如何离线升级openssh和openssl
1、环境检查
![image-20211120235204382](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235204382.png)
先确保你的服务器上已经有gcc,gcc-c++。这两个是编译工具。
![image-20211120235224223](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235224223.png)
缺少
![image-20211120235252329](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235252329.png)
正常应该是这样
缺少则安装gcc等编译环境
1 2 3
|
rpm -Uvh --force --nodeps *.rpm
|
![image-20211120235530863](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235530863.png)
2、编译安装openssl
下载最新版:https://mirrors.cloud.tencent.com/openssl/source/
![image-20211120235556490](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235556490.png)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
| mv /usr/lib64/libcrypto.so.1.0.2k /usr/lib64/libcrypto.so.1.0.2k_bak mv /usr/lib64/libssl.so.1.0.2k /usr/lib64/libssl.so.1.0.2k_bak
tar -zxvf openssl-1.0.2k.tar.gz cd openssl-1.0.2k
./config --prefix=/usr/local/openssl
make
for i in $(rpm -qa |grep openssl);do rpm -e $i --nodeps ;done
make install
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf ldconfig cp /usr/local/openssl/lib/libssl.so.1.1 /lib64/libssl.so.1.1 cp -f /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 cp /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64 ln -sf /usr/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.10 ln -sf /usr/lib64/libcrypto.so.1.1 /lib64/libcrypto.so.10 ln -sf /usr/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so ln -sf /usr/lib64/libssl.so.1.1 /usr/lib64/libssl.so.10 ln -sf /usr/lib64/libssl.so.1.1 /usr/lib64/libssl.so ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl ln -sf /usr/local/openssl/include/openssl /usr/include/openssl openssl version -a
mv /usr/lib64/libcrypto.so.1.0.2k_bak /usr/lib64/libcrypto.so.1.0.2k ln -fs /usr/lib64/libcrypto.so.1.0.2k /usr/lib64/libcrypto.so.10 mv /usr/lib64/libssl.so.1.0.2k_bak /usr/lib64/libssl.so.1.0.2k ln -sf /usr/lib64/libssl.so.1.0.2k /usr/lib64/libssl.so.10
|
3、编译安装openssh
下载最新版:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
![image-20211120235616921](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235616921.png)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl
make
for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done
sudo make install
ssh -V
// 在使用ssh登陆试试 sudo cp contrib/redhat/sshd.init /etc/init.d/sshd
sudo chkconfig --add sshd sudo chkconfig sshd on
sudo vim /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
// 重启服务 sudo service sshd restart
|
![image-20211120235714131](http://www.smartwirecom.net/upload/img/upload/2021/11/image-20211120235714131.png)
1 2 3
| chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ecdsa_key chmod 600 /etc/ssh/ssh_host_ed25519_key
|
4、升级后的问题
1)无法登陆ssh
2)docker网络异常
重启docker服务
1
| systemctl restart docker
|
3)Sftp账号异常
因为/etc/ssh/sshd_config文件更新后为全新文件,相关的配置也会被修改。需按照升级前的配置修改。