还剩1页未读,继续阅读
文本内容:
Openssh升级步骤参考地址.361way.com/openssh-schnorr/
3930.html
一、确定tel net能连接到服务器,如果不能连接,需要安装tel net服务器#yum instal1tel nettel net-server pam-devel-y#sed-i*s/yes/no/g1/etc/xi netd.d/telnetservi cexi netdrestart#mv/etc/securetty/etc/securetty.bak
二、启用telnet和配置登陆#service xinetdrestart#vim/etc/xi netd.d/telnet修改di sable=no#mv/etc/securetty/etc/securetty.bak后面需要改名回来防火墙增力口-A INPUT-m state--state NEW-m tcp-p tcp--dport22-j ACCEPT此时,telnet连接到服务器三.程序升级包的安装l.openssl
1.#
2.#./config-fPlC threadssharedmakemake testmake instal1・3#mv/usr/bin/openssl/usr/bin/openssl.OFF
4.#mv/usr/include/openssl/usr/include/openssl.OFF
5.//该步骤可能提示无文件,忽略即可
6.#In-s/usr/local/ssl/bin/openssl/usr/bin/openssl
7.#1n-s/usr/local/ssl/include/openssl/usr/include/openssl
8.//移走原先系统自带的openssl,将自己编译产生的新文件进行链接注:不能卸载原openssl包,否则会影响系统的ssl加密库文件,除非你可以做两个软连接libcryto和libsslo配置文件搜索路径
1.#chmod
7552.#/sbin/ldconfig-vopenssl version-aI
3.OpenSSL
1.
0.114Mar
20124.bui1t on:Fri Mar1617:14:50CST
20125.platform:1i nux-x86_
646.options:bn64,64rc416x,int desidx,ci sc,16,i ntideaint blowfishidx
7.compiler gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa,--noexecstack-rn64-DL_ENDIAN-DTERMIO-03-wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM
8.OPENSSLDIR/usr/local/ssl、卸载原包2openssh备份启动脚本
1.#cp/etc/init.d/sshd/root//sbin/service sshdstop停止SSHD服务卸载系统里原有Openssh
1.#rpm-qa grepopenssh〃查询系统原安装的openssh包,全部卸载
2.#rpm-e openssh-nodeps
3.#rpm-e opcnssh-server-nodeps
4.#rpm-e openssh-clients-nodeps
5.#rpm-e openssh-askpass
6.或rpm-e-nodeps rpm-qa grepopenssh、解压安装包3zlib
1.#tar-zxvf zlib-
1.
2.
11.tar.gzcd zlib-l.
2.11,/configuremakemake install
2.〃首先安装zlib库,否则会报zlib.c错误无法进行、升级包4openssh
1.先将将/etc/ssh的文件夹备份
2.#mv/etc/ssh/etc/ssh baktar-zxvf openssh-
7.4pl.tar.gzcd openssh-
7.4pl
3.#./configure--sysconfdir=/etc/ssh--with-ssl-dir=/usr/local/ssl--with-md5-passwords-mandir=/usr/share/man-with-pammakemake install编译过程中可能报如下错
1.checking forEVP_sha
256...yes
2.checking whetherOpenSSL hasNTD_X9_62_prime256vl...yes
3.checking whetherOpenSSL hasNID_secp384rl...yes
4.checking whetherOpenSSL hasNID secp521rl...yes
5.checking ifOpenSSf sNID secp521rl isfunctional...yes
6.checking foria openinfoin-liaf...no
7.checking whetherOpenSSI/s PRNGis internallyseeded...yes
8.configure:error:PAM headersnot found如果报此错误需要安装相应版本的pam-devel包通过yum本地源服务器解决、启动月艮务5openssh编译安装好后,可以通过sshd-d进行验证,如果没有报错就可以重新启用openssh了
1.#cp contrib/redhat/sshd.init/etc/init.d/sshd
2.suse:cp contrib/suse/rc.sshd/etc/init.d/sshd
3.#chmod+x/etc/init.d/sshdchkconfig-add sshd
4.#cp sshd_config/etc/ssh/sshd_configcp sshd/usr/sbin/sshd
5.如提示覆盖,yes回车
6.#cp ssh-keygen/usr/bin/ssh-keygen通过下面的命令启动SSh服务
1.service sshdstart或service sshdrestart注ssh-V〃如果看到了新的版本号就没问题啦!如果没有ssh这条命令,执行redhat、suse:In-s/usr/local/bin/ssh/usr/bin/ssh最后把#mv/etc/securetty.bak/etc/securetty。