1、打开telnet功能
安装telnet-server
#yum install telnet-server #vi /etc/xinetd.d/telnet
找到disable = yes 将 yes 改成 no
重启xinetd
#service xinetd restart
通过其他机器telnet登录测试
建议通过telnet 到主机进行openssh的以下升级操作。
2、安装openssl
在卸载和安装之前按照必要的包
yum -y install gcc pam-devel openssl-devel zlib-devel krb5-devel
1)升级前准备
下载openssl-1.0.1j
wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz
2)删除旧版本
rpm -e `rpm -qa | grep openssl` --allmatches --nodeps
3)安装openssl, 一定记得加上--shared选项, 否则openssh编译的时候会找不到新安装的openssl的library, 会报错: openssl的 header和library版本不匹配
tar zxvf openssl-1.0.1j.tar.gz cd openssl-1.0.1j # ./config --prefix=/usr --shared # make # make test # make install #ln -sf /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.6 #ln -sf /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so.6
完毕后查看openssl版本安装是否正确
2)下载openssh-7.2p2.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p2.tar.gz
备份ssh :
# mv /etc/ssh /etc/ssh.bak # openssl version -a
3)编译安装新版本openssh
# tar zxf openssh-6.9p1.tar.gz && cd openssh-6.9p1 # ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords # make
先卸载完旧版本的openssh,再make install
# rpm -qa | grep openssh
rpm -e openssh-server-6.1p1-5.el5.1
备份原来的ssh程序
mv /etc/init.d/sshd /etc/init.d/sshd.bak
进入ssh安装解压目录
cp ./contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd
最后,启动 SSH 服务使修改生效,检查命令:
chkconfig --list sshd
重启sshd,在重启前,再登录一个会话,防止重启失败
如果升级到openssh7.0以后的版本,重启会出现如下错误
启/sbin/restorecon:lstat(/etc/ssh/ssh_host_key.pub) failed报错
因为没有在/etc/ssh下生成ssh_host_key/ssh_host_key.pub文件,导致脚本服务报错,那么可以到启动服务脚本/etc/init.d/sshd文件中注释掉如下一行
service sshd restart
检查版本
[root@xen openssh-6.7p1]# ssh -V OpenSSH_6.9p1, OpenSSL 1.0.1j 15 Oct 2014
重新ssh登录主机如报如下错误:
[qhlogin@qhcomm1 ~]$ ssh 192.168.0.11
/etc/ssh/ssh_config line 51: Unsupported option "gssapiauthentication"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
2d:fa:dd:09:6f:7e:15:fa:f4:c7:3f:a5:5b:69:93:9f.
Please contact your system administrator.
Add correct host key in /home/qhlogin/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/qhlogin/.ssh/known_hosts:8
RSA host key for 192.168.0.11 has changed and you have requested strict checking.
Host key verification failed.
请到改主机的.ssh/下 vi known_hosts
删除相关的主机记录
记得关闭telnet
通过ssh 连接上后关闭telnet功能
#vi /etc/xinetd.d/telnet
将disable = no 改为yes
重启xinetd.d
service xinetd restart
原文链接:Centos/Redhat升级openssl1.0.1j和openssh7.2p2步骤方法,转载请注明来源!