标签:8.5 OpenSSH zlib openssl echo CentOS7 etc ssh usr
目录描述
此脚本主要针对SSH服务加密漏洞扫描,故升级为SSL协议版本为8.5
升级思路和注意事项
- 升级前,打开telnet远程登录服务,测试是否可以登录,确保可以root用户登录
- 升级SSL过程中,不要终端当前会话
- 确定好 OpenSSH与OpenSSL 版本与zlib版本的对应关系,以OpenSSH8.5p1版本为例,OpenSSL 版本为:openssl-1.0.2r,zlib版本为:zlib-1.2.11
- 升级完成后,重启sshd服务,关闭telnet远程登录
安装步骤
#! /bin/bash
# 更新包目录:/home/update
echo "开始挂载系统镜像"
mount /home/CentOS-7-x86_64-Everything-2009.iso /mnt
echo "挂载系统镜像结束"
yum makecache
echo "yum源更新完成"
echo "关闭selinux"
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
echo "防火墙关闭完成"
echo "开始安装telnet服务"
yum -y install xinetd telnet-server
cp /etc/securetty /etc/securetty.bak
echo "pts/0" >> /etc/securetty
echo "pts/1" >> /etc/securetty
echo "pts/2" >> /etc/securetty
echo "pts/3" >> /etc/securetty
echo "pts/4" >> /etc/securetty
systemctl restart telnet.socket
systemctl restart xinetd
systemctl enable telnet.socket
systemctl enable xinetd
echo "安装telnet服务完成"
read -n1 -p "Press any key to continue..."
echo "安装依赖组件"
yum -y install gcc gcc-c++ make pam pam-devel openssl-devel pcre-devel perl zlib-devel
echo "安装依赖组件完成"
echo "开始卸载系统自带ssh组件"
systemctl stop sshd
cp -r /etc/ssh /etc/ssh.old
cp /etc/init.d/ssh /etc/init.d/ssh.old
rpm -qa | grep openssh
rpm -e `rpm -qa | grep openssh` --nodeps
#正常卸载自带ssh后,执行此条命令,没有结果返回
rpm -qa | grep openssh
echo "安装和配置zlib开始"
cd /home/update
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib
make && make install
ls -l /usr/local/zlib
echo "/usr/local/zlib/lib" >> /etc/ld.so.conf.d/zlib.conf
ldconfig -v
echo "安装和配置zlib完成"
echo "安装和配置openssl开始"
cd ..
tar -zxvf openssl-1.0.2r.tar.gz
cd openssl-1.0.2r
./config shared zlib && make && make install
mv -f /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf.d/ssl.conf
ldconfig -v
openssl version -a
echo "安装和配置openssl结束"
echo "安装和配置openssh8.5开始"
cd ..
rm -rf /etc/ssh
tar -zxvf openssh-8.5p1.tar.gz
cd openssh-8.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords
make && make install
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
cd .. //退出刚才解压后的openssh-8.5p1目录
cp -p openssh-8.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
systemctl status sshd
ssh -V
echo "安装和配置openssh8.5结束"
标签:8.5,OpenSSH,zlib,openssl,echo,CentOS7,etc,ssh,usr 来源: https://www.cnblogs.com/henuqin/p/16544681.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。