@cdmonkey
2016-05-04T10:01:02.000000Z
字数 3683
阅读 1117
操作系统
http://www.linuxidc.com/Linux/2014-12/110466.htm
http://blog.itpub.net/23757700/viewspace-754986
https://github.com/mkj/dropbear
安装“Dropbear”的目的是用来防止升级不成功,从而能够替代openssh连接服务器。
yum install -y zlib zlib-devel[root@docker-node1 tools]# tar jxvf dropbear-2016.73.tar.bz2[root@docker-node1 tools]# cd dropbear-2016.73# Can refer INSTALL./configure --prefix=/usr/local/dropbear/make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
[root@docker-node1 ~]# mkdir /etc/dropbear/usr/local/dropbear/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key/usr/local/dropbear/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key/usr/local/dropbear/bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key# Start the Service:[root@docker-node1 ~]# /usr/local/dropbear/sbin/dropbear -p 2200# Check:[root@docker-node1 ~]# lsof -i:2200COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEdropbear 16612 root 3u IPv4 557991 0t0 TCP *:ici (LISTEN)dropbear 16612 root 4u IPv6 557992 0t0 TCP *:ici (LISTEN)
这样的话,我们就能够通过2200端口远程连接服务器了。
确认升级前的版本:
[root@zabbix ~]# openssl version -a|grep OpenSSLOpenSSL 1.0.1e-fips 11 Feb 2013
[root@docker-node1 ~]# rpm -e `rpm -qa | grep openssl` --allmatches --nodeps# 移除有风险,可不进行移除操作,而仅仅是不再使用将老版本的指令。------------------[root@docker-node1 tools]# tar zxvf openssl-1.0.1s.tar.gz[root@docker-node1 tools]# cd openssl-1.0.1s./config --prefix=/usr/local/openssl --sharedmakemake test # Need appear: ALL TESTS SUCCESSFUL.make install# Backup the old openssl:[root@zabbix openssl-1.0.1s]# mv /usr/bin/openssl /usr/bin/openssl.old[root@zabbix openssl-1.0.1s]# mv /usr/include/openssl /usr/include/openssl.old# Create Soft link:ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/openssl# Configuration library file search path:echo "/usr/local/openssl/lib" >> /etc/ld.so.confldconfig -v
验证升级后的版本:
[root@zabbix openssl-1.0.1s]# openssl version -a|grep OpenSSLOpenSSL 1.0.1s 1 Mar 2016
确认升级前的版本:
[root@zabbix ~]# ssh -VOpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
安装前不需要关闭sshd服务的,可远程安装“OpenSSL”后,重启一下sshd就好了。
# Backup & Delete:[root@docker-node1 ~]# mv /etc/ssh /etc/ssh.bakrpm -e openssh-server --nodepsrpm -e openssh-clients --nodepsrpm -e openssh --nodepsrpm -e openssh-askpass
yum install gcc gcc-c++ make perl pam pam-devel# Install:[root@docker-node1 ~]# cd tools/openssh-6.9p1./configure \--prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl \--with-pam --with-zlib --with-md5-passwordsmakemake install# Create Soft link:ln -s /usr/local/openssh/bin/ssh /usr/bin/sshln -s /usr/local/openssh/bin/ssh-add /usr/bin/ssh-addln -s /usr/local/openssh/bin/ssh-agent /usr/bin/ssh-agentln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygenln -s /usr/local/openssh/bin/ssh-keyscan /usr/bin/ssh-keyscanln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd
验证下升级后的版本:
[root@zabbix openssh-6.9p1]# ssh -VOpenSSH_6.9p1, OpenSSL 1.0.1s 1 Mar 2016
拷贝服务启动脚本:
cp tools/openssh-6.9p1/contrib/redhat/sshd.init /etc/init.d/sshdchmod +x /etc/init.d/sshd[root@zabbix ~]# chkconfig --add sshd[root@zabbix ~]# chkconfig sshd on
调试启动,如果一下显示均正常,就可以正常启动sshd了。
[root@zabbix ~]# /usr/sbin/sshd -ddebug1: sshd version OpenSSH_6.9, OpenSSL 1.0.1s 1 Mar 2016debug1: private host key #0: ssh-rsa SHA256:P32k9u8FymdbN7ilVeZ2/32WaB5lLanQpzWu2lRddDYdebug1: private host key #1: ssh-dss SHA256:Mw9OBgWHJ1kOlFBYGlZ1GdNnuz0IycXqgucmXZxSPAsdebug1: private host key #2: ecdsa-sha2-nistp256 SHA256:G6dJWyNbWnFUFcGzp1ly8wkOZQM3wW7a6obcilZ5Vdebug1: private host key #3: ssh-ed25519 SHA256:AVvrJOnEPQxE6WMj08FhSAgjXlE8T7SCei1DoEEQbC4debug1: rexec_argv[0]='/usr/sbin/sshd'debug1: rexec_argv[1]='-d'Set /proc/self/oom_score_adj from 0 to -1000debug1: Bind to port 22 on 0.0.0.0.Server listening on 0.0.0.0 port 22.debug1: Bind to port 22 on ::.Server listening on :: port 22.