Shulou(Shulou.com)06/01 Report--

This article mainly explains the "centos upgrade openssl package methods and steps", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "centos upgrade openssl package methods and steps" bar!

1. Download the openssl package to upgrade to

Https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz

two。 Activate telnet before upgrading openssh

1) View the telnet package

Rpm-qa | grep telnet

-- if not installed, yum installation

# yum install telnet

# yum install telnet-server

2) start telnet

-- Edit the telnet file and change disable to no

# vi / etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses\

# unencrypted username/password pairs for authentication.

Service telnet

{

Flags = REUSE

Socket_type = stream

Wait = no

User = root

Server = / usr/sbin/in.telnetd

Log_on_failure + = USERID

Disable = no

}

-- restart xinetd service

Service xinetd restart

Or

/ etc/rc.d/init.d/xinetd restart

-- connect to the server through telnet

C:\ > telnet 192.168.5.5

-- default telnet can only connect to ordinary users, and then jump to root users

3. Back up the original openssh related files

# cp / usr/sbin/sshd / usr/sbin/sshd.bak

# cp / etc/ssh/ssh_config / etc/ssh/ssh_config.bak

# cp / etc/ssh/sshd_config / etc/ssh/sshd_config.bak

# cp / etc/ssh/moduli / etc/ssh/moduli.bak

Delete the following three files, otherwise an error will be reported during installation.

Rm-rf / etc/ssh/ssh_config

Rm-rf / etc/ssh/sshd_config

Rm-rf / etc/ssh/moduli

-- install the packages required for compilation

Yum install gcc

Yum install pam-devel

Yum install zlib-devel

Yum install openssl-devel

4. Extract and install the new version of openssh

# tar-zxvf openssh-7.4p1.tar.gz

# cd openssh-7.4p1

#. / configure-prefix=/usr/local/openssh-sysconfdir=/etc/ssh-with-pam-with-md5-passwords-mandir=/usr/share/man

-- configure error terminates. Clean up the previous compilation information before recompiling.

# make clean

# ldconfig

#. / configure-prefix=/usr/local/openssh-sysconfdir=/etc/ssh-with-pam-with-md5-passwords-mandir=/usr/share/man

# make & & make install

# / etc/init.d/sshd restart

5. Overwrite old files

# cp-p / softs/openssh-7.4p1/contrib/redhat/sshd.init / etc/init.d/sshd

# hmod uplix / etc/init.d/sshd

# chkconfig-add sshd

# cp / usr/local/openssh/sbin/sshd / usr/sbin/sshd

# cp / usr/local/openssh/sbin/sshd / usr/sbin/sshd

Cp: overwrite `/ usr/sbin/sshd'? Y

Cp: cannot create regular file `/ usr/sbin/sshd': Text file busy

The file is in use

# ps-ef | grep sshd

# kill-9 77777

# ps-ef | grep sshd

-- re-overwrite:

# cp / usr/local/openssh/bin/ssh / usr/bin/ssh

# service sshd restart

Stopping sshd: [OK]

Ssh-keygen: illegal option-- A

Usage: ssh-keygen [options]

Options:

...

# cat / etc/init.d/sshd

Start ()

{

# Create keys if necessary

/ usr/bin/ssh-keygen-A

If [- x / sbin/restorecon]; then

/ sbin/restorecon / etc/ssh/ssh_host_key.pub

/ sbin/restorecon / etc/ssh/ssh_host_rsa_key.pub

/ sbin/restorecon / etc/ssh/ssh_host_dsa_key.pub

/ sbin/restorecon / etc/ssh/ssh_host_ecdsa_key.pub

Fi

Echo-n $"Starting $prog:"

$SSHD $OPTIONS & & success | | failure

RETVAL=$?

[$RETVAL-eq 0] & & touch / var/lock/subsys/sshd

Echo

}

-- since the lower version of ssh-keygen does not have the-A parameter, the solution is as follows.

# cp / usr/local/openssh/bin/ssh-keygen / usr/bin/ssh-keygen

-- restart sshd service:

# service sshd restart

# vi / etc/ssh/sshd_config

-- remove the following entry comments and allow root to log in through ssh

PermitRootLogin yes

Comment out the following three parameters

# GSSAPIAuthentication yes

# GSSAPICleanupCredentials yes

# UsePAM yes

6. Restart the sshd service and connect to the server through ssh

# service sshd restart

C:\ > ssh 192.168.5.5

# ssh-V

7. Disable telnet

# vi / etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses\

# unencrypted username/password pairs for authentication.

Service telnet

{

Flags = REUSE

Socket_type = stream

Wait = no

User = root

Server = / usr/sbin/in.telnetd

Log_on_failure + = USERID

Disable = yes

}

-- stop the xinetd service

# service xinetd stop

# chkconfig-list xinetd

# chkconfig xinetd off

# chkconfig-list xinetd

-- if an error is reported in winscp login linux, the solution can be as follows

# vi / etc/ssh/sshd_config

-comment out the following entries

# Subsystem sftp / usr/libexec/openssh/sftp-server

-- add the following entry

Subsystem sftp internal-sftp

-- restart sshd service:

# service sshd restart

Thank you for your reading, the above is the "centos upgrade openssl package methods and steps" content, after the study of this article, I believe you on the centos upgrade openssl package methods and steps of this problem have a deeper understanding, the specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.