openssh源码版本升级亲测支持在CentOS7可用,配合ansible可以批量执行大批量设备openssh版本升级。
希望可以对日常运维处理漏洞工作的同学有些许帮助,提高工作效率,减少无效工作时间。
1、脚本文件最新脚本文件:update_openssh.sh
#!/bin/bash
# update openssh to v8.8p1
# 2022/07/09
# author: cjm
# 检查是否为root用户,脚本必须在root权限下运行
if [[ "$(whoami)" != "root" ]]; then
echo "please run this script as root !" >&2
exit 1
fi
echo -e '\033[31m ------------------------------------------------------------------------------------- \033[0m'
echo -e '\033[31m the script only Support CentOS_7 x86_64 \033[0m'
echo -e '\033[31m system initialization script, Please Seriously. press ctrl C to cancel \033[0m'
echo -e '\033[31m ------------------------------------------------------------------------------------- \033[0m'
# 检查是否为64位系统,这个脚本只支持64位脚本
platform=`uname -i`
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System !"
exit 1
fi
#1.安装telnet服务
install_Telnet(){
yum -y install xinetd telnet-server
cat > /etc/xinetd.d/telnet <<EOF
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure = USERID
}
EOF
if ! grep "pts/0" /etc/securetty &>/dev/null; then
cat >> /etc/securetty << EOF
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9
EOF
fi
systemctl enable xinetd --now
systemctl enable telnet.socket --now
echo -e "\033[32m CentOS7安装Telnet服务完成 \033[0m"
sleep 1
}
#2.下载安装包
wget_software(){
cd /opt
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz --no-check-certificate
wget http://www.zlib.net/zlib-1.2.12.tar.gz
}
#3.安装zlib
install_zlib(){
cd /opt
tar -zxvf zlib-1.2.12.tar.gz
cd zlib-1.2.12
./configure --prefix=/usr/local/zlib
make && make install
echo -e "\033[32m CentOS7安装zlib服务完成 \033[0m"
}
#4.安装openssl
install_openssl(){
cd /opt
tar -zxvf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
openssl version -a
echo -e "\033[32m CentOS7安装openssl服务完成 \033[0m"
}
# 5.安装openssh
install_openssh(){
cd /opt
tar -zxvf openssh-8.8p1.tar.gz
cd openssh-8.8p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
sed -i "s/Type=notify/Type=simple/g" /usr/lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd
echo -e "\033[32m 安装完成 \033[0m"
sleep 1
}
main(){
install_telnet
wget_software
install_zlib
install_openssl
install_openssh
}
main
sh update_openssh.sh
升级完后测试ssh是否正常,正常后手动停止telnet服务
systemctl stop telnet.socket
如果您喜欢本文,就请动动您的发财手为本文点赞评论转发,让我们一起学习更多运维相关知识,最后请记得关注我。
,