升级openssl
1、centos6.9更换yum源为阿里云
全部copy执行:
sed -i "s|enabled=1|enabled=0|g" /etc/yum/pluginconf.d/fastestmirror.conf
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo
三条命令统一一次copy执行,切勿分开执行
yum clean all
yum makecache
2、升级openssl
yum install -y gcc gcc-c++ perl zlib-devel pam pam-devel tcp_wrappers-devel
yum install -y wget rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel openssl-libs
cd /usr/local/src/
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar -zxvf openssl-1.1.1k.tar.gz
mkdir /usr/local/openssl
cd /usr/local/src/openssl-1.1.1k
然后就是编译安装了
./config --prefix=/usr/local/openssl // 指定安装路径
make && make install
最后替换当前系统的旧版本 openssl 「先保存原来的」
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/lib64/openssl /usr/lib64/openssl.old
mv /usr/lib64/libssl.so /usr/lib64/libssl.so.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/openssl/lib
ldconfig -v
openssl version
3、升级openssh
cd /usr/local/src/
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz
tar -zxvf openssh-8.5p1.tar.gz
chown -R root:root openssh-8.5p1
cd openssh-8.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --without-openssl-header-check --with-ssl-dir=/usr/local/openssl/ --with-privsep-path=/var/lib/sshd
make
make install
mv /etc/init.d/sshd /tmp
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
service sshd restart
ssh -V #查看版本号