windows升级openssl版本,ubuntu openssh升级8.6

############ openssl #############备份旧的openssl文件sudo mv /usr/cxdsmt/openssl /usr/cxdsmt/openssl.baksudo mv /usr/lib64/openssl /usr/lib64/openssl.baksudo mv /usr/lib64/libssl.so /usr/lib64/libssl.so.old#这根据实例的环境，此文件根据情况进行备份#1.查看openssh、gcc版本ssh -Vgcc -v#2.编译安装Zlib：cd /usr/local/srcwget -c http://www.zlib.net/zlib-1.2.11.tar.gz#3.编译安装tar xzvf zlib-1.2.11.tar.gzcd zlib-1.2.11/./configure --prefix=/usr/local/zlibmake install#4.升级openssl##4.1查看版本openssl version##4.2下载cd /usr/local/srcwget https://www.openssl.org/source/openssl-1.1.1k.tar.gz##4.3备份旧版mv /usr/cxdsmt/openssl{,.bak}##4.4解压tar xf openssl-1.1.1k.tar.gz -C /usr/local/##4.5编译cd /usr/local/openssl-1.1.1k./config --prefix=/usr/local/ssl --openssldir=/use/local/ssl sharedmake && make install##4.6软链接ln -s /usr/local/ssl/cxdsmt/openssl /usr/cxdsmt/openssl##4.7更配置echo '/usr/local/ssl/lib' >>/etc/ld.so.conf##4.8生效ldconfig##测试openssl version以防玩意，可以先安装Telnet1.查看是否安装了Telnetrpm -qa|grep "xinetd"2.若没有安装则，yum install xinetd -y3.查看telnet是否安装，若没有安装则查看：rpm -qa|grep 'telnet'安装：yum install telnet telnet-server -y4.编辑配置文件vi /etc/xinetd.d/telnet service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/scxdsmt/in.telnetd log_on_failure += USERID disable = no }5.检查端口netstat -lntup|grep 236.修改telnet的配置文件，因为telnet是明文传输，所以修改端口（PS：安装此是为了openssh升级失败断连，openssh升级完成后，即可卸载）vi /etc/services #找到telnet，修改，如下telnet 7916/tcptelnet 7916/udp#7.重启服务service xinetd restart#8.在实例上创建一个普通用户，用来登录（root用户不可以登录实例，也不建议用root登录）useradd login_ssh passwd login_ssh#9.在windows上尝试连接telnet 10.0.0.71 7916zabbix login: login_sshPassword: Login incorrectzabbix login: login_sshPassword: [login_ssh@zabbix ~]$ visudo #添加授权login_ssh ALL=(ALL) NOPASSWD:ALL############ openssh #############PS：升级Openssh最好本机操作或者开启telnet，防止升级失败，中途断开连接,推荐本机登录操作#1.备份ssh配置文件夹mv /etc/ssh /etc/ssh.bakmv /usr/cxdsmt/ssh /usr/cxdsmt/ssh.bak（ 全局查一下所在位置 ）mv /usr/scxdsmt/sshd /usr/scxdsmt/sshd.bak#2.下载安装包cd /usr/localwget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz#3.解压tar xf openssh-8.6p1.tar.gzchown root.root openssh-8.6p1 -Rcd /opt/openssh-8.6p1#4.安装依赖yum install -y openssl-devel pam-devel gcc./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening --without-openssl-header-check#检测一下echo $? #---> 若为0则是成功的#5.安装make && make installecho $? #---> 若为0则是成功的#6.如果提示key文件权限过大chmod 600 file_name例：chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key#7.复制配置rsync -av /etc/init.d/sshd /etc/init.d/sshd.bakrsync -av /etc/pam.d/sshd /etc/pam.d/sshd.bakrsync -av contrib/redhat/sshd.init /etc/init.d/sshd #按照实际情况进行rsync -av contrib/redhat/sshd.pam /etc/pam.d/sshd.pam #我执行此步升级成功后，登录不上，查看报错信息，是由于这块引起得，于是没执行此步可以;chmod u+x /etc/init.d/sshdmv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak#7.1修改配置rsync -av /etc/ssh/sshd_config /etc/ssh/sshd_config.baksudo egrep -v "^#|^$" /etc/ssh.bak/sshd_configsudo vim /etc/ssh/sshd_config #除了下变的，根据/etc/ssh.bak/sshd_config进行修改PermitRootLogin yesPasswordAuthentication yesUseDNS no.....#PS: Subsystem开头的不要修改# 8、设置开机自启chkconfig --add sshdchkconfig sshd on# 9、重启ssh服务systemctl daemon-reloadsystemctl restart sshd#10.查看版本ssh -V#########回滚#########rm -rf /etc/sshmv /etc/ssh.bak /etc/ssh mv /usr/cxdsmt/ssh.bak /usr/cxdsmt/ssh mv /usr/scxdsmt/sshd.bak /usr/scxdsmt/sshd systemctl restart sshd#验证ssh -V