首页 > 代码库 > 升级SSH
升级SSH
1、使用ssh -v查看当前SSH的版本:
[root@server ~]# ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w tunnel:tunnel] [user@]hostname [command]
2、安装zlib-1.2.8
注意:
安装之前确保已经装有gcc、gcc-c++库
[root@server src]# rpm -qa gcc
[root@server src]# rpm -qa gcc-c++
如果没有安装可以用yum直接联网安装:
[root@server src]# yum -y install gcc
[root@server src]# yum -y install gcc-c++ zlib-devel
确保已经安装了gcc和gcc-c++库后,开始安装zlib-1.2.8
[root@server src]# tar -zxvf zlib-1.2.8.tar.gz
[root@server src]# cd zlib-1.2.8
[root@server zlib-1.2.8]# ./configure --prefix=/usr/local/zlib -share
[root@server zlib-1.2.8]# make
[root@server zlib-1.2.8]# make test
[root@server zlib-1.2.8]# make install
3、安装openssl
[root@server src]# tar -zxvf openssl-1.0.1g.tar.gz
[root@server src]# cd openssl-1.0.0g
[root@server openssl-1.0.1g]# ./config shared zlib-dynamic --prefix=/usr/local/openssl --with-zlib-lib=/usr/local/zlib/lib --with-zlib-include=/usr/local/zlib/include
[root@server openssl-1.0.1g]# make
[root@server openssl-1.0.1g]# make test (这一步是进行 SSL 加密协议的完整测试,如果出现错误就要一定先找出原因,否则可能导致SSH不能用)
[root@server openssl-1.0.1g]# make install
[root@server openssl-1.0.1g]# echo /usr/local/openssl/lib >> /etc/ld.so.conf #配置库文件搜索路径
增加下列一行
/usr/local/openssl/lib #64位OS 没有生成lib目录,是lib64目录
[root@server openssl-1.0.1g]# ldconfig -v #刷新缓存文件/etc/ld.so.cache
4、接下来开始替换系统原来的SSL
mv /usr/bin/openssl /usr/bin/oldopenssl
mv /usr/lib/openssl /usr/lib/oldopenssl
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl/ /usr/include/openssl
验证:openssl version -a
OpenSSL 1.0.1g 7 Apr 2014
rm -rf /usr/lib/libcrypto.so
rm -rf /usr/lib/libssl.so
ln -s /usr/local/openssl/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so
ln -s /usr/local/openssl/lib/libssl.so.1.0.0 /usr/lib/libssl.so
echo /usr/local/openssl/lib >> /etc/ld.so.conf
ldconfig -v
openssl version -v #查看openssl的新版本号
OpenSSL 1.0.1g 7 Apr 2014
5、卸载当前使用的openssh
[root@server openssl-1.0.0c]# rpm -e openssh
error: Failed dependencies:
openssh = 4.3p2-41.el5 is needed by (installed) openssh-clients-4.3p2-41.el5.x86_64
openssh = 4.3p2-41.el5 is needed by (installed) openssh-server-4.3p2-41.el5.x86_64
openssh = 4.3p2-41.el5 is needed by (installed) openssh-askpass-4.3p2-41.el5.x86_64
[root@server openssl-1.0.0c]# rpm -e openssh-askpass-4.3p2-41.el5.x86_64
[root@server openssl-1.0.0c]# rpm -e openssh-server-4.3p2-41.el5.x86_64
warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave --会提示此信息
[root@server openssl-1.0.0c]# rpm -e openssh-clients-4.3p2-41.el5.x86_64
[root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el5
6、安装新版本openssh
[root@server src]# tar -zxvf openssh-6.5p1.tar.gz
[root@server src]# cd openssh-6.5p1
[root@server openssh-6.5p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-openssl-header-check
出现:configure: error: PAM headers not found 错误
说明系统中没有安装pam-devel RPM 包,找到安装光盘,安装pam-devel或者用yum直接安装
[root@server openssh-6.5p1]# yum -y install pam*
安装完PAM相关包后,再重新编译
[root@server openssh-6.5p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-openssl-header-check
[root@server openssh-6.5p1]# make
[root@server openssh-6.5p1]# make install
[root@server openssh-6.5p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[root@server openssh-6.5p1]# chmod +x /etc/init.d/sshd
[root@server openssh-6.5p1]# chkconfig sshd on
[root@server openssh-6.5p1]# chkconfig --list sshd
[root@server openssh-6.5p1]# service sshd start
正在启动 sshd:WARNING: initlog is deprecated and will be removed in a future release
[确定]
这时出现“WARNING: initlog is deprecated and will be removed in a future release
”错误,可能是前面编译安装ssh在启动服务的时候没有更改文件路径,解决方法是:编辑/etc/init.d/sshd
注释如下行
#initlog -c "$SSHD $OPTIONS" && success || failure
添加如下行
$SSHD $OPTIONS && success || failure
然后再重新启动sshd服务,正常
[root@server openssh-6.5p1]# /etc/init.d/sshd restart
停止 sshd:[确定]
正在启动 sshd:[确定]
最后使用ssh -v查看当前的SSH版本:
[root@server openssh-6.5p1]# ssh -v
OpenSSH_6.5p1, OpenSSL 1.0.1g 7 Apr 2014
本文出自 “7924127” 博客,请务必保留此出处http://7934127.blog.51cto.com/7924127/1585106
升级SSH