一、CentOS7升级OpenSSL
1、查看ssl版本及下载相关依赖包
openssl version -a
yum install -y gcc openssl-devel pam-devel rpm-build
2、下载安装包(查询最新安装包)
wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root
tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr
3、卸载当前openssl
rpm -qa | grep openssl
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
4、解压openssl_1.0.2q源码并编译安装
cd /usr/openssl-1.0.2q
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make && make test && make install
5、创建库文件软链接并查看版本
由于OpenSSL不提供libcrypto.so.10和libssl.so.10这两个库,而yum、wget等工具又依赖此库,需要创建软连接使用
ll /usr/lib64/libssl.so*
ll /usr/lib64/libcrypto.so*
ln -s /usr/lib64/libssl.so.1.0.0 libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0 libcrypto.so.10
openssl version -a
二、CentOS7升级OpenSSH
1、查看版本下载相关依赖包
ssh -V
yum install -y gcc openssl-devel pam-devel rpm-build
2、下载安装包(查询最新安装包)
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root
3、卸载原Openssh
rm -rf /etc/ssh
rpm -qa |grep openssh
for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done
4、解压openssh安装包
tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr
cd /usr/openssh-7.9p1
5、编译安装
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening
make && make install
6、安装完成,执行配置
rm -rf /etc/init.d/sshd
cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig --list|grep sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
ssh -V
三、OpenSSL-OpenSSH升级脚本如下
#!/bin/bash
############################################
############# 升级OpenSSL ##########
############################################
#查看ssl版本及安装编译工具、下载OpenSSL源码包
openssl version -a
yum install -y gcc openssl-devel pam-devel rpm-build
wget https://distfiles.macports.org/openssl/openssl-1.0.2q.tar.gz /root
tar -zxvf /root/openssl-1.0.2q.tar.gz -C /usr
#卸载当前版本openssl
rpm -qa | grep openssl
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
#编译安装新版openssl
cd /usr/openssl-1.0.2q
./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
make && make test && make install
#创建库文件软链接并查看版本
ll /usr/lib64/libssl.so*
ll /usr/lib64/libcrypto.so*
ln -s /usr/lib64/libssl.so.1.0.0 libssl.so.10
ln -s /usr/lib64/libcrypto.so.1.0.0 libcrypto.so.10
openssl version -a
##########################################
################ 升级OpenSSH ##########
##########################################
#查看版本并安装编译工具、下载源码包
ssh -V
yum install -y gcc openssl-devel pam-devel rpm-build
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz /root
#删除原openssh软件
rm -rf /etc/ssh
rpm -qa |grep openssh
for i in `rpm -qa |grep openssh`;do rpm -e $i --nodeps;done
#安装openssh源码包
tar -zxvf /root/openssh-7.9p1.tar.gz -C /usr
cd /usr/openssh-7.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening
make && make install
#配置并重启openssh,查看版本
rm -rf /etc/init.d/sshd
cp /usr/openssh-7.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig --list|grep sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
systemctl enable sshd
systemctl restart sshd
systemctl status sshd
ssh -V