底掌握浏览器/服务器编程
码示例。文章还总结了最佳实践和常见误区,强调RESTful规范、Token认证、日志记录等关键要点,并附有Java B/S开发
#java #后端 #开发语言 #学习 #个人开发
