当前位置:   article > 正文

Ubuntu22.04下openssh&openssl升级_ubuntu 升级ssh

ubuntu 升级ssh

1、基础依赖

下载相关的包

#openssh

wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz

#zlib:wget --no-check-certificate https://www.zlib.net/zlib-1.3.tar.gz

#openssl:wget --no-check-certificate https://www.openssl.org/source/openssl-3.1.2.tar.gz

安装依赖

apt update

apt install -y g++ perl make libpam0g-dev build-essential

安装telnet

在升级SSH过程中,确保Telnet能够连接服务器是为了提供远程访问方式(以防ssh升级失败,导致无法连接服务器)。需要注意的是,由于Telnet的不安全性,应尽量减少在正式环境中使用Telnet,并在SSH升级完成&恢复正常的SSH远程访问后关闭Telnet。

apt install openbsd-inetd telnetd telnet -y

systemctl restart openbsd-inetd

systemctl status openbsd-inetd

netstat -anpt|grep 23

测试是否可以通过Telnet成功登陆

卸载原openssh:apt-get autoremove openssh-server openssh-client -y

安装zlib-1.3

tar zxvf zlib-1.3.tar.gz

cd zlib-1.3/

./configure --shared

make && make install

2、升级openssl-3.1.2

#解压

tar zxvf openssl-3.1.2.tar.gz

cd openssl-3.1.2

#编译安装

./config --prefix=/usr/local/openssl shared zlib

sudo make depend

sudo make && make install

#备份原来的openssl,创建软链接到系统位置

sudo mv /usr/bin/openssl /usr/bin/openssl.bak

sudo ln -sv /usr/local/openssl/bin/openssl /usr/bin/openssl

#更新动态链接库数据

echo "/usr/local/openssl/lib" >>sudo /etc/ld.so.conf

sudo ldconfig -v

openssl version

期间出现的错误及解决办法:

# openssl version

openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.0.9' not found (required by openssl)

# cp libcrypto.so.3 /lib/x86_64-linux-gnu/libcrypto.so.3

# openssl version

3、升级openssh-9.3p2

基础依赖参考以上内容

sudo apt-get install zlib1g-dev -y

tar zxvf openssh-9.3p2.tar.gz

cd openssh-9.3p2

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --without-zlib-version-check --with-ssl-dir=/usr/local/openssl/ --with-privsep-path=/var/lib/ssh

make && make install

ssh -V

取消屏蔽SSH服务并启动

systemctl unmask ssh.service

systemctl start sshd

systemctl status sshd

关闭Telnet

systemctl status openbsd-inetd

systemctl disable openbsd-inetd

systemctl stop openbsd-inetd

systemctl status openbsd-inetd

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/知新_RL/article/detail/980760
推荐阅读
相关标签
  

闽ICP备14008679号