1 SSH version check
Upgrade this document to OpensSH-8.0P1 for systems whose SSH version is earlier than 7.0.
SSH -v [root@kuajing-db3 ~]# SSH -v openssh_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010Copy the code2 OpenSSH-8.0 Installation Procedure
Uninstall the original OpenSSH
yum remove openssh -y
Copy the codePrepare the compilation environment:
yum install gcc openssl-devel zlib-devel
Copy the code
Upload the openSSH installation package to/MNT and decompress it for compilation:
Tar ZXVF openssh-8.0p1.tar CD openssh-8.0. /configure make && make installCopy the code
Copy the SSH service file
cp /usr/local/bin/ssh /usr/bin/ssh cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub cp / MNT/openssh - 8.0 - p1 / contrib/redhat/SSHD. The init/etc/init. D/SSHD cp/contrib/redhat/SSHD. The init/etc/init. D/SSHDCopy the codeModifying a Configuration File
Modify/etc/SSH/sshd_config
Change #PermitRootLogin to PermitRootLogin yes
Example Change the value of /usr/libexec/sftp-server to /usr/local/libexec/sftp-server
Modify/etc/init. D/SSHD
SSHD=/usr/sbin/sshd change SSHD=/usr/local/sbin/sshd
Change /usr/sbin/ssh-keygen -a to /usr/local/bin/ssh-keygen -a
In ‘$SSHD $OPTIONS && success | | failure’ lines the top with a ‘OPTIONS = “-f/etc/SSH/sshd_config”‘
Adding a System Service
chkconfig --add sshd
chkconfig sshd on
Copy the code
Inspection service
chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Copy the code
Start the service
service sshd start
Copy the code
Checking the SSH Version
[root@oracle ~]# ssh -V
openssh-8.0p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Copy the code
3 OPENssh upgrade script
According to the upgrade process, a script is prepared to perform operations automatically. The script content is as follows:
#! /bin/bash sshInst() { yum remove openssh -y yum install gcc openssl-devel zlib-devel -y cd /mnt tar zxvf /configure make && make install} CHG_SSHD() {chmod +x /etc/init.d/sshd OPT_VALUE='OPTIONS="-f /etc/ssh/sshd_config"' OPT_EXIST=`grep "${OPT_VALUE}" /etc/init.d/sshd` if [ -z "${OPT_EXIST}" ]; then sed -i '/$SSHD $OPTIONS &&/i\\t'"${OPT_VALUE}"'' /etc/init.d/sshd else echo ${OPT_EXIST} fi PATH_EXIST=`grep "${NPATH}" /etc/init.d/sshd` if [ -n "${PATH_EXIST}" ]; then echo "${PATH_EXIST}" else sed -i "s:${OPATH}:${NPATH}:" /etc/init.d/sshd fi echo "/etc/init.d/sshd file changes completed." } CHG_CONF() { ##Chenge /etc/ssh/sshd_config cp sshd_config /etc/ssh/sshd_config sed -i '/#PermitRootLogin/i\PermitRootLogin yes' /etc/ssh/sshd_config PATH_EXIST=`grep "${NPATH}" /etc/ssh/sshd_config` if [ -z "${PATH_EXIST}" ]; then sed -i "s:${OPATH}:${NPATH}:" /etc/ssh/sshd_config else echo "${PATH_EXIST}" fi echo "/etc/ssh/sshd_config file changes completed." } OPATH=/usr/ NPATH=/usr/local/ echo -n "The SSH current version is:" ssh -V while true; do echo -n "Continue to update? (yes/no)" read INPUT case $INPUT in Y|y|YES|yes) sshInst echo -n "Press any key to continue....." read AnyKey cp /usr/local/bin/ssh /usr/bin/ssh echo "Copying ssh.... Done." cp /usr/local/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub echo "Copying ssh_host_ecdsa_key.pub.... Done. "cp/MNT/openssh - 7.5 - p1 / contrib/redhat/SSHD. The init/etc/init. D/SSHD echo" Copying SSHD... Done." CHG_SSHD CHG_CONF break;; N|n|NO|no) echo exited exit ;; "") break;; esac done chkconfig --add sshd chkconfig sshd on service sshd start echo "Operation is completed."Copy the code