• linux安装SSH

    linux安装SSH

    源码包链接

    zlib:https://www.zlib.net/zlib_1.3.1.tar.gz

    openssl:https://www.openssl.org/source/openssl-3.3.0.tar.gz

    openssh:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz

    [root@localhost ~]# rpm -qa | grep gcc(检查gcc是否安装)
[root@localhost ~]# yum install gcc(如果没有gcc,安装gcc,如果有,此步骤跳过)

[root@localhost ~]# rpm -qa|grep pam(检查pam是否安装)
[root@localhost ~]# yum install pam (如果没有pam,安装pam,如果有,此步骤跳过)

[root@localhost ~]# rpm -qa|grep pam-devel(检查pam-devel是否安装)
[root@localhost ~]# yum install pam-devel (如果没有pam-devel,安装pam-devel,如果有,此步骤跳过)
注意:pam-devel包必须与系统的pam包版本一致

[root@localhost ~]# rpm -qa|grep zlib(检查zlib是否安装)
[root@localhost ~]# yum install zlib(如果没有zlib,安装zlib,如果有,此步骤跳过)

[root@localhost ~]# rpm -qa|grep zlib-devel(检查zlib-devel是否安装)
[root@localhost ~]# yum install zlib-devel(如果没有zlib-devel,安装zlib-devel,如果有,此步骤跳过)

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    编译安装zlib
    [root@localhost ~]#  cd zlib-1.3.1
[root@localhost ~]#  ./configure --prefix=/usr/local/zlib
[root@localhost ~]#  make && make install

    • 1
    • 2
    • 3
    升级OpenSSL
    查看当前版本
    [root@localhost ~]#  ssh -V

    • 1
    备份、卸载原有OpenSSL
    查找openssl 相关目录,然后备份
    ```java
[root@localhost etc]# whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/share/man/man1/openssl.1ssl.gz

[root@localhost etc]# mv /usr/bin/openssl  /usr/bin/openssl.old

[root@localhost etc]# mv /usr/lib64/openssl /usr/lib64/openssl.old

[root@localhost etc]# mv /usr/bin/openssl /usr/bin/openssl_old		#把/usr/bin/openssl 这个可执行文件重命名备份

[root@localhost etc]# mv /usr/include/openssl /usr/include/openssl_old	#把/usr/include/openssl这个目录重命名备份

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    
#####  卸载 openssl (看个人需要)

```java
[root@localhost etc]# yum remove openssl

    • 1
    • 2
    • 3
    • 4
    • 5
    安装openssl
    [root@localhost ~]# tar -xzvf openssl-3.3.0.tar.gz
[root@localhost ~]# chown -R root.root /usr/local/openssl-3.3.0
[root@localhost ~]# cd openssl-3.3.0/
[root@localhost ~]# ./config --prefix=/usr/local/openssl shared zlib
或者(二选一)安装在/usr目录下,会覆盖旧版本数据
[root@localhost ~]# ./config --prefix=/usr
[root@localhost ~]# rpm -qa | grep openssl (查看当前安装的版本)
[root@localhost ~]# make && make install
[root@localhost ~]# echo '/usr/local/openssl/lib' >> /etc/ld.so.conf	        #修改系统配置,写入openssl库文件的搜索路径
[root@localhost ~]# ldconfig -v													#重新加载动态库
[root@localhost ~]# cd /usr/local/openssl/bin							#进入到安装目录
[root@localhost ~]# ./openssl version											#查看安装的版本
[root@localhost ~]# ln -s /usr/local/openssl/bin/openssl  /usr/bin/openssl			#建一个/usr/bin/openssl软链接,链接到我们新安装的
[root@localhost ~]# ln -s /usr/local/openssl/include/openssl  /usr/include/openssl	#建一个/usr/include/openssl软链接,链接到我们新安装的OpenSSL下的include的openssl目录
可以直接拷贝过去,看个人选择
[root@localhost ~]#  openssl version	#查看版本

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16

    选择了/usr 是因为系统最初始的openssl的目录就是/usr 这样可以省去的软连接、更新链接库的问题

    error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

     [root@localhost ~]#  find / -name libssl.so.1.1
[root@localhost ~]#   ln -s /usr/local/openssl /lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1  #软连接或者拷贝

    • 1
    • 2

    error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

    [root@localhost ~]#   ln -s /usr/local/openssl /lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

    • 1

    如果升级ssl后查看版本依旧是老版本,重新执行

    [root@localhost ~]#  mv /usr/bin/openssl /usr/bin/openssl_old #把/usr/bin/openssl 这个可执行文件重命名备份
[root@localhost ~]#  mv /usr/include/openss /usr/include/openss_old #把/usr/include/openssl这个目录重命名备份
[root@localhost ~]#  ln -s /usr/local/openssl /bin/openssl /usr/bin/openssl #建一个/usr/bin/openssl软链接,链接到我们新安装的
[root@localhost ~]#  ln -s /usr/local/openssl /include/openssl /usr/include/openssl #建一个/usr/include/openssl软链接,链接到我们新安装的OpenSSL下的include的openssl目录
拷贝也可以

    • 1
    • 2
    • 3
    • 4
    • 5
    升级OpenSSH
    [root@localhost ~]# rpm -qa | grep xinetd(检查xinetd是否安装)
[root@localhost ~]# yum install xinetd(如果没有,则安装xinetd,否则跳过此步骤)

[root@localhost ~]# rpm -qa | grep telnet-server(检查telnet-server是否安装)
[root@localhost ~]# yum install telnet-server(如果没有,则安装telnet-server,否则跳过此步骤)

[root@localhost ~]# rpm -qa | grep vsftpd(检查vsftpd是否安装)
[root@localhost ~]# yum install vsftpd(如果没有,则安装vsftpd,否则跳过此步骤)

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8

    安装telnet-server
    方法一:

    [root@localhost ~]# yum install -y xinetd
[root@localhost ~]# yum install -y telnet
[root@localhost ~]# yum install -y telnet-server

[root@localhost ~]# vim /etc/securetty
在末尾添加:
pts/0
pts/1
[root@localhost ~]#  echo 'pts/0' >>/etc/securetty
[root@localhost ~]#  echo 'pts/1' >>/etc/securetty


方法二:
yum -y install telnet* xinetd*
$ systemctl start telnet.socket
$ systemctl start  xinetd

[root@localhost ~]#  systemctl restart telnet.socket
[root@localhost ~]#  systemctl enable xinetd 
[root@localhost ~]#  systemctl enable telnet.socket
[root@localhost ~]#  rpm -qa | grep telnet
[root@localhost ~]#  rpm -qa | grep xinetd

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    [root@localhost ~]# mv /etc/securetty /etc/securetty.bak 
[root@localhost ~]# vim /etc/xinetd.d/telnet 
disable  = no     #开启telnet服务功能,否则telnet启动后,23端口起不来
注意:将disable = yes 改为disable = no

    • 1
    • 2
    • 3
    • 4
    #开启xinetd
[root@localhost ~]# service xinetd start
Starting xinetd:                                           [  OK  ]
#查看端口
[root@localhost ~]# netstat -antp|grep 23
tcp        0      0 :::23                       :::*                        LISTEN      6133/xinetd 

#设定开机自启
[root@localhost ~]# chkconfig xinetd on

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9

    临时关闭安全登录,否则无法进行远程telnet连接

    有防火墙记得关闭防火墙,并关闭SELinux

    [root@localhost ~]# firewall-cmd --state

    关闭防火墙

    [root@localhost ~]# systemctl stop firewalld.service

    测试telnet远程登录,telnet登录成功才进行接下来的操作,防止sshd服务被搞坏了远程连不上服务器

    [root@localhost ~]# telnet 127.X.X.X

    安装依赖包

    安装依赖

    yum -y install gcc*

    [root@localhost ~]#  yum  install  -y gcc-c++ zlib-devel  openssl-devel pam-devel
[root@localhost ~]#  yum install -y gcc gcc-c++ glibc make automake autoconf pam pam-devel zlib zlib-devel

    • 1
    • 2
    备份

    通过whereis ssh sshd找出bin文件、源文件,然后备份。

    [root@localhost ~]#  mv /etc/ssh /etc/ssh.bak

[root@localhost ~]#  mv /usr/bin/ssh /usr/bin/ssh.bak

[root@localhost ~]#  mv /usr/sbin/sshd /usr/sbin/sshd.bak

[root@localhost ~]#  mv /usr/bin/ssh-keygen  /usr/bin/ssh-keygen.bak

[root@localhost ~]#  mv /etc/pam.d/sshd  /etc/pam.d/sshd.old

[root@localhost ~]#  mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11

    卸载旧版OpenSSH

    [root@localhost ~]#  yum remove openssh

    • 1

    安装新版OpenSSH

    [root@localhost ~]#  tar -xzvf openssh-9.7p1.tar.gz
[root@localhost ~]#  chown -R root.root /usr/local/openssh-9.7p1
[root@localhost ~]#  cd openssh-9.7p1
[root@localhost ~]#  ./configure --prefix=/usr/local/openssh  --sysconfdir=/etc/ssh  --with-pam   --with-zlib=/usr/local/zlib   --with-ssl-dir=/usr/local/openssl
[root@localhost ~]#  make && make install
[root@localhost ~]#  echo $?
为0正常
[root@localhost ~]#  chmod 600 /etc/ssh/*

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    复制新的配置文件到原来目录
    [root@localhost ~]#  cp /usr/local/openssh/etc/sshd_config    /etc/ssh/sshd_config

[root@localhost ~]#  cp /usr/local/openssh/sbin/sshd   /usr/sbin/sshd

[root@localhost ~]#  cp /usr/local/openssh/bin/ssh   /usr/bin/ssh

[root@localhost ~]#  cp /usr/local/openssh/bin/ssh-keygen   /usr/bin/ssh-keygen

[root@localhost ~]#  cp -p contrib/redhat/sshd.init     /etc/init.d/sshd

[root@localhost ~]#  cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    修改权限
    [root@localhost ~]#  chmod +x /etc/init.d/sshd

    • 1

    [root@localhost ~]# vim /etc/ssh/sshd_config

    sshd_config文件修改
    [root@localhost ~]#  echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost ~]#  echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
[root@localhost ~]#  echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

    • 1
    • 2
    • 3

    PermitRootLogin yes:允许root用户通过SSH登录到系统(重启sshd服务之后远程连接)
    PubkeyAuthentication yes:启用公钥身份验证
    PasswordAuthentication yes:启用密码身份验证

    启动sshd

    [root@localhost ~]# service sshd restart
    添加到开机启动项
    [root@localhost ~]# chkconfig --add sshd
    [root@localhost ~]# chkconfig sshd on
    [root@localhost ~]# systemctl daemon-reload
    [root@localhost ~]# systemctl restart sshd
    [root@localhost ~]# systemctl status sshd

    
[root@localhost ~]#  ssh -V

    • 1
    • 2
    1. 停止telnet相关服务
    [root@localhost ~]#  systemctl stop telnet.socket
[root@localhost ~]#  systemctl stop xinetd

    • 1
    • 2
    1. 卸载telnet
    [root@localhost ~]#  rpm -e --nodeps `rpm -qa | grep telnet`
[root@localhost ~]#  rpm -e --nodeps `rpm -qa | grep xinetd`

    • 1
    • 2

    3.验证是否验证完成

    [root@localhost ~]#  rpm -qa | grep telnet
[root@localhost ~]#  rpm -qa | grep xinetd

    • 1
    • 2
  • 相关阅读:
    ToroiseGit/GitBash 设置提交信息模板设置
    Vue3+tsx开发语法详解
    12V手电钻保护板如何接线演示
    会议OA项目之我的审批
    聊聊领导力与带团队的那些事
    SpringMVC 程序开发
    禾匠二开系列之兑换码禁用以后启用功能
    R语言、Meta分析、MATLAB在生态环境领域里的应用
    ENSP中用OSPF协议在MGRE结构中实现全网可达
    (附源码)计算机毕业设计SSM久宠宠物店管理系统
  • 原文地址:https://blog.csdn.net/weixin_45914944/article/details/138114570