南山草舍

0%

一键升级OpenSSH版本脚本

发表于 分类于

一键升级Openssh脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash

##yum源配置
mv /etc/yum.repos.d  /etc/yum.repos.d.bak
echo "1.yum源已备份"

mkdir /etc/yum.repos.d
cd /etc/yum.repos.d
touch CentOS-Base.repo
#如果有内网yum源,可以使用以下注释配置
#echo "[centos]
#name=CentOS
#baseurl=http://x.x.x.x/CentOS7-2207
#gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#enabled=1" >> /etc/yum.repos.d/CentOS-Base.repo
#使用在线yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum -y update 
echo "2.仓库源已更新"

##升级包下载
yum -y install wget
cd /opt
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
wget https://ftp.openssl.org/source/openssl-3.2.0.tar.gz

##openssl升级
cd /opt
cp /usr/bin/openssl /usr/bin/openssl.old 
cp /usr/include /usr/include.old  
tar -zxvf openssl-3.2.0.tar.gz  
cd openssl-3.2.0 
yum -y install perl-IPC-Cmd 
if [ $? -eq 0 ]; then
    echo "3.openssl组件已完成安装"
else
    echo "3.openssl组件安装失败,程序终止"
    exit 1
fi


./config --prefix=/usr  --shared  
make && make install  
sslversion=$(openssl version -a) 
echo "4.openssl升级完毕,当前版本为$sslversion"

##openssh旧版本卸载
echo y | yum remove openssh
if [ $? -eq 0 ]; then
    echo "5.openssh旧版本卸载完成"
else
    echo "5.openssh旧版本卸载失败,程序终止"
    exit 1
fi

##openssh组件安装
yum -y install gcc make perl zlib zlib-devel pam pam-devel
if [ $? -eq 0 ]; then
    echo "6.openssh组件已完成安装"
else
    echo "6.openssh组件安装失败,程序终止"
    exit 1
fi

##openssh新版本安装
cd /opt
tar -zxvf openssh-9.6p1.tar.gz
cd openssh-9.6p1
cp /etc/ssh /etc/ssh.old
echo "7.ssh 配置已备份"
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
sed -i '32s/^#//' /usr/local/openssh/etc/sshd_config
sed -i 's/prohibit-password/yes/' /usr/local/openssh/etc/sshd_config
cp contrib/redhat/sshd.init   /etc/init.d/sshd 
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config  /etc/ssh/sshd_config 
cp /usr/local/openssh/sbin/sshd  /usr/sbin/sshd   
cp /usr/local/openssh/bin/*  /usr/bin/   
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub  /etc/ssh/ssh_host_ecdsa_key.pub 
systemctl daemon-reload 
systemctl restart sshd && systemctl enable sshd
sshversion=$(ssh -V 2>&1)
echo "8.openssh已升级,当前版本为$sshversion"
echo  "9.升级完成,请手动进行验证结果"