客户系统检测出openssh版本过旧存在漏洞,所以决定写个脚本,需要四个包:openssh-7.1p2.tar,openssl-1.0.1s.tar,telnet-server-1.2-149.1.x86_64,zlib-1.2.8.tar
telnet 配置 1 # default: off 2 # description: Telnet is the old login server which is INSECURE and should 3 # therefore yest be used. Use secure shell (openssh). 4 # If you need telnetd yest to "keep-alives" (e.g. if it runs over a ISDN 5 # uplink), add "-n". See 'man telnetd' for more details. 6 service telnet 7 { 8 socket_type = stream 9 protocol = tcp 10 wait = no 11 user = root 12 server = /usr/sbin/in.telnetd 13 disable = no 14 }
脚本如下:(亲测,可用)
#!/bin/bash #program : Server auto deploy #author : shenjianyu@thinktrader.net #version : latst #function : update openssh ##当前路径 current_dir="$(pwd) " zlib_version="zlib-1.2.8" openssh_version="openssh-7.1p2" openssl_version="openssl-1.0.1s" DATE=`date +%Y%m%d` Distributor=`lsb_release -i|cut -c 17-` BLUE_COLOR='E[1;34m' #蓝 RED_COLOR='E[1;31m' #红 BLACK_COLOR='E[1;30m' #黑 echo -e "${RED_COLOR}########################################################################################${RES}" echo -e "${RED_COLOR}################### #################### " echo -e "${RED_COLOR}################### openssh install -----[success] #################### " echo -e "${RED_COLOR}################### #################### " echo -e "${RED_COLOR}################### #################### " echo -e "${RED_COLOR}########################################################################################${RES}" echo -e "${BLACK_COLOR} ${RES}" sleep 5 ##检查系统当前用户 if [ `id -u` != 0 ]; then echo "Error: if you want to run this script,please use root to execute;" exit 1 fi ##安装telnet cd $current_dir rpm -ivh telnet-server-1.2-149.1.x86_64.rpm sed -e 's/yes/no/g' /etc/xinetd.d/telnet /etc/init.d/xinetd restart chkconfig --list | grep telnet if [ $? -eq 0 ]; then echo "install telnet ---------------------------[success]" fi sleep 5 ##记录当前openssh版本信息 cd $current_dir touch openssh_version.txt > /dev/null echo `ssh -V` &> $current_dir/openssh_version.txt ##安装zlib,构建共享库 cd $current_dir tar -zxvf zlib-1.2.8.tar.gz cd $zlib_version ./configure --shared sleep 3 /usr/bin/make install cp zutil.h /usr/local/include cp zutil.c /usr/local/include /sbin/ldconfig -v sleep 2 ##进入安装包上传目录,解压openssl cd $current_dir tar -zxvf openssl-1.0.1s.tar.gz cd $openssl_version ./config shared zlib sleep 3 /usr/bin/make sleep 2 /usr/bin/make install echo "install openssl --------------------------[success]" sleep 5 ##修改配置文件,显示正常版本信息 mv `which openssl` /usr/bin/openssl.bak ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl echo `ssh -V` &> /$current_dir/openssh_version.txt echo "/usr/local/ssl/lib" >> /etc/ld.so.conf /sbin/ldconfig -v ##软件安装之-Openssh安装 ##禁用sshd服务,卸载原来的openssh版本 /sbin/service sshd stop cp /etc/init.d/sshd /root/ if rpm -qa | grep openssh &> /dev/null then rpm -qa | grep openssh &> $current_dir/openssh_version.txt while read line do rpm -e $line --nodeps echo "remove $line ------------------------------[success]" done <$current_dir/openssh_version.txt fi ##解压缩openssh安装包,并进入解压缩文件编译安装 cd $current_dir tar -zxvf openssh-7.1p2.tar.gz cd $openssh_version ./configure --prefix=/usr --with-zlib=/root/zlib-1.2.8 --with-md5-passwords sleep 2 /usr/bin/make sleep 2 /usr/bin/make install ##启动调试ssh #OS type if [ "$Distributor" == "SUSE LINUX" ]; then cd contrib/suse cp rc.sshd /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd else cd contrib/redhat cp sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd fi sed -i '10a PermitRootLogin YES' /usr/etc/sshd_config service sshd restart chkconfig sshd on if netstat -tnlp | grep -w 22 &> /dev/null; then echo "Start debugging-----------------------------------[success]" echo -e "${BLUE_COLOR}########################################################################################${RES}" echo -e "${BLUE_COLOR}################### #################### " echo -e "${BLUE_COLOR}################### openssh install -----[success] #################### " echo -e "${BLUE_COLOR}################### #################### " echo -e "${BLUE_COLOR}################### #################### " echo -e "${BLUE_COLOR}########################################################################################${RES}" sleep 3 sed -i 's/no/yes/g' /etc/xinetd.d/telnet /etc/init.d/xinetd restart fi ssh -V exit 0