openssl和openssh升级

SSL

–删除:yum remove openssh

1.查看openssl的版本

openssl version

2.查看openssl的路径

whereis openssl

3.备份openssl文件

mv /usr/bin/openssl /usr/bin/openssl_old
mv /usr/include/openssl /usr/include/openssl_old

4.下载openssl

点此下载

5.上传解压

tar -zxvf openssl-3.4.0.tar.gz

6.切换到解压好的openssl目录

cd openssl-3.4.0/

7.配置openssl安装目录

./config --prefix=/usr/local/openssl3v4

这里的openssl3v4可以是按照版本起的新名字,默认是openssl,默认容易版本冲突就搞个新的

7.1 可能会报错(缺少包)

yum install perl-IPC-Cmd

7.1.1又报错

Error downloading packages:
  1:perl-Module-CoreList-2.76.02-299.el7_9.noarch: [Errno 256] No more mirrors to try.
  perl-ExtUtils-Install-1.58-299.el7_9.noarch: [Errno 256] No more mirrors to try.
  1:perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch: [Errno 256] No more mirrors to try.
  4:perl-devel-5.16.3-299.el7_9.x86_64: [Errno 256] No more mirrors to try.
7.1.1.1

(1)屏蔽报错包,改完先试试,不行再执行(2)

sudo yum-config-manager --disable centos-sclo-rh
sudo yum-config-manager --disable centos-sclo-sclo

(2)备份原有的 CentOS-Base.repo 文件
方法1:

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

下载阿里云的镜像源配置文件:

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

yum clean all
yum makecache

方法2:

/etc/yum.repos.d/CentOS-Base.repo

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7


yum clean all
yum makecache

8.编译&&安装

make && make install

9.创建软链接

ln -s /usr/local/openssl3v4/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl3v4/lib64/openssl /usr/lib64/openssl

ln -s /usr/local/openssl3v4/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/openssl3v4/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

10.添加动态链接库数据

echo "/usr/local/openssl3v4/lib64/" >> /etc/ld.so.conf
检查:
cat /etc/ld.so.conf

11.更新动态链接库:ldconfig -v

12.查看openssl版本 openssl version -a

13.更新PATH环境变量(前面顺利的话这步可以略过)

vi ~/.bash_profile
export PATH=$PATH:/usr/local/openssl-3.3.1/bin
刷新:
source ~/.bash_profile

SSH

1.查看当前服务器的openssh版本

ssh -V

2.对原来的openssh备份


whereis ssh

mv /etc/ssh /etc/ssh_old.bak
 
mv /usr/bin/ssh /usr/bin/ssh_old.bak
 
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen_old.bak
 
mv /usr/sbin/sshd /usr/sbin/sshd_old.bak
 
mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam_old.bak
 

这里要是报错没有某个文件夹的话,不必理会

3.将openssh上传并解压

tar -zxvf openssh-9.9p1.tar.gz

4.卸载原有的openssh包

rpm -e --nodeps `rpm -qa | grep openssh`

5.切换到解压后的openssh目录

cd openssh-9.6p1

6.初始化openssh

./configure --prefix=/usr/local/openssh9p9 --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl3v4--with-zlib

*/usr/local/openssl3v4要一致和之前的(新安装的位置)
*/usr/local/openssh9p9 openssh9p9 自己起个名字,指定编译位置

报错的话是环境变量有问题:

cp相关:
/usr/local/openssl/lib64/libcrypto.so.3 /usr/local/openssl/lib/libcrypto.so.3
/usr/local/openssl/lib64/libssl.so.3 /usr/local/openssl/lib/libssl.so.3

cp -r top
/usr/local/openssl/lib64/pkgconfig  /usr/local/openssl/lib/pkgconfig

ln -s /usr/local/openssl/lib/libcrypto.so.3  /usr/local/openssl/lib/libcrypto.so
ln -s /usr/local/openssl/lib/libssl.so.3  /usr/local/openssl/lib/libssl.so

7.编译安装

make -j 4
make install

8.复制新的配置文件到原来目录

cp /usr/local/openssh9p9/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh9p9/bin/ssh /usr/bin/ssh
cp /usr/local/openssh9p9/bin/ssh-keygen /usr/bin/ssh-keygen
#cp -p /opt/openssh-9.9p1/contrib/redhat/sshd.init /etc/init.d/sshd 

openssh9p9 这个要和(prefix=/usr/local/openssh9p9)自己起的名字对上,sshd.init 先对比一下如果两边一样就不用复制了

9.添加权限

 chmod +x /etc/init.d/sshd 

10.修改sshd_config文件(一定)

vi /etc/ssh/sshd_config

PermitRootLogin yes 、
PasswordAuthentication yes 将配置文件中这几个改为yes.

说明:

PermitRootLogin yes:允许root用户通过SSH登录到系统
PubkeyAuthentication yes:启用公钥身份验证
PasswordAuthentication yes:启用密码身份验证

11.开启开机自启sshd

systemctl enable sshd

12.重启sshd

方法1:
systemctl restart sshd
方法2:
service sshd restart

13.验证是否成功

sshd -V 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

霜!!

不错,👆赏!!

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值