性做久久久久久久久久久,久久精品视频一,波多野结衣中文字幕久久

1.下載最新的openssh包

升級openssh的實例詳解

2.升級openssh之前要先打開服務器telnet，通過telnet登錄服務器，因為升級過程中會導致ssh暫時不能用

打開linux telnet服務：

查看telnet是否已經(jīng)安裝：

rpm -qa|grep telnet

telnet-0.17-48.el6.x86_64

telnet-server-0.17-48.el6.x86_64

如果沒有安裝，通過yum安裝

[root@leotest ~]# yum install telnet

[root@leotest ~]# yum install telnet-server

啟動telnet服務：

編輯telnet文件，將disable改成no

[root@leotest xinetd.d]# vi /etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses

#?????? unencrypted username/password pairs for authentication.

service telnet

{

??????? flags?????????? = REUSE

??????? socket_type???? = stream

??????? wait??????????? = no

??????? user??????????? = root

????? ??server????????? = /usr/sbin/in.telnetd

??????? log_on_failure? += USERID

??????? disable???????? = no

}

重啟xinetd服務：

service xinetd restart

or:

/etc/rc.d/init.d/xinetd restart

通過telnet連接服務器：

[c:~]$ telnet 192.168.5.5

Connecting to 192.168.5.5:23…

Connection established.

To escape to local shell, press ‘Ctrl+Alt+]’.

Red Hat Enterprise Linux Server release 6.8 (Santiago)

Kernel 2.6.32-642.el6.x86_64 on an x86_64

Password:

[test@leotest ~]$

由于默認telnet只能連接普通用戶，所以需要登錄普通用戶之后跳轉(zhuǎn)到root用戶

3.備份原openssh相關文件：

cp /usr/sbin/sshd /usr/sbin/sshd.bak

cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

cp /etc/ssh/moduli /etc/ssh/moduli.bak

Note:刪除掉下面三個文件，否則安裝的時候會報錯：

/etc/ssh/ssh_config already exists, install will not overwrite

/etc/ssh/sshd_config already exists, install will not overwrite

/etc/ssh/moduli already exists, install will not overwrite

rm /etc/ssh/ssh_config -fr

rm /etc/ssh/sshd_config -fr

rm /etc/ssh/moduli -fr

yum install pam-devel

yum install zlib-devel

yum install openssl-devel

4.解壓并安裝openssh

[root@leotest softs]# tar -zxvf openssh-7.4p1.tar.gz

[root@leotest softs]# ls

openssh-7.4p1? openssh-7.4p1.tar.gz? openssh-7.4p1-vs-openbsd.diff.gz

[root@leotest softs]# cd openssh-7.4p1

[root@leotest openssh-7.4p1]#./configure –prefix=/usr/local/openssh –sysconfdir=/etc/ssh –with-pam –with-md5-passwords –mandir=/usr/share/man

### configure: error: *** zlib.h missing – please install first or check config.log

#yum install zlib-devel

###configure: error: *** Can’t find recent OpenSSL libcrypto (see config.log for details) ***

#yum install openssl openssl-devel

重新編譯：

重新編譯前要先清理之前的編譯信息：

make clean

ldconfig

[root@leotest openssh-7.4p1]# ?./configure –prefix=/usr/local/openssh –sysconfdir=/etc/ssh –with-pam –with-md5-passwords –mandir=/usr/share/man

OpenSSH has been configured with the following options:

???????????????????? User binaries: /usr/bin

?????????????????? System binaries: /usr/sbin

?? ????????????Configuration files: /etc/ssh

?????????????????? Askpass program: /usr/libexec/ssh-askpass

????????????????????? Manual pages: /usr/share/man/manX

????????????????????????? PID file: /var/run

? Privilege separation chroot path: /var/empty

???? ???????sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin

??????????????????? Manpage format: doc

?????????????????????? PAM support: no

?????????????????? OSF SIA support: no

???????????????? KerberosV support: no

?????????????????? SELinux support: no

???????????????? Smartcard support:

???????????????????? S/KEY support: no

????????????? MD5 password support: no

?????????????????? libedit support: no

? Solaris process contract support: no

?????????? Solaris project support: no

???????? Solaris privilege support: no

?????? IP address in $DISPLAY hack: no

?????????? Translate v4 in v6 hack: yes

????????????????? BSD Auth support: no

????????????? Random number source: OpenSSL internal ONLY

???????????? Privsep sandbox style: rlimit

???? ?????????Host: x86_64-pc-linux-gnu

????????? Compiler: gcc

??? Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE

Preprocessor flags:

????? Linker flags:? -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie

???????? Libraries: -lcrypto -lrt -ldl -lutil -lz? -lcrypt -lresolv

make && make install

/etc/init.d/sshd restart

5.覆蓋舊的文件

cp -p /softs/openssh-7.4p1/contrib/redhat/sshd.init /etc/init.d/sshd

chmod u+x /etc/init.d/sshd

chkconfig –add sshd

cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

[root@pttlstydb openssh-7.4p1]# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

cp: overwrite `/usr/sbin/sshd’? y

cp: cannot create regular file `/usr/sbin/sshd’: Text file busy

文件正在被使用

[root@pttlstydb openssh-7.4p1]# ps -ef|grep sshd

root???? 14111???? 1? 0 10:05 ???????? 00:00:00 sshd: root@pts/0

root???? 14865???? 1? 0 10:22 ???????? 00:00:00 sshd: root@notty

root???? 24182 14779? 0 10:30 pts/1??? 00:00:00 grep sshd

[root@pttlstydb openssh-7.4p1]# kill -9 14865

[root@pttlstydb openssh-7.4p1]# ps -ef|grep sshd

root???? 24227 14779? 0 10:31 pts/1??? 00:00:00 grep sshd

重新覆蓋：

cp /usr/local/openssh/bin/ssh /usr/bin/ssh

[root@leotest openssh-7.4p1]# service sshd restart

Stopping sshd:???????????????????????????????????????????? [? OK? ]

ssh-keygen: illegal option — A

usage: ssh-keygen [options]

Options:

cat /etc/init.d/sshd

start()

{

# Create keys if necessary

/usr/bin/ssh-keygen -A

if [ -x /sbin/restorecon ]; then

/sbin/restorecon /etc/ssh/ssh_host_key.pub

/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub

/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub

/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub

echo -n $”Starting $prog:”

$SSHD $OPTIONS && success || failure

RETVAL=$?

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd

echo

}

因為默認低版本的ssh-keygen沒有-A參數(shù)

解決方法：

cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

重啟sshd服務：

[root@leotest ssh]# service sshd restart

Stopping sshd:???????????????????????????????????????????? [? OK? ]

Starting sshd:???????????????????????????????????????????? [? OK? ]

Starting sshd:/etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication

/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials

原因：新版本的openssh不支持以上參數(shù)，需要修改sshd的配置文件

[root@leotest openssh-7.4p1]# vi /etc/ssh/sshd_config

##去掉前面的注釋，允許root通過ssh登錄

PermitRootLogin yes

##注釋掉下面三個參數(shù)

#GSSAPIAuthentication yes

#GSSAPICleanupCredentials yes

#UsePAM yes

##在文件末尾加上如下信息，否則還是無法通過ssh登錄linux：

導致此問題的原因是ssh升級后，為了安全，默認不再采用原來一些加密算法，我們手工添加進去即可。

Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,arcfour128,arcfour256,arcfour,blowfish-cbc,cast128-cbc

MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org

6.重啟sshd服務,測試ssh連接服務器

service sshd restart

[c:~]$ ssh 192.168.5.5

Connecting to 192.168.5.5:22…

Connection established.

To escape to local shell, press ‘Ctrl+Alt+]’.

Last login: Tue Dec 27 00:22:10 2016 from 192.168.5.2

[root@leotest ~]# ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013

7.禁用telnet

[root@leotest ~]# vi /etc/xinetd.d/telnet

# default: on