本文提供了一套详细的步骤,指导如何在CentOS 7.2和6.8系统上安全地升级OpenSSH到7.9p1版本,包括安装telnet-server作为备用连接手段、配置防火墙、创建测试用户、修改权限、关闭SELinux等关键操作,确保升级过程的稳定性和安全性。
注:分centos7.2系统和centos6.8系统
rpm包升级centos7.2系统 openssh7.9p1版本
1、避免升级不成功出现ssh无法连接情况请yum安装telnet-server开启23端口,以便安装不成功23端口依然能连接
[root@bogon ~]# yum install -y telnet telnet-server lrzsz wget xinetd vim [root@bogon ~]# systemctl enable telnet.socket [root@bogon ~]# systemctl start telnet.socket [root@bogon ~]# systemctl enable xinetd [root@bogon ~]# systemctl start xinetd [root@bogon ~]# firewall-cmd --zone=public --add-port=23/tcp --permanent [root@bogon ~]# firewall-cmd --reload
2、创建用户,telnet连接不能直接使用root超级用户连接
[root@bogon ~]# useradd test [root@bogon ~]# echo "123456" | passwd --stdin test
3、测试连接
4、安装openssh7.9
[root@bogon ~]# tar fx openssh-7.9p1-1.rpm.tar.gz [root@bogon ~]# cd openssh-7.9p1-1.rpm [root@bogon openssh-7.9p1-1.rpm]# yum install -y ./* [root@bogon ~]# vim /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes
5、授权,否则ssh无法启动
[root@bogon ~]# chown root:root /etc/ssh/* ecdsa_key.pub chmod 600 /etc/ssh/ssh_host_ed25519_key chmod 644 /etc/ssh/ssh_host_ed25519_key.pub chmod 600 /etc/ssh/ssh_host_rsa_key chmod 644 /etc/ssh/ssh_host_rsa_key.pub [root@bogon ~]# chmod 644 /etc/ssh/moduli [root@bogon ~]# chmod 644 /etc/ssh/ssh_config [root@bogon ~]# chmod 644 /etc/ssh/sshd_config [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_dsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_dsa_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_ecdsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_ed25519_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_ed25519_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_rsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_rsa_key.pub
6、关闭selinux,否则重启sshd之后ssh无法连接(一直提示输入密码)
[root@bogon ~]# setenforce 0 [root@bogon ~]# vim /etc/selinux/config SELINUX=disabled
7、验证是否升级成功
[root@bogon ~]# rpm -qa|grep openssh openssh-server-7.9p1-1.el6.x86_64 openssh-7.9p1-1.el6.x86_64 openssh-clients-7.9p1-1.el6.x86_64
rpm包升级centos6.8系统 openssh7.9p1版本
1、避免升级不成功出现ssh无法连接情况请yum安装telnet-server开启23端口,以便安装不成功23端口依然能连接
[root@bogon ~]# yum install -y telnet-server telnet xinetd [root@bogon ~]# vim /etc/xinetd.d/telnet disable = no
2、开启防火墙23端口
[root@bogon ~]# vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT [root@bogon ~]# service iptables restart
3、启动telnet-server服务
[root@bogon ~]# service xinetd start
4、创建连接用户
[root@bogon ~]# useradd test [root@bogon ~]# echo "123456" | passwd --stdin test
5、测试连接
6、安装openssh7.9
[root@bogon ~]# tar fx openssh-7.9p1-1.rpm.tar.gz [root@bogon ~]# cd openssh-7.9p1-1.rpm [root@bogon openssh-7.9p1-1.rpm]# yum install -y ./* [root@bogon ~]# vim /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes
7、授权,否则ssh无法启动
[root@bogon ~]# chown root:root /etc/ssh/* [root@bogon ~]# chmod 644 /etc/ssh/moduli [root@bogon ~]# chmod 644 /etc/ssh/ssh_config [root@bogon ~]# chmod 644 /etc/ssh/sshd_config [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_dsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_dsa_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_ecdsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_ed25519_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_ed25519_key.pub [root@bogon ~]# chmod 600 /etc/ssh/ssh_host_rsa_key [root@bogon ~]# chmod 644 /etc/ssh/ssh_host_rsa_key.pub
8、关闭selinux,否则重启sshd之后ssh无法连接(一直提示输入密码)
[root@bogon ~]# setenforce 0 [root@bogon ~]# vim /etc/selinux/config SELINUX=disabled
9、验证是否升级成功
[root@bogon ~]# rpm -qa|grep openssh openssh-server-7.9p1-1.el6.x86_64 openssh-7.9p1-1.el6.x86_64 openssh-clients-7.9p1-1.el6.x86_64
转载于:https://blog.51cto.com/11916514/2340624
扫一扫
254
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
