SSL
–删除:yum remove openssh
1.查看openssl的版本
openssl version
2.查看openssl的路径
whereis openssl
3.备份openssl文件
mv /usr/bin/openssl /usr/bin/openssl_old
mv /usr/include/openssl /usr/include/openssl_old
4.下载openssl
5.上传解压
tar -zxvf openssl-3.4.0.tar.gz
6.切换到解压好的openssl目录
cd openssl-3.4.0/
7.配置openssl安装目录
./config --prefix=/usr/local/openssl3v4
这里的openssl3v4可以是按照版本起的新名字,默认是openssl,默认容易版本冲突就搞个新的
7.1 可能会报错(缺少包)
yum install perl-IPC-Cmd
7.1.1又报错
Error downloading packages:
1:perl-Module-CoreList-2.76.02-299.el7_9.noarch: [Errno 256] No more mirrors to try.
perl-ExtUtils-Install-1.58-299.el7_9.noarch: [Errno 256] No more mirrors to try.
1:perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch: [Errno 256] No more mirrors to try.
4:perl-devel-5.16.3-299.el7_9.x86_64: [Errno 256] No more mirrors to try.
7.1.1.1
(1)屏蔽报错包,改完先试试,不行再执行(2)
sudo yum-config-manager --disable centos-sclo-rh
sudo yum-config-manager --disable centos-sclo-sclo
(2)备份原有的 CentOS-Base.repo 文件
方法1:
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
下载阿里云的镜像源配置文件:
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
方法2:
/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
yum clean all
yum makecache
8.编译&&安装
make && make install
9.创建软链接
ln -s /usr/local/openssl3v4/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl3v4/lib64/openssl /usr/lib64/openssl
ln -s /usr/local/openssl3v4/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/openssl3v4/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
10.添加动态链接库数据
echo "/usr/local/openssl3v4/lib64/" >> /etc/ld.so.conf
检查:
cat /etc/ld.so.conf
11.更新动态链接库:ldconfig -v
12.查看openssl版本 openssl version -a
13.更新PATH环境变量(前面顺利的话这步可以略过)
vi ~/.bash_profile
export PATH=$PATH:/usr/local/openssl-3.3.1/bin
刷新:
source ~/.bash_profile
SSH
1.查看当前服务器的openssh版本
ssh -V
2.对原来的openssh备份
whereis ssh
mv /etc/ssh /etc/ssh_old.bak
mv /usr/bin/ssh /usr/bin/ssh_old.bak
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen_old.bak
mv /usr/sbin/sshd /usr/sbin/sshd_old.bak
mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam_old.bak
这里要是报错没有某个文件夹的话,不必理会
3.将openssh上传并解压
tar -zxvf openssh-9.9p1.tar.gz
4.卸载原有的openssh包
rpm -e --nodeps `rpm -qa | grep openssh`
5.切换到解压后的openssh目录
cd openssh-9.6p1
6.初始化openssh
./configure --prefix=/usr/local/openssh9p9 --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl3v4--with-zlib
*/usr/local/openssl3v4要一致和之前的(新安装的位置)
*/usr/local/openssh9p9 openssh9p9 自己起个名字,指定编译位置
报错的话是环境变量有问题:
cp相关:
/usr/local/openssl/lib64/libcrypto.so.3 /usr/local/openssl/lib/libcrypto.so.3
/usr/local/openssl/lib64/libssl.so.3 /usr/local/openssl/lib/libssl.so.3
cp -r top
/usr/local/openssl/lib64/pkgconfig /usr/local/openssl/lib/pkgconfig
ln -s /usr/local/openssl/lib/libcrypto.so.3 /usr/local/openssl/lib/libcrypto.so
ln -s /usr/local/openssl/lib/libssl.so.3 /usr/local/openssl/lib/libssl.so
7.编译安装
make -j 4
make install
8.复制新的配置文件到原来目录
cp /usr/local/openssh9p9/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh9p9/bin/ssh /usr/bin/ssh
cp /usr/local/openssh9p9/bin/ssh-keygen /usr/bin/ssh-keygen
#cp -p /opt/openssh-9.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
openssh9p9 这个要和(prefix=/usr/local/openssh9p9)自己起的名字对上,sshd.init 先对比一下如果两边一样就不用复制了
9.添加权限
chmod +x /etc/init.d/sshd
10.修改sshd_config文件(一定)
vi /etc/ssh/sshd_config
PermitRootLogin yes 、
PasswordAuthentication yes 将配置文件中这几个改为yes.
说明:
PermitRootLogin yes:允许root用户通过SSH登录到系统
PubkeyAuthentication yes:启用公钥身份验证
PasswordAuthentication yes:启用密码身份验证
11.开启开机自启sshd
systemctl enable sshd
12.重启sshd
方法1:
systemctl restart sshd
方法2:
service sshd restart
13.验证是否成功
sshd -V