Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to upgrade RHEL7X_CentOS7X_ to Openssh7.6p1

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article shows you how to upgrade RHEL7X_CentOS7X_ to Openssh7.6p1, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

CentOS-7.3-x86_64-Everything-1611.iso-high version of backward compatibility

View system version

[root@test ~] # cat / etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

[root@test ~] #

[root@test ~] #

Turn off the firewall

Systemctl stop firewalld.service

Systemctl disable firewalld.service

Systemctl status firewalld.service

Upload related software

[root@test ~] # ll / soft/

CentOS-7-x86_64-Everything-1708.iso

Rhel-server-7.4-x86_64-dvd.iso

Openssh&Openssl&zlib version.zip

Hook up the system image

[root@test ~] # mount-o loop / soft/CentOS-7-x86_64-Everything-1708.iso / mnt-if the OS of rhel is attached to the rhel-server-7.4-x86_64-dvd.iso image

Mount: / dev/loop0 is write-protected, mounting read-only

[root@test ~] #

[root@test] # df-h

Filesystem Size Used Avail Use% Mounted on

/ dev/mapper/centos-root 41G 9.3G 30G 24% /

Devtmpfs 982m 0 982m 0% / dev

Tmpfs 993M 0 993M 0% / dev/shm

Tmpfs 993M 8.6m 984m 1% / run

Tmpfs 993M 0 993M 0% / sys/fs/cgroup

/ dev/sda1 477M 94M 354M 21% / boot

Tmpfs 199m 0 199m 0% / run/user/0

/ dev/loop0 8.1g 8.1g 0100% / mnt

[root@test ~] #

Back up the original YUM file

[root@test] # mkdir-p / etc/yum.repos.d/bak

[root@test ~] #

[root@test ~] # mv / etc/yum.repos.d/*.repo

CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo

CentOS-CR.repo CentOS-Media.repo

CentOS-Debuginfo.repo CentOS-Sources.repo

[root@test ~] # mv / etc/yum.repos.d/*.repo / etc/yum.repos.d/bak/

[root@test ~] #

[root@test ~] # ll / etc/yum.repos.d/

Total 4

Drwxr-xr-x. 2 root root 4096 Apr 12 14:01 bak

[root@test ~] #

Configure local YUM

[root@test ~] # cat / etc/yum.repos.d/centosdvd.repo

[centosdvd]

Name=centosdvd

Baseurl= file:///mnt

Enabled=1

Gpgcheck=0

[root@test ~] #

Clear the YUM cache

[root@test ~] # yum clean all

Loaded plugins: fastestmirror

Cleaning repos: centosdvd

Cleaning up everything

Maybe you want: rm-rf / var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos

[root@test ~] #

Make YUM Cache

[root@test ~] # yum makecache

Loaded plugins: fastestmirror

Centosdvd | 3.6 kB 00:00:00

(1go 4): centosdvd/group_gz | 156 kB 00:00:00

(2ap4): centosdvd/primary_db | 5.7 MB 00:00:00

(3x4): centosdvd/filelists_db | 6.7 MB 00:00:00

(4ache 4): centosdvd/other_db | 2.5 MB 00:00:00

Determining fastest mirrors

Metadata Cache Created

[root@test ~] #

List YUM feeds

[root@test ~] # yum list

. Omit.

Ifconfig network view command could not be found for processing

[root@localhost soft] # yum install net-tools-y

[root@localhost] # ifconfig-a

Eno16777728: flags=4163 mtu 1500

Inet 188.190.117.194 netmask 255.255.255.0 broadcast 188.190.117.255

Inet6 fe80::20c:29ff:fe3b:5926 prefixlen 64 scopeid 0x20

Ether 00:0c:29:3b:59:26 txqueuelen 1000 (Ethernet)

RX packets 347 bytes 31356 (30.6 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 300 bytes 66209 (64.6 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Lo: flags=73 mtu 65536

Inet 127.0.0.1 netmask 255.0.0.0

Inet6:: 1 prefixlen 128 scopeid 0x10

Loop txqueuelen 0 (Local Loopback)

RX packets 4 bytes 352 (352.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 4 bytes 352 (352.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@localhost ~] #

Install the telnet service and enable

Because the existing OpenSSH needs to be uninstalled during the OpenSSH upgrade process, in order to keep the server's remote connection available, you need to

To enable the telnet service instead, if there is a problem with the upgrade, you can also log in to the server through telnet for fallback.

Also install the telnet daemon: xinetd

Install the telnet service

[root@test ~] # yum install telnet-* xinetd ­y

[root@test ~] #

[root@test ~] # rpm-qa | grep telnet

Telnet-0.17-64.el7.x86_64

Telnet-server-0.17-64.el7.x86_64

[root@test ~] #

[root@test ~] # rpm-qa | grep xinetd

Xinetd-2.3.15-13.el7.x86_64

[root@test ~] #

[root@test ~] #

Add xinetd service to boot self-startup

[root@test ~] # systemctl enable xinetd.service

Add telnet service to boot self-startup

[root@test ~] # systemctl enable telnet.socket

Created symlink from / etc/systemd/system/sockets.target.wants/telnet.socket to / usr/lib/systemd/system/telnet.socket.

[root@test ~] #

Restart the service:

Since the telnet service is also guarded by xinetd, after installing telnet-server, to start the telnet service, you must restart xinetd

[root@test ~] # systemctl restart telnet.socket

[root@test ~] #

[root@test ~] # systemctl restart xinetd

[root@test ~] #

[root@test ~] #

Configure telnet root user access

Method 1:

Linux by default, root users cannot log in using telnet. You need to modify the end of / etc/secrueety file to add pts/1, pts/2, pts/3 or rename the secrueety file.

[root@test ~] # cat / etc/securetty

Console

Vc/1

Vc/2

Vc/3

Vc/4

Vc/5

Vc/6

Vc/7

Vc/8

Vc/9

Vc/10

Vc/11

Tty1

Tty2

Tty3

Tty4

Tty5

Tty6

Tty7

Tty8

Tty9

Tty10

Tty11

TtyS0

Ttysclp0

Sclp_line0

3270/tty1

Hvc0

Hvc1

Hvc2

Hvc3

Hvc4

Hvc5

Hvc6

Hvc7

Hvsi0

Hvsi1

Hvsi2

Xvc0

Pts/0

Pts/1

Pts/2

Pts/3

[root@test ~] #

Method 2:

Mv / etc/securetty / etc/securetty.bak so that ROOT can log in using ROOT

Verify telnet

[root@test ~] # telnet 192.168.195.141 23 or telnet 192.168.195.141 for verification

Trying 192.168.195.141...

Connected to 192.168.195.141.

Escape character is'^]'.

Kernel 3.10.0-693.el7.x86_64 on an x861464

Test login: root

Password:

Last failed login: Thu Apr 12 14:22:29 CST 2018 from:: ffff:192.168.195.141 on pts/1

There was 1 failed login attempt since the last successful login.

Last login: Thu Apr 12 13:51:21 from 192.168.195.1

[root@test ~] #

[root@test ~] #

Close selinux

[root@test ~] # vi / etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing-SELinux security policy is enforced.

# permissive-SELinux prints warnings instead of enforcing.

# disabled-No SELinux policy is loaded.

# SELINUX=enforcing

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted-Targeted processes are protected

# minimum-Modification of targeted policy. Only selected processes are protected.

# mls-Multi Level Security protection.

SELINUXTYPE=targeted

Install the toolkit required for compilation

[root@test ~] # yum-y install gcc pam ­devel zlib ­devel perl*

Install the unzip software:

[root@test soft] # yum-y install unzip

Decompress Openssh&Openssl&zlib version.zip

[root@test soft] # unzip Openssh\ & Openssl\ & zlib\ version.zip

[root@test soft] # ll Openssh\ & Openssl\ & zlib\ version

-rw-r--r--. 1 root root 1489788 Mar 30 12:42 openssh-7.6p1.tar.gz

-rw-r--r--. 1 root root 5329472 Mar 30 12:56 openssl-1.0.2o.tar.gz

-rw-r--r--. 1 root root 607698 Mar 30 10:08 zlib-1.2.11.tar.gz

[root@test soft] #

Upgrade ZLIB

Decompress the zlib_1.2.11 source code

[root@test soft] # tar-xvzf zlib-1.2.11.tar.gz

[root@test soft] # cd zlib-1.2.11

[root@test zlib-1.2.11] # ls

Adler32.c deflate.h infback.c make_vms.com trees.h zlib.h

Amiga doc inffast.c msdos uncompr.c zlib.map

ChangeLog examples inffast.h nintendods watcom zlib.pc.cmakein

CMakeLists.txt FAQ inffixed.h old win32 zlib.pc.in

Compress.c gzclose.c inflate.c os400 zconf.h zutil.c

Configure gzguts.h inflate.h qnx zconf.h.cmakein zutil.h

Contrib gzlib.c inftrees.c README zconf.h.in

Crc32.c gzread.c inftrees.h test zlib2ansi

Crc32.h gzwrite.c Makefile treebuild.xml zlib.3

Deflate.c INDEX Makefile.in trees.c zlib.3.pdf

Configuration check zlib

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #. / configure-prefix=/usr

Checking for gcc...

Checking for shared library support...

Building shared library libz.so.1.2.11 with gcc.

Checking for size_t... Yes.

Checking for off64_t... Yes.

Checking for fseeko... Yes.

Checking for strerror... Yes.

Checking for unistd.h... Yes.

Checking for stdarg.h... Yes.

Checking whether to use vs [n] printf () or s [n] printf (). Using vs [n] printf ().

Checking for vsnprintf () in stdio.h... Yes.

Checking for return value of vsnprintf (). Yes.

Checking for attribute (visibility) support... Yes.

[root@test zlib-1.2.11] #

Compile the zlib library

[root@test zlib ­1.2.11] # make

[root@test zlib-1.2.11] # make

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -c-o example.o test/example.c

. Omit.

Rm-f libz.so libz.so.1

Ln-s libz.so.1.2.11 libz.so

Ln-s libz.so.1.2.11 libz.so.1

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o examplesh example.o-L. Libz.so.1.2.11

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzipsh minigzip.o-L. Libz.so.1.2.11

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o example64.o test/example.c

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o example64 example64.o-L. Libz.a

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o minigzip64.o test/minigzip.c

Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzip64 minigzip64.o-L. Libz.a

[root@test zlib-1.2.11] #

Uninstall the current zlib

Note: this step must be performed after the execution of step A, otherwise, after uninstalling zlib, the zlib phase in the / lib64/ directory

The closed library file will be deleted and the compilation of zlib in step A will fail. (remedy: reply from other servers on the same system

Libcrypto.so.10, libssl.so.10, libz.so.1, libz.so.1.2.3 under / lib64, / usr/lib and / usr/lib64 directories

Four files can be sent to the corresponding directory. The location of these files can be found through the whereis, locate, or find command)

[root@test zlib-1.2.11] # rpm-qa | grep zlib

Zlib-1.2.7-17.el7.x86_64

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # rpm-e-nodeps zlib

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # rpm-qa | grep zlib

Rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #

Install the compiled zlib before installation

[root@test zlib-1.2.11] # make install

Rm-f / usr/lib/libz.a

Cp libz.a / usr/lib

Chmod 644 / usr/lib/libz.a

Cp libz.so.1.2.11 / usr/lib

Chmod 755 / usr/lib/libz.so.1.2.11

Rm-f / usr/share/man/man3/zlib.3

Cp zlib.3 / usr/share/man/man3

Chmod 644 / usr/share/man/man3/zlib.3

Rm-f / usr/lib/pkgconfig/zlib.pc

Cp zlib.pc / usr/lib/pkgconfig

Chmod 644 / usr/lib/pkgconfig/zlib.pc

Rm-f / usr/include/zlib.h / usr/include/zconf.h

Cp zlib.h zconf.h / usr/include

Chmod 644 / usr/include/zlib.h / usr/include/zconf.h

[root@test zlib-1.2.11] #

Shared library registration

After zlib installation is completed, zlib related library files are produced in the / usr/lib directory, and these shared library files need to be registered with the system.

Medium: echo'/ usr/lib' > > / etc/ld.so.conf

[root@test zlib-1.2.11] # echo'/ usr/lib' > > / etc/ld.so.conf

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # cat / etc/ld.so.conf

Include ld.so.conf.d/*.conf

/ usr/lib

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # ll / usr/lib/libz.so.1

Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so.1-> libz.so.1.2.11

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # ll / usr/lib/libz.so

Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so-> libz.so.1.2.11

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # ll / usr/lib/libz.so.1

Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so.1-> libz.so.1.2.11

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # ldconfig

[root@test zlib-1.2.11] #

Upgrade OpenSSL

Official upgrade documentation

Http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/openssl.html

Back up the current openssl

[root@test zlib-1.2.11] # find /-name openssl

/ usr/bin/openssl

/ usr/lib64/openssl

/ etc/pki/ca-trust/extracted/openssl

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # mv / usr/lib64/openssl / usr/lib64/openssl.old

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # mv / usr/bin/openssl / usr/bin/openssl.old

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # mv / etc/pki/ca-trust/extracted/openssl / etc/pki/ca-trust/extracted/openssl.old

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # cp / usr/lib64/libcrypto.so.10 / usr/lib64/libcrypto.so.10.old

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # cp / usr/lib64/libssl.so.10 / usr/lib64/libssl.so.10.old

[root@test zlib-1.2.11] #

Uninstall the current openssl

[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs

Openssl-libs-1.0.2k-8.el7.x86_64

Xmlsec1-openssl-1.2.20-5.el7.x86_64

Openssl-1.0.2k-8.el7.x86_64

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}

Warning: file / usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory

Warning: file / usr/lib64/openssl/engines: remove failed: No such file or directory

Warning: file / usr/lib64/openssl: remove failed: No such file or directory

Warning: file / usr/bin/openssl: remove failed: No such file or directory

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] #

[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs

[root@test zlib-1.2.11] #

Decompress the openssl_1.0.2k source code

[root@test soft] # tar-xvzf openssl-1.0.2o.tar.gz

[root@test soft] # cd openssl-1.0.2o

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # ls

ACKNOWLEDGMENTS CONTRIBUTING GitMake INSTALL.W32 makevms.com README.ASN1

Apps crypto include INSTALL.W64 ms README.ENGINE

Appveyor.yml demos INSTALL INSTALL.WCE Netware shlib

Bugs doc install.com LICENSE NEWS ssl

Certs engines INSTALL.DJGPP MacOS openssl.doxy test

CHANGES e_os2.h INSTALL.MacOS Makefile openssl.spec tools

CHANGES.SSLeay e_os.h INSTALL.NW Makefile.bak os2 util

Config FAQ INSTALL.OS2 Makefile.org PROBLEMS VMS

Configure GitConfigure INSTALL.VMS Makefile.shared README

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib # because the system is installed minimally, it defaults to Perl and can be installed through yum

Operating system: x86_64-whatever-linux2

You need Perl 5.

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

Operating system: x86'64 ­whatever ­linux2

You need Perl 5.

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] # yum install perl*-y # it is recommended to install Perl when installing the compilation tool. If it has been installed before, it will be ignored here. If this process is reinstalled, you need to delete the openssl related package again.

[root@test openssl ­1.0.2o] #

. / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib # must add ­shared, otherwise the newly installed openssl library will not be found at compile time and an error will be reported

[root@test openssl-1.0.2o] # / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib

. Omit.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/ssl'

Making links in engines...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/engines'

Making links in engines/ccgost...

Make [2]: Entering directory `/ soft/openssl-1.0.2o/engines/ccgost'

Make [2]: Nothing to be done for `links'.

Make [2]: Leaving directory `/ soft/openssl-1.0.2o/engines/ccgost'

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/engines'

Making links in apps...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/apps'

Make [1]: Nothing to be done for `links'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/apps'

Making links in test...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'

Make [1]: Nothing to be done for `links'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'

Making links in tools...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'

Make [1]: Nothing to be done for `links'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'

Generating dummy tests (if needed)...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'

Make [1]: Nothing to be done for `generate'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'

Configured for linux-x86_64.

[root@test openssl-1.0.2o] #

Compile Openssl

[root@test openssl-1.0.2o] # make

. Omit.

Make [2]: Entering directory `/ soft/openssl-1.0.2o/test'

Make [2]: Leaving directory `/ soft/openssl-1.0.2o/test'

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'

Making all in tools...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'

Make [1]: Nothing to be done for `all'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

Test Openssl

[root@test openssl-1.0.2o] # make test

. Omit.

* *-START OF HANDSHAKE MESSAGE FRAGMENT-

* *-HANDSHAKE MESSAGE FRAGMENT ENCRYPTED-

*-END OF RECORD

-END OF PACKET

PASS

Test_bad_dtls

.. / util/shlib_wrap.sh. / bad_dtls_test

Test_fatalerr

.. / util/shlib_wrap.sh. / fatalerrtest.. / apps/server.pem.. / apps/server.pem

SSL_accept () failed-1,1

140677601674944:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'

OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version-a

OpenSSL 1.0.2o 27 Mar 2018

Built on: reproducible build, date unspecified

Platform: linux-x86_64

Options: bn (64) rc4 (16x) des (idx,cisc,16,int) idea (int) blowfish (idx)

Compiler: gcc-I. -I.. -I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa,--noexecstack-M64-DL_ENDIAN-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DRC4_ASM-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASM

OPENSSLDIR: "/ etc/ssl"

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

Install Openssl

[root@test openssl-1.0.2o] # make install

Make [2]: Leaving directory `/ soft/openssl-1.0.2o/engines/ccgost'

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/engines'

Making install in apps...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/apps'

Installing openssl

Installing CA.sh

Installing CA.pl

Installing tsget

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/apps'

Making install in test...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'

Make [1]: Nothing to be done for `install'.

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'

Making install in tools...

Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'

Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'

Installing libcrypto.a

Installing libssl.a

Installing libcrypto.so.1.0.0

Installing libssl.so.1.0.0

Make [1]: Entering directory `/ usr/lib64'

Make [2]: Entering directory `/ usr/lib64'

Make [2]: Leaving directory `/ usr/lib64'

Make [2]: Entering directory `/ usr/lib64'

Make [2]: Leaving directory `/ usr/lib64'

Make [1]: Leaving directory `/ usr/lib64'

Cp libcrypto.pc / usr/lib64/pkgconfig

Chmod 644 / usr/lib64/pkgconfig/libcrypto.pc

Cp libssl.pc / usr/lib64/pkgconfig

Chmod 644 / usr/lib64/pkgconfig/libssl.pc

Cp openssl.pc / usr/lib64/pkgconfig

Chmod 644 / usr/lib64/pkgconfig/openssl.pc

[root@test openssl-1.0.2o] #

Verify that the Openssl upgrade is successful

[root@test openssl ­1.0.2o] # openssl version # check whether the upgrade is successful

OpenSSL 1.0.2o 27 Mar 2018

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] #

Restore a shared library

Because OpenSSL_1.0.2k does not provide libcrypto.so.10 and libssl.so.10 libraries, and yum, wget and other tools rely on this library, you need to restore these two libraries that were previously backed up, and other libraries can be restored depending on the situation.

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # mv / usr/lib64/libcrypto.so.10.old / usr/lib64/libcrypto.so.10

Mv: overwrite `/ usr/lib64/libcrypto.so.10'? Y

[root@test openssl-1.0.2o] # mv / usr/lib64/libssl.so.10.old / usr/lib64/libssl.so.10

Mv: overwrite `/ usr/lib64/libssl.so.10'? Y

[root@test openssl-1.0.2o] #

Upgrade OpenSSH

10.1 official upgrade documentation

Http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html

Back up the current openssh

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # mv / etc/ssh / etc/ssh.old

[root@test openssl-1.0.2o] #

Uninstall the current openssh

[root@test openssl-1.0.2o] # rpm-qa | grep openssh

Openssh-server-7.4p1-11.el7.x86_64

Openssh-7.4p1-11.el7.x86_64

Openssh-clients-7.4p1-11.el7.x86_64

[root@test openssl-1.0.2o] #

[root@test openssl ­1.0.2o] #

Rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {} or rpm ­e ­nodeps package name such as: rpm ­e ­nodeps openssh ­5.3p1 ­111.el6.x86_64 delete one by one

[root@test openssl ­1.0.2o] #

[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}

Warning: file / etc/ssh/sshd_config: remove failed: No such file or directory

Warning: file / etc/ssh/moduli: remove failed: No such file or directory

Warning: file / etc/ssh: remove failed: No such file or directory

Warning: file / etc/ssh/ssh_config: remove failed: No such file or directory

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs

[root@test openssl-1.0.2o] #

[root@test openssl-1.0.2o] #

Pre-installation environment configuration for Openssh

[root@test openssl ­1.0.2o] # install-v-m700-d / var/lib/sshd

Install: creating directory `/ var/lib/sshd'

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] # chown-v root:sys / var/lib/sshd

Changed ownership of `/ var/lib/sshd' to root:sys

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] # groupadd-g 50 sshd

Groupadd: group 'sshd' already exists

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] # useradd-c 'sshd PrivSep'-d / var/lib/sshd-g sshd-s / bin/false-u 50 sshd

Useradd: user 'sshd' already exists

[root@test openssl ­1.0.2o] #

[root@test openssl ­1.0.2o] #

Decompress the openssh ­7.6p1.tar.gz source code

[root@test soft] # tar-xvzf openssh-7.6p1.tar.gz

[root@test soft] # cd openssh-7.6p1

Configure Openssh

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # / configure-- prefix=/usr-- sysconfdir=/etc/ssh-- with-md5-passwords-- with-pam--with-zlib-- with-openssl-includes=/usr-- with-privsep-path=/var/lib/sshd

. Omit.

Config.status: creating config.h

Configure: WARNING: unrecognized options:-with-pam--with-zlib,-with-openssl-includes

OpenSSH has been configured with the following options:

User binaries: / usr/bin

System binaries: / usr/sbin

Configuration files: / etc/ssh

Askpass program: / usr/libexec/ssh-askpass

Manual pages: / usr/share/man/manX

PID file: / var/run

Privilege separation chroot path: / var/lib/sshd

Sshd default user PATH: / usr/bin:/bin:/usr/sbin:/sbin

Manpage format: doc

PAM support: no

OSF SIA support: no

KerberosV support: no

SELinux support: no

Smartcard support:

S/KEY support: no

MD5 password support: yes

Libedit support: no

Libldns support: no

Solaris process contract support: no

Solaris project support: no

Solaris privilege support: no

IP address in $DISPLAY hack: no

Translate v4 in v6 hack: yes

BSD Auth support: no

Random number source: OpenSSL internal ONLY

Privsep sandbox style: seccomp_filter

Host: x86_64-pc-linux-gnu

Compiler: gcc

Compiler flags:-g-O2-pipe-Wall-Wpointer-arith-Wuninitialized-Wsign-compare-Wformat-security-Wsizeof-pointer-memaccess-Wno-pointer-sign-Wno-unused-result-fno-strict-aliasing-D_FORTIFY_SOURCE=2-ftrapv-fno-builtin-memset-fstack-protector-strong-fPIE

Preprocessor flags:-D_XOPEN_SOURCE=600-D_BSD_SOURCE-D_DEFAULT_SOURCE

Linker flags:-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie

Libraries:-lcrypto-ldl-lutil-lz-lcrypt-lresolv

[root@test openssh-7.6p1] #

Compile Openssh

[root@test openssh ­7.6p1] # make

. Omit.

Cc-o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o-L. -Lopenbsd-compat/-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie-lssh-lopenbsd-compat-lcrypto-ldl-lutil-lz-lcrypt-lresolv

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] #

Install Openssh

[root@test openssh-7.6p1] # make install

(cd openbsd-compat & & make)

Make [1]: Entering directory `/ soft/openssh-7.6p1/openbsd-compat'

Make [1]: Nothing to be done for `all'.

Make [1]: Leaving directory `/ soft/openssh-7.6p1/openbsd-compat'

. / mkinstalldirs / usr/bin

. / mkinstalldirs / usr/sbin

. / mkinstalldirs / usr/share/man

. / mkinstalldirs / usr/share/man/man1

. / mkinstalldirs / usr/share/man/man5

. / mkinstalldirs / usr/share/man/man8

. / mkinstalldirs / usr/libexec

(umask 022;. / mkinstalldirs / var/lib/sshd)

/ usr/bin/install-c-m 0755-s ssh / usr/bin/ssh

/ usr/bin/install-c-m 0755-s scp / usr/bin/scp

/ usr/bin/install-c-m 0755-s ssh-add / usr/bin/ssh-add

/ usr/bin/install-c-m 0755-s ssh-agent / usr/bin/ssh-agent

/ usr/bin/install-c-m 0755-s ssh-keygen / usr/bin/ssh-keygen

/ usr/bin/install-c-m 0755-s ssh-keyscan / usr/bin/ssh-keyscan

/ usr/bin/install-c-m 0755-s sshd / usr/sbin/sshd

/ usr/bin/install-c-m 4711-s ssh-keysign / usr/libexec/ssh-keysign

/ usr/bin/install-c-m 0755-s ssh-pkcs11-helper / usr/libexec/ssh-pkcs11-helper

/ usr/bin/install-c-m 0755-s sftp / usr/bin/sftp

/ usr/bin/install-c-m 0755-s sftp-server / usr/libexec/sftp-server

/ usr/bin/install-c-m 644 ssh.1.out / usr/share/man/man1/ssh.1

/ usr/bin/install-c-m 644 scp.1.out / usr/share/man/man1/scp.1

/ usr/bin/install-c-m 644 ssh-add.1.out / usr/share/man/man1/ssh-add.1

/ usr/bin/install-c-m 644 ssh-agent.1.out / usr/share/man/man1/ssh-agent.1

/ usr/bin/install-c-m 644 ssh-keygen.1.out / usr/share/man/man1/ssh-keygen.1

/ usr/bin/install-c-m 644 ssh-keyscan.1.out / usr/share/man/man1/ssh-keyscan.1

/ usr/bin/install-c-m 644 moduli.5.out / usr/share/man/man5/moduli.5

/ usr/bin/install-c-m 644 sshd_config.5.out / usr/share/man/man5/sshd_config.5

/ usr/bin/install-c-m 644 ssh_config.5.out / usr/share/man/man5/ssh_config.5

/ usr/bin/install-c-m 644 sshd.8.out / usr/share/man/man8/sshd.8

/ usr/bin/install-c-m 644 sftp.1.out / usr/share/man/man1/sftp.1

/ usr/bin/install-c-m 644 sftp-server.8.out / usr/share/man/man8/sftp-server.8

/ usr/bin/install-c-m 644 ssh-keysign.8.out / usr/share/man/man8/ssh-keysign.8

/ usr/bin/install-c-m 644 ssh-pkcs11-helper.8.out / usr/share/man/man8/ssh-pkcs11-helper.8

If [!-d / etc/ssh]; then\

. / mkinstalldirs / etc/ssh;\

Fi

Mkdir / etc/ssh

Ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519

/ usr/sbin/sshd-t-f / etc/ssh/sshd_config

[root@test openssh-7.6p1] #

Environment configuration after Openssh installation

# execute the following command in the openssh compilation directory

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # install-v-m755 contrib/ssh-copy-id / usr/bin

[root@test openssh-7.6p1] #

'contrib/ssh-copy-id'->' / usr/bin/ssh-copy-id'

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # install-v-m644 contrib/ssh-copy-id.1 / usr/share/man/man1

'contrib/ssh-copy-id.1'->' / usr/share/man/man1/ssh-copy-id.1'

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # install-v-m755-d / usr/share/doc/openssh-7.6p1

Install: creating directory'/ usr/share/doc/openssh-7.6p1'

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # install-v-m644 INSTALL LICENCE OVERVIEW README* / usr/share/doc/openssh-7.6p1

`INSTALL' ­> `/ usr/share/doc/openssh ­7.6p1andInstall'

`LICENCE' ­> `/ usr/share/doc/openssh ­7.6p1andLICENCE`

`OVERVIEW' ­> `/ usr/share/doc/openssh ­7.6p1max overview'

`README ­> `/ usr/share/doc/openssh ­7.6p1max README`

`README.dns` README.dns' ­> `/ usr/share/doc/openssh ­7.6p1max

`README.platform` README.platform' ­> `/ usr/share/doc/openssh ­7.6p1max

`README ­> `/ usr/share/doc/openssh ­7.6p1max README.privsep'

`README.tun` README.tun' ­> `/ usr/share/doc/openssh ­7.6p1max

Verify that Openssh has been upgraded successfully

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] # ssh- V

OpenSSH_7.6p1, OpenSSL 1.0.2o 27 Mar 2018

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] #

Enable the OpenSSH service

[root@test openssh-7.6p1] # echo 'X11Forwarding yes' > > / etc/ssh/sshd_config

[root@test openssh-7.6p1] # echo "PermitRootLogin yes" > > / etc/ssh/sshd_config # allows root users to log in through ssh

[root@test openssh-7.6p1] # cp-p contrib/redhat/sshd.init / etc/init.d/sshd

[root@test openssh-7.6p1] # chmod + x / etc/init.d/sshd

[root@test openssh-7.6p1] # chkconfig-- add sshd

[root@test openssh-7.6p1] # chkconfig sshd on

[root@test openssh-7.6p1] # chkconfig-- list sshd

Note: This output shows SysV services only and does not include native

Systemd services. SysV configuration data might be overridden by native

Systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.

To see services enabled on particular target use

'systemctl list-dependencies [target]'.

Sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@test openssh-7.6p1] #

[root@test openssh-7.6p1] #

Version 7 command view

[root@test ~] # systemctl status sshd

● sshd.service-SYSV: OpenSSH server daemon

Loaded: loaded (/ etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

Active: active (running) since Thu 2018-04-12 16:24:03 CST; 8min ago

Docs: man:systemd-sysv-generator (8)

Process: 917 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)

Main PID: 944 (sshd)

CGroup: / system.slice/sshd.service

├─ 944 / usr/sbin/sshd

├─ 1119 sshd: root@pts/1

├─ 1121-bash

└─ 1215 systemctl status sshd

Apr 12 16:24:02 test systemd [1]: Starting SYSV: OpenSSH server daemon...

Apr 12 16:24:03 test systemd [1]: Started SYSV: OpenSSH server daemon.

Apr 12 16:24:03 test sshd [917]: Starting sshd: [OK]

Apr 12 16:24:03 test sshd [944]: Server listening on 0.0.0.0 port 22.

Apr 12 16:24:03 test sshd [944]: Server listening on:: port 22.

Apr 12 16:25:56 test sshd [1119]: Accepted password for root from 192.168.195.1 port 61...sh3

Hint: Some lines were ellipsized, use-l to show in full.

[root@test ~] #

Restart the sshd service

[root@test openssh-7.6p1] # service sshd restart or use version 7 command: systemctl restart sshd

Restarting sshd (via systemctl): [OK]

[root@test openssh-7.6p1] #

Method 2:

Systemctl status sshd.service

Start the service:

Systemctl start sshd.service

Restart the service:

Systemctl restart sshd.service

Self-booting:

Systemctl enable sshd.service

Restart the operating system takes effect

Reboot

View Openssh and Openssl upgrades

[root@test] # ssh-V

OpenSSH_7.6p1, OpenSSL 1.0.2o 27 Mar 2018

[root@test ~] #

[root@test ~] #

View the current version of Bash

[root@test ~] # rpm-qa | grep bash

Bash-4.2.46-28.el7.x86_64

[root@test ~] #

Upgrade Bash

[root@test] # cd / soft

[root@test soft] # ll

Total 8506556

-rw-r--r-- 1 root root 1036336 Apr 18 14:00 bash-4.2.46-29.el7_4.x86_64.rpm

[root@test soft] #

[root@test soft] #

[root@test soft] # rpm-Uvh bash-4.2.46-29.el7_4.x86_64.rpm

Warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing... # # [100%]

Updating / installing...

1:bash-4.2.46-29.el7_4 # # [50%]

Cleaning up / removing...

2:bash-4.2.46-28.el7 # # [100%]

[root@test soft] #

[root@test soft] #

[root@test ~] # rpm-qa | grep bash

Bash-4.2.46-29.el7_4.x86_64

[root@test ~] #

The above is how to upgrade RHEL7X_CentOS7X_ to Openssh7.6p1. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report