CentOS7源碼升級OpenSSL和OpenSSH
一、CentOS7升級OpenSSL
1、查看ssl版本及下載相關依賴包
openssl version -a
yum install -y gcc openssl-devel pam-devel rpm-build
2、下載安裝包(查詢最新安裝包)
wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root
tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr
3、卸載當前openssl
rpm -qa | grep openssl
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
4、解壓openssl_1.0.2q源碼並編譯安裝
cd /usr/openssl-1.0.2q
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make && make test && make install
5、創建庫文件軟鏈接並查看版本
由於OpenSSL不提供libcrypto.so.10和libssl.so.10這兩個庫,而yum、wget等工具又依賴此庫,需要創建軟連接使用
ll /usr/lib64/libssl.so*
ll /usr/lib64/libcrypto.so*
ln -s /usr/lib64/libssl.so.1.0.0 libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0 libcrypto.so.10
openssl version -a
二、CentOS7升級OpenSSH
1、查看版本下載相關依賴包
ssh -V
yum install -y gcc openssl-devel pam-devel rpm-build
2、下載安裝包(查詢最新安裝包)
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root
3、卸載原Openssh
rm -rf /etc/ssh
rpm -qa |grep openssh
for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done
4、解壓openssh安裝包
tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr
cd /usr/openssh-7.9p1
5、編譯安裝
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening
make && make install
6、安裝完成,執行配置
rm -rf /etc/init.d/sshd
cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig --list|grep sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
ssh -V
三、OpenSSL-OpenSSH升級腳本如下
#!/bin/bash
############################################
############# 升級OpenSSL ##########
############################################
#查看ssl版本及安裝編譯工具、下載OpenSSL源碼包
openssl version -a
yum install -y gcc openssl-devel pam-devel rpm-build
wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root
tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr
#卸載當前版本openssl
rpm -qa | grep openssl
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
#編譯安裝新版openssl
cd /usr/openssl-1.0.2q
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make && make test && make install
#創建庫文件軟鏈接並查看版本
ll /usr/lib64/libssl.so*
ll /usr/lib64/libcrypto.so*
ln -s /usr/lib64/libssl.so.1.0.0 libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0 libcrypto.so.10
openssl version -a
##########################################
################ 升級OpenSSH ##########
##########################################
#查看版本並安裝編譯工具、下載源碼包
ssh -V
yum install -y gcc openssl-devel pam-devel rpm-build
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root
#刪除原openssh軟件
rm -rf /etc/ssh
rpm -qa |grep openssh
for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done
#安裝openssh源碼包
tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr
cd /usr/openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening
make && make install
#配置並重啟openssh,查看版本
rm -rf /etc/init.d/sshd
cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig --list|grep sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
ssh -V
CentOS7源碼升級OpenSSL和OpenSSH