首页 > 代码库 > 升级SSH

升级SSH

1、使用ssh -v查看当前SSH的版本:

[root@server ~]# ssh -v

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]

           [-D [bind_address:]port] [-e escape_char] [-F configfile]

           [-i identity_file] [-L [bind_address:]port:host:hostport]

           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]

           [-R [bind_address:]port:host:hostport] [-S ctl_path]

           [-w tunnel:tunnel] [user@]hostname [command] 

2、安装zlib-1.2.8 

注意:

安装之前确保已经装有gcc、gcc-c++库

[root@server src]# rpm -qa gcc

[root@server src]# rpm -qa gcc-c++

如果没有安装可以用yum直接联网安装:

[root@server src]# yum -y install gcc

[root@server src]# yum -y install gcc-c++ zlib-devel 


确保已经安装了gcc和gcc-c++库后,开始安装zlib-1.2.8

[root@server src]# tar -zxvf zlib-1.2.8.tar.gz

[root@server src]# cd zlib-1.2.8

[root@server zlib-1.2.8]# ./configure --prefix=/usr/local/zlib -share

[root@server zlib-1.2.8]# make

[root@server zlib-1.2.8]# make test

[root@server zlib-1.2.8]# make install

 

3、安装openssl 

[root@server src]# tar -zxvf openssl-1.0.1g.tar.gz

[root@server src]# cd openssl-1.0.0g

[root@server openssl-1.0.1g]# ./config shared zlib-dynamic --prefix=/usr/local/openssl --with-zlib-lib=/usr/local/zlib/lib --with-zlib-include=/usr/local/zlib/include

[root@server openssl-1.0.1g]# make

[root@server openssl-1.0.1g]# make test           (这一步是进行 SSL 加密协议的完整测试,如果出现错误就要一定先找出原因,否则可能导致SSH不能用)

[root@server openssl-1.0.1g]# make install


[root@server openssl-1.0.1g]# echo /usr/local/openssl/lib >> /etc/ld.so.conf     #配置库文件搜索路径

增加下列一行

/usr/local/openssl/lib                               #64位OS 没有生成lib目录,是lib64目录

[root@server openssl-1.0.1g]# ldconfig -v             #刷新缓存文件/etc/ld.so.cache



4、接下来开始替换系统原来的SSL

mv /usr/bin/openssl /usr/bin/oldopenssl

mv /usr/lib/openssl /usr/lib/oldopenssl


ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/openssl/include/openssl/ /usr/include/openssl


验证:openssl version -a

OpenSSL 1.0.1g 7 Apr 2014


rm -rf /usr/lib/libcrypto.so

rm -rf /usr/lib/libssl.so


ln -s /usr/local/openssl/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so

ln -s /usr/local/openssl/lib/libssl.so.1.0.0 /usr/lib/libssl.so


echo /usr/local/openssl/lib >> /etc/ld.so.conf

ldconfig -v

openssl version -v        #查看openssl的新版本号


OpenSSL 1.0.1g 7 Apr 2014


5、卸载当前使用的openssh 

[root@server openssl-1.0.0c]# rpm -e openssh

error: Failed dependencies:

openssh = 4.3p2-41.el5 is needed by (installed) openssh-clients-4.3p2-41.el5.x86_64

openssh = 4.3p2-41.el5 is needed by (installed) openssh-server-4.3p2-41.el5.x86_64

openssh = 4.3p2-41.el5 is needed by (installed) openssh-askpass-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-askpass-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-server-4.3p2-41.el5.x86_64

warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave     --会提示此信息

[root@server openssl-1.0.0c]# rpm -e openssh-clients-4.3p2-41.el5.x86_64

[root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el5 


6、安装新版本openssh 

[root@server src]# tar -zxvf openssh-6.5p1.tar.gz

[root@server src]# cd openssh-6.5p1

[root@server openssh-6.5p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-openssl-header-check


出现:configure: error: PAM headers not found 错误

说明系统中没有安装pam-devel RPM 包,找到安装光盘,安装pam-devel或者用yum直接安装

[root@server openssh-6.5p1]# yum -y install pam*


安装完PAM相关包后,再重新编译

[root@server openssh-6.5p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-openssl-header-check

[root@server openssh-6.5p1]# make

[root@server openssh-6.5p1]# make install

[root@server openssh-6.5p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd

[root@server openssh-6.5p1]# chmod +x /etc/init.d/sshd

[root@server openssh-6.5p1]# chkconfig sshd on

[root@server openssh-6.5p1]# chkconfig --list sshd

[root@server openssh-6.5p1]# service sshd start


正在启动 sshd:WARNING: initlog is deprecated and will be removed in a future release

[确定]


这时出现“WARNING: initlog is deprecated and will be removed in a future release

”错误,可能是前面编译安装ssh在启动服务的时候没有更改文件路径,解决方法是:编辑/etc/init.d/sshd

注释如下行

#initlog -c "$SSHD $OPTIONS" && success || failure

添加如下行

$SSHD $OPTIONS && success || failure 


然后再重新启动sshd服务,正常


[root@server openssh-6.5p1]# /etc/init.d/sshd restart

停止 sshd:[确定]

正在启动 sshd:[确定]


最后使用ssh -v查看当前的SSH版本:

[root@server openssh-6.5p1]# ssh -v

OpenSSH_6.5p1, OpenSSL 1.0.1g 7 Apr 2014


本文出自 “7924127” 博客,请务必保留此出处http://7934127.blog.51cto.com/7924127/1585106

升级SSH