• Openssh升级脚本


      1 #!/bin/bash
      2 :<<! 
      3 注意: : %s/openssh-8.1p1/openssh-8.1p1/g
      4 1.使用脚本前需要在命令行模式下更改文本模式set ff=unix ;  
      5 2. 执行完脚本后,请执行source /etc/profile;
      6 3. 请在/root下执行脚本
      7 4.如出现openssl升级后找不到库文件,可通过查找openssl库文件解决。//find  /  -name  "libssl*”  echo  "/usr/local/lib64"   >>   /etc/ld.so.conf   ldconfig -v
      8 !
      9 
     10 system_init () {
     11                 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config                                             #//永久设置selinux为disabled状态
     12                 setenforce 0                                                                                          #//手动设置selinux为Permissive
     13 #               sed -i 's/#Port 22/Port 22022' /etc/ssh/sshd_config                                                            #//如果需要更改远程端口,去掉前面注释并修改相应的端口
     14                 sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config                   #//允许root用户远程登录,不允许yes改为no
     15                 sed -i '1a nameserver 114.114.114.114' /etc/resolv.conf                                   #//添加NDS地址
     16                 sed -i '1a options timeout:1 attempts:1 rotate' /etc/resolv.conf                           #//设置超时时间和重试次数,加上这条可以解决dns解析慢的问题
     17                 echo root | passwd --stdin root
     18                yum -y install wget net-tools httpd-tools sysstat lsof tree
     19             if [ $? = 0 ];then
     20                 systemctl stop firewalld && systemctl disable firewalld
     21             else 
     22                 echo "firewalld is off "
     23             fi
     24 
     25             zone=$(timedatectl |grep Asia/Shanghai)
     26             if [ $? != 0 ];then
     27                 timedatectl set-timezone Asia/Shanghai
     28            else
     29                 echo "Time zone configuration successful"
     30             fi
     31            rpm -qa |grep chrony
     32             if [ $? != 0 ];then
     33                 yum -y install chrony && cp /etc/chrony.conf /etc/chrony.conf.bak
     34                 sed -i '/^server/ s/^/#/' /etc/chrony.conf
     35                 sed -i '2a server ntp.ntsc.ac.cn iburst' /etc/chrony.conf
     36                 chronyc -a makestep
     37            else
     38                 echo "chrony is sucess"
     39            fi
     40             id SHunicom
     41            if [ $? != 0 ];then
     42                  useradd SHunicom && echo ShCX#9+2uc0$]80! |passwd --stdin SHunicom
     43                 echo "SHunicom add ok"
     44            fi
     45 }
     46 
     47 
     48 zlic_install () {
     49          cd /root
     50          tar  -vxf zlib-1.2.11.tar.gz
     51          cd zlib-1.2.11
     52          ./configure   --prefix=/usr/local/zlib
     53          make  &&  make install
     54          echo " zlib install ok"
     55 }
     56 
     57 openssl_install () {
     58          cd /root 
     59          tar  -vxf openssl-1.1.1a.tar.gz >/dev/null
     60          cd openssl-1.1.1a
     61          ./config  shared  zlib  --prefix=/usr/local/openssl
     62          make  &&  make install
     63          mv  /usr/bin/openssl  /usr/bin/openssl.old
     64          mv  /usr/include/openssl  /usr/include/openssl.old
     65          ln  -s  /usr/local/openssl/bin/openssl   /usr/bin/openssl
     66          ln  -s  /usr/local/openssl/include/openssl   /usr/include/openssl
     67          echo  "/usr/local/openssl/lib"   >>   /etc/ld.so.conf
     68          ldconfig -v
     69 }
     70 
     71 openssh_prepare () {
     72        yum -y install wget
     73        rpm -qa |grep wget
     74        wget_stat=$?
     75        ping -c  3 openbsd.hk
     76        ping_stat=$?
     77      
     78       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
     79              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
     80              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
     81              wget http://www.zlib.net/zlib-1.2.11.tar.gz
     82              yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel tcp_wrappers-devel wget
     83       else
     84             echo -n -e "program:  'basename $wget_stat'  openssh download faifled"
     85       fi
     86      ps -ef |grep sshd | grep -v grep
     87      ssh_stat=$?
     88      rpm -qa |grep openssh
     89      openssh_stat=$?
     90      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
     91           systemctl stop sshd
     92           rpm -qa |grep openssh |xargs -d "
    " rpm -e --nodeps
     93           mv /etc/init.d/sshd /etc/init.d/sshd.bak
     94           mv /etc/ssh /etc/ssh.bak
     95      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then  
     96           systemctl stop sshd
     97          mv /usr/local/openssh /usr/local/openssh.bak
     98      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
     99            mv /usr/local/openssh /usr/local/openssh.bak
    100      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
    101           rpm -qa |grep openssh |xargs -d "
    " rpm -e --nodeps
    102           mv /etc/init.d/sshd /etc/init.d/sshd.bak
    103           mv /etc/ssh /etc/ssh.bak
    104      fi
    105 }
    106 
    107 ubuntu_prepare () {
    108         echo "0" >/etc/apt-get/sources.list
    109        sed -i '1a  deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list
    110        sed -i '1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse ' /etc/aptt/sources.list
    111        sed -i '1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list
    112        sed -i '1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list
    113        sed -i '1a  deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list
    114        sed -i '1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' /etc/apt/sources.list
    115        sed -i '1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse' /etc/apt/sources.list
    116        sed -i '1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' /etc/apt/sources.list
    117        sed -i '1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse' /etc/apt/sources.list
    118        sed -i '1a  deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' /etc/apt/sources.list
    119        sudo apt-get install wget
    120        dpkg -s wget
    121        wget_stat=$?
    122        ping -c  3 openbsd.hk
    123        ping_stat=$?
    124      
    125       if [[ $ping_stat -eq 0 ]] && [[ $wget_stat -eq 0 ]];then
    126              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
    127              wget "https://www.openssl.org/source/openssl-1.1.1a.tar.gz"
    128              wget http://www.zlib.net/zlib-1.2.11.tar.gz
    129             sudo apt-get install wget gcc make zlib1g-dev libssl-dev libpam0g-dev sysv-rc-conf -y
    130       else
    131             echo -n -e "program:  'basename $wget_stat'  openssh download faifled"
    132       fi
    133      ps -ef |grep sshd | grep -v grep
    134      ssh_stat=$?
    135      rpm -qa |grep openssh
    136      openssh_stat=$?
    137      if [[ $ssh_stat = 0 ]] && [[ $openssh_stat = 0 ]];then
    138           systemctl stop sshd
    139           mv /etc/init.d/sshd /etc/init.d/sshd.bak
    140           mv /etc/ssh /etc/ssh.bak
    141      elif [ $ssh_stat -eq 0 -a $openssh_stat -ne 0 ]  ;then  
    142           systemctl stop sshd
    143          mv /usr/local/openssh /usr/local/openssh.bak
    144      elif [ $ssh_stat -ne 0 -a $openssh_stat -ne 0 ]  ;then
    145            mv /usr/local/openssh /usr/local/openssh.bak
    146      elif [ $ssh_stat -ne 0 -a $openssh_stat -eq 0 ]  ;then
    147           mv /etc/init.d/sshd /etc/init.d/sshd.bak
    148           mv /etc/ssh /etc/ssh.bak
    149      fi
    150 }
    151         apt_get=$?
    152          if [ apt_get -eq 0 ];then
    153              wget http://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
    154              wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
    155              wget http://www.zlib.net/zlib-1.2.11.tar.gz
    156          fi
    157 
    158 openssh_install () {
    159          cd /root
    160          tar -xvf openssh-8.1p1.tar.gz &&  /root > /dev/null
    161          cd openssh-8.1p1
    162          var="$1"
    163          if [ "$var" = "cen6" ];then
    164              ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl -with-md5-passwords --without-hardening 
    165              if [ $? = 0 ];then
    166                   openssh_init
    167              else
    168                   echo "system is $var , configure openssh failed " >>/install.log
    169              fi
    170          elif [ "$var" = "cen7" ];then
    171             ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam --with-ssl-dir=/usr/local/openssl
    172              if [ $? = 0 ];then
    173                   openssh_init
    174              else
    175                   echo "system is $var , configure openssh failed " >>/install.log
    176              fi
    177          fi
    178 }        
    179 
    180 openssh_init () {
    181                make && make install
    182                cp $DIRSSH/contrib/redhat/sshd.init /etc/init.d/sshd
    183               sed -i '25,25s/SSHD=/usr/sbin/sshd/SSHD=/usr/local/openssh/sbin/sshd/' /etc/init.d/sshd
    184               sed -i '41,41s//usr/bin/ssh-keygen -A//usr/local/openssh/bin/ssh-keygen -A/' /etc/init.d/sshd
    185               chkconfig --add sshd && systemctl daemon-reload
    186 #              sed -i 's/#Port 22/Port 22022/' /etc/ssh/sshd_config
    187               sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    188               chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
    189               systemctl start sshd
    190               echo "export PATH=/usr/local/openssh/bin:$PATH" >> /etc/profile 
    191               source /etc/profile
    192 }
    193 
    194 DIRZLIB='/usr/local/zlib'
    195 DIRSSL='/usr/local/openssl'
    196 DIRSSH='/root/openssh-8.1p1'
    197 INSTALLSSH='/usr/local/openssh'
    198 SYSSSH='/etc/ssh'
    199 array_number=(init centos6 centos7 ubuntu)
    200 echo -n -e "e[31;47m please input number 0.init 1.centos6 2.centos7 3.ubuntu
     please input number:	e[30"
    201 read input
    202 number=${array_number["$input"]}
    203      case  "$number"    in 
    204           ${array_number[0]})
    205                    system_init
    206                         ;;
    207           ${array_number[1]})
    208                         openssh_prepare
    209                         zlic_install
    210                         openssl_install
    211                         openssh_install cen6
    212                         ;;
    213           ${array_number[2]})
    214                         openssh_prepare
    215                         zlic_install
    216                         openssl_install
    217                         openssh_install cen7
    218                         ;;
    219            ${array_number[3]})
    220                 ubuntu_prepare 
    221                 zlic_install
    222                 openssl_install
    223                 openssh_install   cen7      
    224                 ;;
    225             *)
    226                 echo "Usage: input number 0.init 1.centos6 2. centos7 3. ubuntu
    "
    227                 exit 1
    228                 ;;
    229       esac    
  • 相关阅读:
    自动化验证文件是否更新
    设计师最常用的几个字体网站,解决你苦寻字体烦恼!
    条码生产返回结果
    精选] MySQL数据太大,你们是如何拆分数据的?
    在idea中如何将Services调出并将启动类显示在Services中
    怎么关闭笔记本的触控板
    svn钩子
    split分割
    java中multiply用法_java中BigDecimal加减乘除基本用法
    取当前年月
  • 原文地址:https://www.cnblogs.com/RXDXB/p/12145644.html
Copyright © 2020-2023  润新知