1 #!/bin/bash 2 :<<! 3 注意: : %s/openssh-8.1p1/openssh-8.1p1/g 4 1.使用脚本前需要在命令行模式下更改文本模式set ff=unix ; 5 2. 执行完脚本后,请执行source /etc/profile; 6 3. 请在/root下执行脚本 7 4.如出现openssl升级后找不到库文件,可通过查找openssl库文件解决。//find / -name "libssl*” echo "/usr/local/lib64" >> /etc/ld.so.conf ldconfig -v 8 ! 9 10 system_init () { 11 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #//永久设置selinux为disabled状态 12 setenforce 0 #//手动设置selinux为Permissive 13 # sed -i 's/#Port 22/Port 22022' /etc/ssh/sshd_config #//如果需要更改远程端口,去掉前面注释并修改相应的端口 14 sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config #//允许root用户远程登录,不允许yes改为no 15 sed -i '1a nameserver 114.114.114.114' /etc/resolv.conf #//添加NDS地址 16 sed -i '1a options timeout:1 attempts:1 rotate' /etc/resolv.conf #//设置超时时间和重试次数,加上这条可以解决dns解析慢的问题 17 echo root | passwd --stdin root 18 yum -y install wget net-tools httpd-tools sysstat lsof tree 19 if [ $? = 0 ];then 20 systemctl stop firewalld && systemctl disable firewalld 21 else 22 echo "firewalld is off " 23 fi 24 25 zone=$(timedatectl |grep Asia/Shanghai) 26 if [ $? != 0 ];then 27 timedatectl set-timezone Asia/Shanghai 28 else 29 echo "Time zone configuration successful" 30 fi 31 rpm -qa |grep chrony 32 if [ $? != 0 ];then 33 yum -y install chrony && cp /etc/chrony.conf /etc/chrony.conf.bak 34 sed -i '/^server/ s/^/#/' /etc/chrony.conf 35 sed -i '2a server ntp.ntsc.ac.cn iburst' /etc/chrony.conf 36 chronyc -a makestep 37 else 38 echo "chrony is sucess" 39 fi 40 id SHunicom 41 if [ $? != 0 ];then 42 useradd SHunicom && echo ShCX#9+2uc0$]80! |passwd --stdin SHunicom 43 echo "SHunicom add ok" 44 fi 45 } 46 47 48 zlic_install () { 49 cd /root 50 tar -vxf zlib-1.2.11.tar.gz 51 cd zlib-1.2.11 52 ./configure --prefix=/usr/local/zlib 53 make && make install 54 echo " zlib install ok" 55 } 56 57 openssl_install () { 58 cd /root 59 tar -vxf openssl-1.1.1a.tar.gz >/dev/null 60 cd openssl-1.1.1a 61 ./config shared zlib --prefix=/usr/local/openssl 62 make && make install 63 mv /usr/bin/openssl /usr/bin/openssl.old 64 mv /usr/include/openssl /usr/include/openssl.old 65 ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl 66 ln -s /usr/local/openssl/include/openssl /usr/include/openssl 67 echo "/usr/local/openssl/lib" >> /etc/ld.so.conf 68 ldconfig -v 69 } 70 71 openssh_prepare () { 72 yum -y install wget 73 rpm -qa |grep wget 74 wget_stat=$? 75 ping -c 3 openbsd.hk 76 ping_stat=$? 77 78 if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then 79 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz 80 wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz" 81 wget http://www.zlib.net/zlib-1.2.11.tar.gz 82 yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel tcp_wrappers-devel wget 83 else 84 echo -n -e "program: 'basename $wget_stat' openssh download faifled" 85 fi 86 ps -ef |grep sshd | grep -v grep 87 ssh_stat=$? 88 rpm -qa |grep openssh 89 openssh_stat=$? 90 if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then 91 systemctl stop sshd 92 rpm -qa |grep openssh |xargs -d " " rpm -e --nodeps 93 mv /etc/init.d/sshd /etc/init.d/sshd.bak 94 mv /etc/ssh /etc/ssh.bak 95 elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ] ;then 96 systemctl stop sshd 97 mv /usr/local/openssh /usr/local/openssh.bak 98 elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ] ;then 99 mv /usr/local/openssh /usr/local/openssh.bak 100 elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ] ;then 101 rpm -qa |grep openssh |xargs -d " " rpm -e --nodeps 102 mv /etc/init.d/sshd /etc/init.d/sshd.bak 103 mv /etc/ssh /etc/ssh.bak 104 fi 105 } 106 107 ubuntu_prepare () { 108 echo "0" >/etc/apt-get/sources.list 109 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list 110 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse ' /etc/aptt/sources.list 111 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list 112 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list 113 sed -i '1a deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list 114 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list 115 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse' /etc/apt/sources.list 116 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list 117 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list 118 sed -i '1a deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list 119 sudo apt-get install wget 120 dpkg -s wget 121 wget_stat=$? 122 ping -c 3 openbsd.hk 123 ping_stat=$? 124 125 if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then 126 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz 127 wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz" 128 wget http://www.zlib.net/zlib-1.2.11.tar.gz 129 sudo apt-get install wget gcc make zlib1g-dev libssl-dev libpam0g-dev sysv-rc-conf -y 130 else 131 echo -n -e "program: 'basename $wget_stat' openssh download faifled" 132 fi 133 ps -ef |grep sshd | grep -v grep 134 ssh_stat=$? 135 rpm -qa |grep openssh 136 openssh_stat=$? 137 if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then 138 systemctl stop sshd 139 mv /etc/init.d/sshd /etc/init.d/sshd.bak 140 mv /etc/ssh /etc/ssh.bak 141 elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ] ;then 142 systemctl stop sshd 143 mv /usr/local/openssh /usr/local/openssh.bak 144 elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ] ;then 145 mv /usr/local/openssh /usr/local/openssh.bak 146 elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ] ;then 147 mv /etc/init.d/sshd /etc/init.d/sshd.bak 148 mv /etc/ssh /etc/ssh.bak 149 fi 150 } 151 apt_get=$? 152 if [ apt_get -eq 0 ];then 153 wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz 154 wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz 155 wget http://www.zlib.net/zlib-1.2.11.tar.gz 156 fi 157 158 openssh_install () { 159 cd /root 160 tar -xvf openssh-8.1p1.tar.gz && /root > /dev/null 161 cd openssh-8.1p1 162 var="$1" 163 if [ "$var" = "cen6" ];then 164 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl -with-md5-passwords --without-hardening 165 if [ $? = 0 ];then 166 openssh_init 167 else 168 echo "system is $var , configure openssh failed " >>/install.log 169 fi 170 elif [ "$var" = "cen7" ];then 171 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl 172 if [ $? = 0 ];then 173 openssh_init 174 else 175 echo "system is $var , configure openssh failed " >>/install.log 176 fi 177 fi 178 } 179 180 openssh_init () { 181 make && make install 182 cp $DIRSSH/contrib/redhat/sshd.init /etc/init.d/sshd 183 sed -i '25,25s/SSHD=/usr/sbin/sshd/SSHD=/usr/local/openssh/sbin/sshd/' /etc/init.d/sshd 184 sed -i '41,41s//usr/bin/ssh-keygen -A//usr/local/openssh/bin/ssh-keygen -A/' /etc/init.d/sshd 185 chkconfig --add sshd && systemctl daemon-reload 186 # sed -i 's/#Port 22/Port 22022/' /etc/ssh/sshd_config 187 sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config 188 chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key 189 systemctl start sshd 190 echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile 191 source /etc/profile 192 } 193 194 DIRZLIB='/usr/local/zlib' 195 DIRSSL='/usr/local/openssl' 196 DIRSSH='/root/openssh-8.1p1' 197 INSTALLSSH='/usr/local/openssh' 198 SYSSSH='/etc/ssh' 199 array_number=(init centos6 centos7 ubuntu) 200 echo -n -e "e[31;47m please input number 0.init 1.centos6 2.centos7 3.ubuntu please input number: e[30" 201 read input 202 number=${array_number["$input"]} 203 case "$number" in 204 ${array_number[0]}) 205 system_init 206 ;; 207 ${array_number[1]}) 208 openssh_prepare 209 zlic_install 210 openssl_install 211 openssh_install cen6 212 ;; 213 ${array_number[2]}) 214 openssh_prepare 215 zlic_install 216 openssl_install 217 openssh_install cen7 218 ;; 219 ${array_number[3]}) 220 ubuntu_prepare 221 zlic_install 222 openssl_install 223 openssh_install cen7 224 ;; 225 *) 226 echo "Usage: input number 0.init 1.centos6 2. centos7 3. ubuntu " 227 exit 1 228 ;; 229 esac