In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article shows you how to upgrade RHEL7X_CentOS7X_ to Openssh7.6p1, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.
CentOS-7.3-x86_64-Everything-1611.iso-high version of backward compatibility
View system version
[root@test ~] # cat / etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@test ~] #
[root@test ~] #
Turn off the firewall
Systemctl stop firewalld.service
Systemctl disable firewalld.service
Systemctl status firewalld.service
Upload related software
[root@test ~] # ll / soft/
CentOS-7-x86_64-Everything-1708.iso
Rhel-server-7.4-x86_64-dvd.iso
Openssh&Openssl&zlib version.zip
Hook up the system image
[root@test ~] # mount-o loop / soft/CentOS-7-x86_64-Everything-1708.iso / mnt-if the OS of rhel is attached to the rhel-server-7.4-x86_64-dvd.iso image
Mount: / dev/loop0 is write-protected, mounting read-only
[root@test ~] #
[root@test] # df-h
Filesystem Size Used Avail Use% Mounted on
/ dev/mapper/centos-root 41G 9.3G 30G 24% /
Devtmpfs 982m 0 982m 0% / dev
Tmpfs 993M 0 993M 0% / dev/shm
Tmpfs 993M 8.6m 984m 1% / run
Tmpfs 993M 0 993M 0% / sys/fs/cgroup
/ dev/sda1 477M 94M 354M 21% / boot
Tmpfs 199m 0 199m 0% / run/user/0
/ dev/loop0 8.1g 8.1g 0100% / mnt
[root@test ~] #
Back up the original YUM file
[root@test] # mkdir-p / etc/yum.repos.d/bak
[root@test ~] #
[root@test ~] # mv / etc/yum.repos.d/*.repo
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo
CentOS-Debuginfo.repo CentOS-Sources.repo
[root@test ~] # mv / etc/yum.repos.d/*.repo / etc/yum.repos.d/bak/
[root@test ~] #
[root@test ~] # ll / etc/yum.repos.d/
Total 4
Drwxr-xr-x. 2 root root 4096 Apr 12 14:01 bak
[root@test ~] #
Configure local YUM
[root@test ~] # cat / etc/yum.repos.d/centosdvd.repo
[centosdvd]
Name=centosdvd
Baseurl= file:///mnt
Enabled=1
Gpgcheck=0
[root@test ~] #
Clear the YUM cache
[root@test ~] # yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centosdvd
Cleaning up everything
Maybe you want: rm-rf / var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
[root@test ~] #
Make YUM Cache
[root@test ~] # yum makecache
Loaded plugins: fastestmirror
Centosdvd | 3.6 kB 00:00:00
(1go 4): centosdvd/group_gz | 156 kB 00:00:00
(2ap4): centosdvd/primary_db | 5.7 MB 00:00:00
(3x4): centosdvd/filelists_db | 6.7 MB 00:00:00
(4ache 4): centosdvd/other_db | 2.5 MB 00:00:00
Determining fastest mirrors
Metadata Cache Created
[root@test ~] #
List YUM feeds
[root@test ~] # yum list
. Omit.
Ifconfig network view command could not be found for processing
[root@localhost soft] # yum install net-tools-y
[root@localhost] # ifconfig-a
Eno16777728: flags=4163 mtu 1500
Inet 188.190.117.194 netmask 255.255.255.0 broadcast 188.190.117.255
Inet6 fe80::20c:29ff:fe3b:5926 prefixlen 64 scopeid 0x20
Ether 00:0c:29:3b:59:26 txqueuelen 1000 (Ethernet)
RX packets 347 bytes 31356 (30.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 300 bytes 66209 (64.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Lo: flags=73 mtu 65536
Inet 127.0.0.1 netmask 255.0.0.0
Inet6:: 1 prefixlen 128 scopeid 0x10
Loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 352 (352.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 352 (352.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~] #
Install the telnet service and enable
Because the existing OpenSSH needs to be uninstalled during the OpenSSH upgrade process, in order to keep the server's remote connection available, you need to
To enable the telnet service instead, if there is a problem with the upgrade, you can also log in to the server through telnet for fallback.
Also install the telnet daemon: xinetd
Install the telnet service
[root@test ~] # yum install telnet-* xinetd y
[root@test ~] #
[root@test ~] # rpm-qa | grep telnet
Telnet-0.17-64.el7.x86_64
Telnet-server-0.17-64.el7.x86_64
[root@test ~] #
[root@test ~] # rpm-qa | grep xinetd
Xinetd-2.3.15-13.el7.x86_64
[root@test ~] #
[root@test ~] #
Add xinetd service to boot self-startup
[root@test ~] # systemctl enable xinetd.service
Add telnet service to boot self-startup
[root@test ~] # systemctl enable telnet.socket
Created symlink from / etc/systemd/system/sockets.target.wants/telnet.socket to / usr/lib/systemd/system/telnet.socket.
[root@test ~] #
Restart the service:
Since the telnet service is also guarded by xinetd, after installing telnet-server, to start the telnet service, you must restart xinetd
[root@test ~] # systemctl restart telnet.socket
[root@test ~] #
[root@test ~] # systemctl restart xinetd
[root@test ~] #
[root@test ~] #
Configure telnet root user access
Method 1:
Linux by default, root users cannot log in using telnet. You need to modify the end of / etc/secrueety file to add pts/1, pts/2, pts/3 or rename the secrueety file.
[root@test ~] # cat / etc/securetty
Console
Vc/1
Vc/2
Vc/3
Vc/4
Vc/5
Vc/6
Vc/7
Vc/8
Vc/9
Vc/10
Vc/11
Tty1
Tty2
Tty3
Tty4
Tty5
Tty6
Tty7
Tty8
Tty9
Tty10
Tty11
TtyS0
Ttysclp0
Sclp_line0
3270/tty1
Hvc0
Hvc1
Hvc2
Hvc3
Hvc4
Hvc5
Hvc6
Hvc7
Hvsi0
Hvsi1
Hvsi2
Xvc0
Pts/0
Pts/1
Pts/2
Pts/3
[root@test ~] #
Method 2:
Mv / etc/securetty / etc/securetty.bak so that ROOT can log in using ROOT
Verify telnet
[root@test ~] # telnet 192.168.195.141 23 or telnet 192.168.195.141 for verification
Trying 192.168.195.141...
Connected to 192.168.195.141.
Escape character is'^]'.
Kernel 3.10.0-693.el7.x86_64 on an x861464
Test login: root
Password:
Last failed login: Thu Apr 12 14:22:29 CST 2018 from:: ffff:192.168.195.141 on pts/1
There was 1 failed login attempt since the last successful login.
Last login: Thu Apr 12 13:51:21 from 192.168.195.1
[root@test ~] #
[root@test ~] #
Close selinux
[root@test ~] # vi / etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing-SELinux security policy is enforced.
# permissive-SELinux prints warnings instead of enforcing.
# disabled-No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted-Targeted processes are protected
# minimum-Modification of targeted policy. Only selected processes are protected.
# mls-Multi Level Security protection.
SELINUXTYPE=targeted
Install the toolkit required for compilation
[root@test ~] # yum-y install gcc pam devel zlib devel perl*
Install the unzip software:
[root@test soft] # yum-y install unzip
Decompress Openssh&Openssl&zlib version.zip
[root@test soft] # unzip Openssh\ & Openssl\ & zlib\ version.zip
[root@test soft] # ll Openssh\ & Openssl\ & zlib\ version
-rw-r--r--. 1 root root 1489788 Mar 30 12:42 openssh-7.6p1.tar.gz
-rw-r--r--. 1 root root 5329472 Mar 30 12:56 openssl-1.0.2o.tar.gz
-rw-r--r--. 1 root root 607698 Mar 30 10:08 zlib-1.2.11.tar.gz
[root@test soft] #
Upgrade ZLIB
Decompress the zlib_1.2.11 source code
[root@test soft] # tar-xvzf zlib-1.2.11.tar.gz
[root@test soft] # cd zlib-1.2.11
[root@test zlib-1.2.11] # ls
Adler32.c deflate.h infback.c make_vms.com trees.h zlib.h
Amiga doc inffast.c msdos uncompr.c zlib.map
ChangeLog examples inffast.h nintendods watcom zlib.pc.cmakein
CMakeLists.txt FAQ inffixed.h old win32 zlib.pc.in
Compress.c gzclose.c inflate.c os400 zconf.h zutil.c
Configure gzguts.h inflate.h qnx zconf.h.cmakein zutil.h
Contrib gzlib.c inftrees.c README zconf.h.in
Crc32.c gzread.c inftrees.h test zlib2ansi
Crc32.h gzwrite.c Makefile treebuild.xml zlib.3
Deflate.c INDEX Makefile.in trees.c zlib.3.pdf
Configuration check zlib
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #. / configure-prefix=/usr
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.11 with gcc.
Checking for size_t... Yes.
Checking for off64_t... Yes.
Checking for fseeko... Yes.
Checking for strerror... Yes.
Checking for unistd.h... Yes.
Checking for stdarg.h... Yes.
Checking whether to use vs [n] printf () or s [n] printf (). Using vs [n] printf ().
Checking for vsnprintf () in stdio.h... Yes.
Checking for return value of vsnprintf (). Yes.
Checking for attribute (visibility) support... Yes.
[root@test zlib-1.2.11] #
Compile the zlib library
[root@test zlib 1.2.11] # make
[root@test zlib-1.2.11] # make
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -c-o example.o test/example.c
. Omit.
Rm-f libz.so libz.so.1
Ln-s libz.so.1.2.11 libz.so
Ln-s libz.so.1.2.11 libz.so.1
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o examplesh example.o-L. Libz.so.1.2.11
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzipsh minigzip.o-L. Libz.so.1.2.11
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o example64.o test/example.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o example64 example64.o-L. Libz.a
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o minigzip64.o test/minigzip.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzip64 minigzip64.o-L. Libz.a
[root@test zlib-1.2.11] #
Uninstall the current zlib
Note: this step must be performed after the execution of step A, otherwise, after uninstalling zlib, the zlib phase in the / lib64/ directory
The closed library file will be deleted and the compilation of zlib in step A will fail. (remedy: reply from other servers on the same system
Libcrypto.so.10, libssl.so.10, libz.so.1, libz.so.1.2.3 under / lib64, / usr/lib and / usr/lib64 directories
Four files can be sent to the corresponding directory. The location of these files can be found through the whereis, locate, or find command)
[root@test zlib-1.2.11] # rpm-qa | grep zlib
Zlib-1.2.7-17.el7.x86_64
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # rpm-e-nodeps zlib
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # rpm-qa | grep zlib
Rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #
Install the compiled zlib before installation
[root@test zlib-1.2.11] # make install
Rm-f / usr/lib/libz.a
Cp libz.a / usr/lib
Chmod 644 / usr/lib/libz.a
Cp libz.so.1.2.11 / usr/lib
Chmod 755 / usr/lib/libz.so.1.2.11
Rm-f / usr/share/man/man3/zlib.3
Cp zlib.3 / usr/share/man/man3
Chmod 644 / usr/share/man/man3/zlib.3
Rm-f / usr/lib/pkgconfig/zlib.pc
Cp zlib.pc / usr/lib/pkgconfig
Chmod 644 / usr/lib/pkgconfig/zlib.pc
Rm-f / usr/include/zlib.h / usr/include/zconf.h
Cp zlib.h zconf.h / usr/include
Chmod 644 / usr/include/zlib.h / usr/include/zconf.h
[root@test zlib-1.2.11] #
Shared library registration
After zlib installation is completed, zlib related library files are produced in the / usr/lib directory, and these shared library files need to be registered with the system.
Medium: echo'/ usr/lib' > > / etc/ld.so.conf
[root@test zlib-1.2.11] # echo'/ usr/lib' > > / etc/ld.so.conf
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # cat / etc/ld.so.conf
Include ld.so.conf.d/*.conf
/ usr/lib
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # ll / usr/lib/libz.so.1
Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so.1-> libz.so.1.2.11
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # ll / usr/lib/libz.so
Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so-> libz.so.1.2.11
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # ll / usr/lib/libz.so.1
Lrwxrwxrwx. 1 root root 14 Apr 12 14:42 / usr/lib/libz.so.1-> libz.so.1.2.11
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # ldconfig
[root@test zlib-1.2.11] #
Upgrade OpenSSL
Official upgrade documentation
Http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/openssl.html
Back up the current openssl
[root@test zlib-1.2.11] # find /-name openssl
/ usr/bin/openssl
/ usr/lib64/openssl
/ etc/pki/ca-trust/extracted/openssl
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # mv / usr/lib64/openssl / usr/lib64/openssl.old
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # mv / usr/bin/openssl / usr/bin/openssl.old
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # mv / etc/pki/ca-trust/extracted/openssl / etc/pki/ca-trust/extracted/openssl.old
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # cp / usr/lib64/libcrypto.so.10 / usr/lib64/libcrypto.so.10.old
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # cp / usr/lib64/libssl.so.10 / usr/lib64/libssl.so.10.old
[root@test zlib-1.2.11] #
Uninstall the current openssl
[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs
Openssl-libs-1.0.2k-8.el7.x86_64
Xmlsec1-openssl-1.2.20-5.el7.x86_64
Openssl-1.0.2k-8.el7.x86_64
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}
Warning: file / usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines: remove failed: No such file or directory
Warning: file / usr/lib64/openssl: remove failed: No such file or directory
Warning: file / usr/bin/openssl: remove failed: No such file or directory
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] #
[root@test zlib-1.2.11] # rpm-qa | grep openssl | xargs
[root@test zlib-1.2.11] #
Decompress the openssl_1.0.2k source code
[root@test soft] # tar-xvzf openssl-1.0.2o.tar.gz
[root@test soft] # cd openssl-1.0.2o
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # ls
ACKNOWLEDGMENTS CONTRIBUTING GitMake INSTALL.W32 makevms.com README.ASN1
Apps crypto include INSTALL.W64 ms README.ENGINE
Appveyor.yml demos INSTALL INSTALL.WCE Netware shlib
Bugs doc install.com LICENSE NEWS ssl
Certs engines INSTALL.DJGPP MacOS openssl.doxy test
CHANGES e_os2.h INSTALL.MacOS Makefile openssl.spec tools
CHANGES.SSLeay e_os.h INSTALL.NW Makefile.bak os2 util
Config FAQ INSTALL.OS2 Makefile.org PROBLEMS VMS
Configure GitConfigure INSTALL.VMS Makefile.shared README
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib # because the system is installed minimally, it defaults to Perl and can be installed through yum
Operating system: x86_64-whatever-linux2
You need Perl 5.
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
Operating system: x86'64 whatever linux2
You need Perl 5.
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] # yum install perl*-y # it is recommended to install Perl when installing the compilation tool. If it has been installed before, it will be ignored here. If this process is reinstalled, you need to delete the openssl related package again.
[root@test openssl 1.0.2o] #
. / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib # must add shared, otherwise the newly installed openssl library will not be found at compile time and an error will be reported
[root@test openssl-1.0.2o] # / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib
. Omit.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/ssl'
Making links in engines...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/engines'
Making links in engines/ccgost...
Make [2]: Entering directory `/ soft/openssl-1.0.2o/engines/ccgost'
Make [2]: Nothing to be done for `links'.
Make [2]: Leaving directory `/ soft/openssl-1.0.2o/engines/ccgost'
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/engines'
Making links in apps...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/apps'
Make [1]: Nothing to be done for `links'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/apps'
Making links in test...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'
Make [1]: Nothing to be done for `links'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'
Making links in tools...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'
Make [1]: Nothing to be done for `links'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'
Generating dummy tests (if needed)...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'
Make [1]: Nothing to be done for `generate'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'
Configured for linux-x86_64.
[root@test openssl-1.0.2o] #
Compile Openssl
[root@test openssl-1.0.2o] # make
. Omit.
Make [2]: Entering directory `/ soft/openssl-1.0.2o/test'
Make [2]: Leaving directory `/ soft/openssl-1.0.2o/test'
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'
Making all in tools...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'
Make [1]: Nothing to be done for `all'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
Test Openssl
[root@test openssl-1.0.2o] # make test
. Omit.
* *-START OF HANDSHAKE MESSAGE FRAGMENT-
* *-HANDSHAKE MESSAGE FRAGMENT ENCRYPTED-
*-END OF RECORD
-END OF PACKET
PASS
Test_bad_dtls
.. / util/shlib_wrap.sh. / bad_dtls_test
Test_fatalerr
.. / util/shlib_wrap.sh. / fatalerrtest.. / apps/server.pem.. / apps/server.pem
SSL_accept () failed-1,1
140677601674944:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version-a
OpenSSL 1.0.2o 27 Mar 2018
Built on: reproducible build, date unspecified
Platform: linux-x86_64
Options: bn (64) rc4 (16x) des (idx,cisc,16,int) idea (int) blowfish (idx)
Compiler: gcc-I. -I.. -I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa,--noexecstack-M64-DL_ENDIAN-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DRC4_ASM-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASM
OPENSSLDIR: "/ etc/ssl"
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
Install Openssl
[root@test openssl-1.0.2o] # make install
Make [2]: Leaving directory `/ soft/openssl-1.0.2o/engines/ccgost'
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/engines'
Making install in apps...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/apps'
Installing openssl
Installing CA.sh
Installing CA.pl
Installing tsget
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/apps'
Making install in test...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/test'
Make [1]: Nothing to be done for `install'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/test'
Making install in tools...
Make [1]: Entering directory `/ soft/openssl-1.0.2o/tools'
Make [1]: Leaving directory `/ soft/openssl-1.0.2o/tools'
Installing libcrypto.a
Installing libssl.a
Installing libcrypto.so.1.0.0
Installing libssl.so.1.0.0
Make [1]: Entering directory `/ usr/lib64'
Make [2]: Entering directory `/ usr/lib64'
Make [2]: Leaving directory `/ usr/lib64'
Make [2]: Entering directory `/ usr/lib64'
Make [2]: Leaving directory `/ usr/lib64'
Make [1]: Leaving directory `/ usr/lib64'
Cp libcrypto.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/libcrypto.pc
Cp libssl.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/libssl.pc
Cp openssl.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/openssl.pc
[root@test openssl-1.0.2o] #
Verify that the Openssl upgrade is successful
[root@test openssl 1.0.2o] # openssl version # check whether the upgrade is successful
OpenSSL 1.0.2o 27 Mar 2018
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] #
Restore a shared library
Because OpenSSL_1.0.2k does not provide libcrypto.so.10 and libssl.so.10 libraries, and yum, wget and other tools rely on this library, you need to restore these two libraries that were previously backed up, and other libraries can be restored depending on the situation.
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # mv / usr/lib64/libcrypto.so.10.old / usr/lib64/libcrypto.so.10
Mv: overwrite `/ usr/lib64/libcrypto.so.10'? Y
[root@test openssl-1.0.2o] # mv / usr/lib64/libssl.so.10.old / usr/lib64/libssl.so.10
Mv: overwrite `/ usr/lib64/libssl.so.10'? Y
[root@test openssl-1.0.2o] #
Upgrade OpenSSH
10.1 official upgrade documentation
Http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html
Back up the current openssh
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # mv / etc/ssh / etc/ssh.old
[root@test openssl-1.0.2o] #
Uninstall the current openssh
[root@test openssl-1.0.2o] # rpm-qa | grep openssh
Openssh-server-7.4p1-11.el7.x86_64
Openssh-7.4p1-11.el7.x86_64
Openssh-clients-7.4p1-11.el7.x86_64
[root@test openssl-1.0.2o] #
[root@test openssl 1.0.2o] #
Rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {} or rpm e nodeps package name such as: rpm e nodeps openssh 5.3p1 111.el6.x86_64 delete one by one
[root@test openssl 1.0.2o] #
[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}
Warning: file / etc/ssh/sshd_config: remove failed: No such file or directory
Warning: file / etc/ssh/moduli: remove failed: No such file or directory
Warning: file / etc/ssh: remove failed: No such file or directory
Warning: file / etc/ssh/ssh_config: remove failed: No such file or directory
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] # rpm-qa | grep openssh | xargs
[root@test openssl-1.0.2o] #
[root@test openssl-1.0.2o] #
Pre-installation environment configuration for Openssh
[root@test openssl 1.0.2o] # install-v-m700-d / var/lib/sshd
Install: creating directory `/ var/lib/sshd'
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] # chown-v root:sys / var/lib/sshd
Changed ownership of `/ var/lib/sshd' to root:sys
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] # groupadd-g 50 sshd
Groupadd: group 'sshd' already exists
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] # useradd-c 'sshd PrivSep'-d / var/lib/sshd-g sshd-s / bin/false-u 50 sshd
Useradd: user 'sshd' already exists
[root@test openssl 1.0.2o] #
[root@test openssl 1.0.2o] #
Decompress the openssh 7.6p1.tar.gz source code
[root@test soft] # tar-xvzf openssh-7.6p1.tar.gz
[root@test soft] # cd openssh-7.6p1
Configure Openssh
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # / configure-- prefix=/usr-- sysconfdir=/etc/ssh-- with-md5-passwords-- with-pam--with-zlib-- with-openssl-includes=/usr-- with-privsep-path=/var/lib/sshd
. Omit.
Config.status: creating config.h
Configure: WARNING: unrecognized options:-with-pam--with-zlib,-with-openssl-includes
OpenSSH has been configured with the following options:
User binaries: / usr/bin
System binaries: / usr/sbin
Configuration files: / etc/ssh
Askpass program: / usr/libexec/ssh-askpass
Manual pages: / usr/share/man/manX
PID file: / var/run
Privilege separation chroot path: / var/lib/sshd
Sshd default user PATH: / usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support:
S/KEY support: no
MD5 password support: yes
Libedit support: no
Libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-pc-linux-gnu
Compiler: gcc
Compiler flags:-g-O2-pipe-Wall-Wpointer-arith-Wuninitialized-Wsign-compare-Wformat-security-Wsizeof-pointer-memaccess-Wno-pointer-sign-Wno-unused-result-fno-strict-aliasing-D_FORTIFY_SOURCE=2-ftrapv-fno-builtin-memset-fstack-protector-strong-fPIE
Preprocessor flags:-D_XOPEN_SOURCE=600-D_BSD_SOURCE-D_DEFAULT_SOURCE
Linker flags:-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie
Libraries:-lcrypto-ldl-lutil-lz-lcrypt-lresolv
[root@test openssh-7.6p1] #
Compile Openssh
[root@test openssh 7.6p1] # make
. Omit.
Cc-o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o-L. -Lopenbsd-compat/-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie-lssh-lopenbsd-compat-lcrypto-ldl-lutil-lz-lcrypt-lresolv
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] #
Install Openssh
[root@test openssh-7.6p1] # make install
(cd openbsd-compat & & make)
Make [1]: Entering directory `/ soft/openssh-7.6p1/openbsd-compat'
Make [1]: Nothing to be done for `all'.
Make [1]: Leaving directory `/ soft/openssh-7.6p1/openbsd-compat'
. / mkinstalldirs / usr/bin
. / mkinstalldirs / usr/sbin
. / mkinstalldirs / usr/share/man
. / mkinstalldirs / usr/share/man/man1
. / mkinstalldirs / usr/share/man/man5
. / mkinstalldirs / usr/share/man/man8
. / mkinstalldirs / usr/libexec
(umask 022;. / mkinstalldirs / var/lib/sshd)
/ usr/bin/install-c-m 0755-s ssh / usr/bin/ssh
/ usr/bin/install-c-m 0755-s scp / usr/bin/scp
/ usr/bin/install-c-m 0755-s ssh-add / usr/bin/ssh-add
/ usr/bin/install-c-m 0755-s ssh-agent / usr/bin/ssh-agent
/ usr/bin/install-c-m 0755-s ssh-keygen / usr/bin/ssh-keygen
/ usr/bin/install-c-m 0755-s ssh-keyscan / usr/bin/ssh-keyscan
/ usr/bin/install-c-m 0755-s sshd / usr/sbin/sshd
/ usr/bin/install-c-m 4711-s ssh-keysign / usr/libexec/ssh-keysign
/ usr/bin/install-c-m 0755-s ssh-pkcs11-helper / usr/libexec/ssh-pkcs11-helper
/ usr/bin/install-c-m 0755-s sftp / usr/bin/sftp
/ usr/bin/install-c-m 0755-s sftp-server / usr/libexec/sftp-server
/ usr/bin/install-c-m 644 ssh.1.out / usr/share/man/man1/ssh.1
/ usr/bin/install-c-m 644 scp.1.out / usr/share/man/man1/scp.1
/ usr/bin/install-c-m 644 ssh-add.1.out / usr/share/man/man1/ssh-add.1
/ usr/bin/install-c-m 644 ssh-agent.1.out / usr/share/man/man1/ssh-agent.1
/ usr/bin/install-c-m 644 ssh-keygen.1.out / usr/share/man/man1/ssh-keygen.1
/ usr/bin/install-c-m 644 ssh-keyscan.1.out / usr/share/man/man1/ssh-keyscan.1
/ usr/bin/install-c-m 644 moduli.5.out / usr/share/man/man5/moduli.5
/ usr/bin/install-c-m 644 sshd_config.5.out / usr/share/man/man5/sshd_config.5
/ usr/bin/install-c-m 644 ssh_config.5.out / usr/share/man/man5/ssh_config.5
/ usr/bin/install-c-m 644 sshd.8.out / usr/share/man/man8/sshd.8
/ usr/bin/install-c-m 644 sftp.1.out / usr/share/man/man1/sftp.1
/ usr/bin/install-c-m 644 sftp-server.8.out / usr/share/man/man8/sftp-server.8
/ usr/bin/install-c-m 644 ssh-keysign.8.out / usr/share/man/man8/ssh-keysign.8
/ usr/bin/install-c-m 644 ssh-pkcs11-helper.8.out / usr/share/man/man8/ssh-pkcs11-helper.8
If [!-d / etc/ssh]; then\
. / mkinstalldirs / etc/ssh;\
Fi
Mkdir / etc/ssh
Ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/ usr/sbin/sshd-t-f / etc/ssh/sshd_config
[root@test openssh-7.6p1] #
Environment configuration after Openssh installation
# execute the following command in the openssh compilation directory
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # install-v-m755 contrib/ssh-copy-id / usr/bin
[root@test openssh-7.6p1] #
'contrib/ssh-copy-id'->' / usr/bin/ssh-copy-id'
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # install-v-m644 contrib/ssh-copy-id.1 / usr/share/man/man1
'contrib/ssh-copy-id.1'->' / usr/share/man/man1/ssh-copy-id.1'
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # install-v-m755-d / usr/share/doc/openssh-7.6p1
Install: creating directory'/ usr/share/doc/openssh-7.6p1'
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # install-v-m644 INSTALL LICENCE OVERVIEW README* / usr/share/doc/openssh-7.6p1
`INSTALL' > `/ usr/share/doc/openssh 7.6p1andInstall'
`LICENCE' > `/ usr/share/doc/openssh 7.6p1andLICENCE`
`OVERVIEW' > `/ usr/share/doc/openssh 7.6p1max overview'
`README > `/ usr/share/doc/openssh 7.6p1max README`
`README.dns` README.dns' > `/ usr/share/doc/openssh 7.6p1max
`README.platform` README.platform' > `/ usr/share/doc/openssh 7.6p1max
`README > `/ usr/share/doc/openssh 7.6p1max README.privsep'
`README.tun` README.tun' > `/ usr/share/doc/openssh 7.6p1max
Verify that Openssh has been upgraded successfully
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] # ssh- V
OpenSSH_7.6p1, OpenSSL 1.0.2o 27 Mar 2018
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] #
Enable the OpenSSH service
[root@test openssh-7.6p1] # echo 'X11Forwarding yes' > > / etc/ssh/sshd_config
[root@test openssh-7.6p1] # echo "PermitRootLogin yes" > > / etc/ssh/sshd_config # allows root users to log in through ssh
[root@test openssh-7.6p1] # cp-p contrib/redhat/sshd.init / etc/init.d/sshd
[root@test openssh-7.6p1] # chmod + x / etc/init.d/sshd
[root@test openssh-7.6p1] # chkconfig-- add sshd
[root@test openssh-7.6p1] # chkconfig sshd on
[root@test openssh-7.6p1] # chkconfig-- list sshd
Note: This output shows SysV services only and does not include native
Systemd services. SysV configuration data might be overridden by native
Systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
Sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@test openssh-7.6p1] #
[root@test openssh-7.6p1] #
Version 7 command view
[root@test ~] # systemctl status sshd
● sshd.service-SYSV: OpenSSH server daemon
Loaded: loaded (/ etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Thu 2018-04-12 16:24:03 CST; 8min ago
Docs: man:systemd-sysv-generator (8)
Process: 917 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 944 (sshd)
CGroup: / system.slice/sshd.service
├─ 944 / usr/sbin/sshd
├─ 1119 sshd: root@pts/1
├─ 1121-bash
└─ 1215 systemctl status sshd
Apr 12 16:24:02 test systemd [1]: Starting SYSV: OpenSSH server daemon...
Apr 12 16:24:03 test systemd [1]: Started SYSV: OpenSSH server daemon.
Apr 12 16:24:03 test sshd [917]: Starting sshd: [OK]
Apr 12 16:24:03 test sshd [944]: Server listening on 0.0.0.0 port 22.
Apr 12 16:24:03 test sshd [944]: Server listening on:: port 22.
Apr 12 16:25:56 test sshd [1119]: Accepted password for root from 192.168.195.1 port 61...sh3
Hint: Some lines were ellipsized, use-l to show in full.
[root@test ~] #
Restart the sshd service
[root@test openssh-7.6p1] # service sshd restart or use version 7 command: systemctl restart sshd
Restarting sshd (via systemctl): [OK]
[root@test openssh-7.6p1] #
Method 2:
Systemctl status sshd.service
Start the service:
Systemctl start sshd.service
Restart the service:
Systemctl restart sshd.service
Self-booting:
Systemctl enable sshd.service
Restart the operating system takes effect
Reboot
View Openssh and Openssl upgrades
[root@test] # ssh-V
OpenSSH_7.6p1, OpenSSL 1.0.2o 27 Mar 2018
[root@test ~] #
[root@test ~] #
View the current version of Bash
[root@test ~] # rpm-qa | grep bash
Bash-4.2.46-28.el7.x86_64
[root@test ~] #
Upgrade Bash
[root@test] # cd / soft
[root@test soft] # ll
Total 8506556
-rw-r--r-- 1 root root 1036336 Apr 18 14:00 bash-4.2.46-29.el7_4.x86_64.rpm
[root@test soft] #
[root@test soft] #
[root@test soft] # rpm-Uvh bash-4.2.46-29.el7_4.x86_64.rpm
Warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... # # [100%]
Updating / installing...
1:bash-4.2.46-29.el7_4 # # [50%]
Cleaning up / removing...
2:bash-4.2.46-28.el7 # # [100%]
[root@test soft] #
[root@test soft] #
[root@test ~] # rpm-qa | grep bash
Bash-4.2.46-29.el7_4.x86_64
[root@test ~] #
The above is how to upgrade RHEL7X_CentOS7X_ to Openssh7.6p1. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.