• openssh升级到8.4版本

    1.查看openssh现在的版本:

    # sshd -V
unknown option -- V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]

    2.查看openssh安装的方式:

    # rpm -qa|grep openssh
openssh-clients-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64

    建议:如果是物理机为了避免openssh升级出现故障,在升级前建议安装telnet,使用yum安装步骤如下:

    yum install -y telnet-server xinetd --安装  

echo -e 'pts/0pts/1
pts/2pts/3'  >>/etc/securetty  

 systemctl enable xinetd.service  
 systemctl enable telnet.socket  
 systemctl start telnet.socket  
 systemctl start xinetd

    如果是虚拟机可以使用回滚的方式,使用yum安装原来版本的openssh
    3.备份文件,需要备份的是openssh从来都没有升级过的文件,对于openfile非常重要:

    mkdir /openssh.bak
cp /etc/pam.d/sshd /openssh.bak

    4.卸载原openssh的安装包:
    rpm安装,卸载方式:

    rpm -e `rpm -qa | grep openssh` --nodeps

    源码安装的,找到之前的安装包,在里面执行 :

    make uninstall

    5.安装升级必要的软件:

    yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel

    6.开始升级openssh8.4版本:
    解压压缩文件:

    tar -xf openssh-8.4p1.tar.gz

    进入到openssh目录下:

    cd openssh-8.4p1/

    进行如下操作:

    ./configure  --prefix=/usr  --sysconfdir=/etc/ssh  --with-pam
 make&make install

    常出现了报错:

    ssh-keygen: generating new host keys: DSA 
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
[1]+  Exit 2                  make

    解决办法:

    chmod 600 /etc/ssh/ssh_host_*

    继续升级:

    cp contrib/redhat/sshd.pam /etc/pam.d/sshd
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.4p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.4p1
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'UsePAM yes' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd 
cp /openssh.bak/sshd /etc/pam.d/sshd
chmod +x /etc/init.d/sshd 
chkconfig --add sshd
chkconfig sshd on 
chkconfig --list sshd

    查看升级后的版本:

    sshd -V
unknown option -- V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]

    重启ssh服务:

    systemctl restart sshd

    7.修改open file参数:
    在vim /etc/security/limits.conf配置文件里最后一行添加:

     * soft nofile 65535
 * hard nofile 65535

    8.切换到普通用户下验证最大连接数,显示升级成功:

    ulimit -n
  • 相关阅读:
    POJ 1611 The Suspects 并查集
    POJ A Simple Problem with Integers 线段树的成段更新
    POJ 2367 Genealogical tree 拓扑排序
    《大道至简》读后感
    周总结报告
    周学习进度总结
    周总结报告
    周总结报告
    周总结报告
    教室派评价
  • 原文地址:https://www.cnblogs.com/zjz20/p/14159192.html
Copyright © 2020-2023  润新知