openssh源码版本升级亲测支持在CentOS7可用,配合ansible可以批量执行大批量设备openssh版本升级。

希望可以对日常运维处理漏洞工作的同学有些许帮助,提高工作效率,减少无效工作时间。

1、脚本文件

最新脚本文件:update_openssh.sh

#!/bin/bash # update openssh to v8.8p1 # 2022/07/09 # author: cjm # 检查是否为root用户,脚本必须在root权限下运行 if [[ "$(whoami)" != "root" ]]; then echo "please run this script as root !" >&2 exit 1 fi echo -e '\033[31m ------------------------------------------------------------------------------------- \033[0m' echo -e '\033[31m the script only Support CentOS_7 x86_64 \033[0m' echo -e '\033[31m system initialization script, Please Seriously. press ctrl C to cancel \033[0m' echo -e '\033[31m ------------------------------------------------------------------------------------- \033[0m' # 检查是否为64位系统,这个脚本只支持64位脚本 platform=`uname -i` if [ $platform != "x86_64" ];then echo "this script is only for 64bit Operating System !" exit 1 fi #1.安装telnet服务 install_Telnet(){ yum -y install xinetd telnet-server cat > /etc/xinetd.d/telnet <<EOF service telnet { disable = yes flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure = USERID } EOF if ! grep "pts/0" /etc/securetty &>/dev/null; then cat >> /etc/securetty << EOF pts/0 pts/1 pts/2 pts/3 pts/4 pts/5 pts/6 pts/7 pts/8 pts/9 EOF fi systemctl enable xinetd --now systemctl enable telnet.socket --now echo -e "\033[32m CentOS7安装Telnet服务完成 \033[0m" sleep 1 } #2.下载安装包 wget_software(){ cd /opt wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz --no-check-certificate wget http://www.zlib.net/zlib-1.2.12.tar.gz } #3.安装zlib install_zlib(){ cd /opt tar -zxvf zlib-1.2.12.tar.gz cd zlib-1.2.12 ./configure --prefix=/usr/local/zlib make && make install echo -e "\033[32m CentOS7安装zlib服务完成 \033[0m" } #4.安装openssl install_openssl(){ cd /opt tar -zxvf openssl-1.1.1j.tar.gz cd openssl-1.1.1j ./config --prefix=/usr/local/ssl -d shared make && make install echo '/usr/local/ssl/lib' >> /etc/ld.so.conf ldconfig -v openssl version -a echo -e "\033[32m CentOS7安装openssl服务完成 \033[0m" } # 5.安装openssh install_openssh(){ cd /opt tar -zxvf openssh-8.8p1.tar.gz cd openssh-8.8p1 ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl make && make install echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config mv /usr/sbin/sshd /usr/sbin/sshd.bak cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd mv /usr/bin/ssh /usr/bin/ssh.bak cp /usr/local/openssh/bin/ssh /usr/bin/ssh mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub sed -i "s/Type=notify/Type=simple/g" /usr/lib/systemd/system/sshd.service systemctl daemon-reload systemctl restart sshd systemctl status sshd echo -e "\033[32m 安装完成 \033[0m" sleep 1 } main(){ install_telnet wget_software install_zlib install_openssl install_openssh } main

2、执行脚本

sh update_openssh.sh

升级完后测试ssh是否正常,正常后手动停止telnet服务

systemctl stop telnet.socket

如果您喜欢本文,就请动动您的发财手为本文点赞评论转发,让我们一起学习更多运维相关知识,最后请记得关注我。

openssh v8.9.1(shell脚本一键升级openssh版本)(1)

,