#升级脚本
#!/bin/bash
set -e
# 版本变量定义
OPENSSH_VERSION="9.8p1"
OPENSSL_VERSION="3.3.3"
# 检测系统类型
if [ -f /etc/redhat-release ]; then
SYSTEM="centos"
elif [ -f /etc/lsb-release ]; then
SYSTEM="ubuntu"
else
echo "Unsupported system!"
exit 1
fi
# 安装编译依赖
install_dependencies() {
if [ "$SYSTEM" = "centos" ]; then
yum groupinstall -y "Development Tools"
yum install -y wget pam-devel zlib-devel
elif [ "$SYSTEM" = "ubuntu" ]; then
apt-get update
apt-get install -y build-essential libpam0g-dev zlib1g-dev wget
fi
}
# 备份SSH配置
backup_ssh() {
cp -r /etc/ssh /etc/ssh_backup
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
}
# 编译安装OpenSSL
install_openssl() {
local version=$1
# 检测本地源码包
if [ -f "openssl-${version}.tar.gz" ]; then
echo "检测到本地openssl-${version}.tar.gz,跳过下载"
else
wget https://www.openssl.org/source/openssl-${version}.tar.gz
fi
# 修正原始脚本的语法错误
tar xzf openssl-${version}.tar.gz
[ -f /usr/bin/openssl ] && mv /usr/bin/openssl /usr/bin/openssl-bak
cd openssl-${version}
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
make -j$(nproc)
make install
echo "/usr/local/openssl/lib64" > /etc/ld.so.conf.d/openssl.conf
ldconfig
cd ..
}
# 编译安装OpenSSH
install_openssh() {
local version=$1
# 检测本地源码包
if [ -f "openssh-${version}.tar.gz" ]; then
echo "检测到本地openssh-${version}.tar.gz,跳过下载"
else
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${version}.tar.gz
fi
tar xzf openssh-${version}.tar.gz
[ -f /usr/bin/ssh ] && mv /usr/bin/ssh /usr/bin/ssh-bak
cd openssh-${version}
./configure --prefix=/usr --with-ssl-dir=/usr/local/openssl --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
make -j$(nproc)
make install
cd ..
}
# 配置SSH服务(仅CentOS需要)
configure_ssh() {
# cp contrib/sshd.init /etc/init.d/sshd
# chmod +x /etc/init.d/sshd
systemctl daemon-reload
}
main() {
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
install_dependencies
backup_ssh
# 安装组件(自动检测本地源码)
install_openssl $OPENSSL_VERSION
install_openssh $OPENSSH_VERSION
# 服务配置
if [ "$SYSTEM" = "centos" ]; then
configure_ssh
systemctl restart sshd
elif [ "$SYSTEM" = "ubuntu" ]; then
systemctl restart ssh
fi
# 验证版本
echo -e "\n\033[32m升级完成,当前版本:\033[0m"
ssh -V 2>&1 | awk '{print $1,$2}'
echo "export PATH=/usr/local/openssl/bin:$PATH" >> /etc/profile
source /etc/profile
openssl version
}
main
#常见报错
#报错
检测到本地openssl-3.3.3.tar.gz,跳过下载
Can't locate IPC/Cmd.pm in @INC (@INC contains: /home/cmcc/openssl-3.3.3/util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 . /home/cmcc/openssl-3.3.3/external/perl/Text-Template-1.56/lib) at /home/cmcc/openssl-3.3.3/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /home/cmcc/openssl-3.3.3/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at /home/cmcc/openssl-3.3.3/Configure line 23.
BEGIN failed--compilation aborted at /home/cmcc/openssl-3.3.3/Configure line 23.
#解决
sudo yum install perl-IPC-Cmd
#报错
/etc/ssh/sshd_config line 118: Bad key types 'ssh-rsa,ssh-dss'.
make: [check-config] Error 255 (ignored)
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
#解决
注释掉 HostKeyAlgorithms ssh-rsa,ssh-dss (加密方式已弃用)
HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
sudo /usr/sbin/sshd -t -f /etc/ssh/sshd_config
sudo systemctl restart sshd
sudo systemctl status sshd.service
sudo journalctl -xe
#报错
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
#解决
#报错
Failed to start ssh.service: Unit ssh.service is masked.
systemctl status ssh.service --type=masked
sudo systemctl unmask ssh.service
sudo systemctl daemon-reload
sudo systemctl restart ssh.service
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
