Centos7.x升级Openssl
1.先确认openssl版本
[root@zuozuo ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
2更新安装依赖包
[root@zuozuo ~]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
3更新openssl(注意每一步不要有报错,有报错就不要继续了,尤其是make的操作)
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar xvf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k
./config --prefix=/opt/openssl shared zlib
make
make install
mv -f /usr/bin/openssl /usr/bin/openssl.OFF
mv -f /usr/include/openssl /usr/include/openssl.OFF
ln -s /opt/openssl/bin/openssl /usr/bin/openssl
ln -s /opt/openssl/include/openssl /usr/include/openssl
echo '/opt/openssl/lib >> /etc/ld.so.conf
ldconfig -v
ldconfig
4查看版本号
[root@zuozuo ~]# openssl version
OpenSSL 1.1.1k 25 Mar 2021
====================================================================================
Centos7.x升级Openssh
1查看版本号
[root@zuozuo ~]# rpm -qa|grep openssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
2.安装openssh依赖包
[root@zuozuo ~]# yum -y install openssl openssl-devel zlib-devel pam-devel tcp_wrappers tcp_wrappers-devel gcc gcc-c++ make automake autoconf libtool
3.下载openssh软件包安装(注意不要有报错,有报错就不要继续了,尤其是make的操作)
----configure那个部分要根据您的实际情况修改(openssl dir)
[root@zuozuo ~]# wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
[root@zuozuo ~]# tar xvf openssh-8.6p1.tar.gz
[root@zuozuo ~]# cd openssh-8.6p1
[root@zuozuo ~]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl -with-ssl-dir=/opt/openssl --with-zlib --with-md5-passwords --with-pam
[root@zuozuo ~]# make
[root@zuozuo ~]# make install
[root@zuozuo ~]# ssh -V
4.其他收尾工作
创建账号(避免SSH重启之后连不上,先创建一个普通用户)
[root@www ~]# useradd useradmin
[root@www ~]# passwd useradmin
SSH权限优化设置
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
sed -i '93s/^/#/' /etc/ssh/sshd_config
sed -i '94s/^/#/' /etc/ssh/sshd_config
sed -i '123s/^/#/' /etc/ssh/sshd_config
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
systemctl enable sshd
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
ssh权限修改
sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config
sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
/etc/init.d/sshd restart
ssh -V