2. it技术
  3. Centos7整体升级openssl至1.1.1g及openssh8.3p1

Centos7整体升级openssl至1.1.1g及openssh8.3p1

it2024-01-07  58

open全部操作请使用root 一、前序准备条件 wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz wget http://www.openssl.org/source/openssl-1.1.1g.tar.gz mkdir /data/lib64-bak cp -p /usr/lib64/libssl.so.1.* /data/lib64-bak/ cp -p /usr/lib64/libcrypto.so.1.* /data/lib64-bak/

二、升级openssl环境至openssl-1.1.1g –(1)查看源版本 [root@zj ~]# openssl version -a OpenSSL 1.0.2e-fips-rhel5 01 Jul 2008

yum install -y zlib

–(2)卸载原有openssl

rpm -qa| grep openssl rpm -e `rpm -qa | grep openssl` --nodeps

–(3)解压安装 tar zxf openssl-1.1.1g.tar.gz cd openssl-1.1.1g ./config shared zlib make make install mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/bin/openssl /usr/bin/openssl ln -s /usr/local/include/openssl /usr/include/openssl echo “/usr/local/lib” >> /etc/ld.so.conf ldconfig -v –(4)查看是否升级成功 openssl version -a

OpenSSL 1.1.1g 7 Apr 2014

–(5)***遇到openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory执行以下 ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

三、Openssh-8.4P1修复 –(1)检查openssh rpm -qa|grep openssh

–(2)避免openssh失败无法登陆安装telnet --连网或者单机传包 rpm -Uvh telnet-server-0.17-64.el7.x86_64.rpm rpm -Uvh xinetd-2.3.15-13.el7.x86_64.rpm

yum install -y telnet-server xinetd

注意:yum如果报错的话是因为缺少文件,即执行下面四的步骤即可 echo -e ‘pts/0\npts/1\npts/2\npts/3’ >>/etc/securetty systemctl enable xinetd.service systemctl enable telnet.socket systemctl start telnet.socket systemctl start xinetd

–(3)验证telnet已可用,通过telnet23端口连接主机

–(4)安装必要的软件:–连网或者单机传包 gcc pam pam-devel zlib zlib-devel openssl-devel rpm -Uvh 程序包名

yum -y update pam zlib

yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel

–(5)卸载旧的openssh

rpm -e `rpm -qa | grep openssh` --nodeps

–(6)解压编译

tar -zxvf openssh-8.4p1.tar.gz

cd openssh-8.4p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd

make

make install

如果遇到如下报错:chmod 600 /etc/ssh/ssh_host_*

chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ed25519_key chmod 600 /etc/ssh/ssh_host_ecdsa_key

#修订配置文件 echo ‘PermitRootLogin no’ >> /etc/ssh/sshd_config (注意:执行这句代表root不能登录,请根据情况操作) cp -p contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chkconfig --add sshd

#加入开机启动 chkconfig sshd on chkconfig --list sshd service sshd start

#停止telnet服务 systemctl stop telnet.socket systemctl disable telnet.socket systemctl stop xinetd.service systemctl disable xinetd.service

四、整体验证,及修复 –(1)测试yum ping ssh cp等命令以及上传、重新打开新的ssh连接情况 cp /data/lib64-bak/* /usr/lib64/ cd /usr/lib64/ ll libssl* ll libcrypt*

–(2)将原来备份的libssl和libcrypto进行软连接 ln -s libssl.so.1.0.1e /usr/lib64/libssl.so.10 ln -s libcrypto.so.1.0.1e /usr/lib64/libcrypto.so.10

–(3)再次验证之前使用有问题的功能 查看当前openssh和openssl版本 ssh -V openssl version -a

报错解析

最近新发现的一个问题rpm会因为升级openssl而报错

解决:下载rpm依赖包

最新回复(0)