Openssh升级操作步骤
一、开启Telnet远程管理
1.1 修改/etc/xinetd.d/krb5-telnet文件
#vi /etc/xinetd.d/krb5-telnet
krb5-telnet文件内容如下:
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \\ # but can also use Kerberos 5 authentication. service telnet
{
flags = REUSE
socket_type = stream wait = no user = root
server = /usr/kerberos/sbin/telnetd log_on_failure += USERID
disable = no //默认为yes,即启用禁用telnet服务
按照红色字体进行修改,修改完毕保存文件退出。
1.2 开启xinetd服务
# /etc/init.d/xinetd restart
[root@web2 ~]# /etc/init.d/xinetd restart 停止 xinetd:[确定] 启动 xinetd:[确定]
# netstat -tnlp | grep :23
[root@web2 ~]# netstat -tnlp | grep :23
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1433/xinetd
注:在Web2服务器上 执行/etc/init.d/xinetd restart 提示错误 下载包xinetd-2.3.14-10.el5.i386 安装即可 #rpm –ivh xinetd-2.3.14-10.el5.i386
1.3 停止SSHD服务
#/sbin/service sshd stop
[root@web2 ~]# /sbin/service sshd stop 停止 sshd:[确定]
cp /etc/init.d/sshd /root/ 备份复制启动脚本 [root@web2 ~]# cp /etc/init.d/sshd /root/ [root@web2 ~]# cd /root/
[root@web2 ~]# ls
anaconda-ks.cfg dapeng-20091210 data.sql ems1.sql gsz install.log.syslog TurboMQv2.jar
com_20091218backup dapeng-20091212 Desktop ems.sql install.log sshd xmlbak
1.4 卸载Openssh
#rpm -e openssh --nodeps #rpm -e openssh-server --nodeps #rpm -e openssh-clients --nodeps #rpm -e openssh-askpass-gnome
#rpm -e openssh-askpass
[root@web2 ~]# rpm -e openssh --nodeps [root@web2 ~]# rpm -e openssh-server --nodeps
warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave [root@web2 ~]# rpm -e openssh-server --nodeps error: package openssh-server is not installed [root@web2 ~]# rpm -e openssh-askpass-gnome
error: package openssh-askpass-gnome is not installed [root@web2 ~]# rpm -e openssh-askpass
二、下载安装最新的openssl和openssh
2.1 下载相关软件包
下载至/usr/local/src目录
下载地址:http://www.openssl.org/source/ openssl-0.9.8r.tar.gz
#cd /usr/local/src
#tar zxvf openssl-0.9.8r.tar.gz #cd openssl-0.9.8r #./config shared zlib
#make
#make test #make install
mv /usr/bin/openssl /usr/bin/openssl.OFF
mv /usr/include/openssl /usr/include/openssl.OFF
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
2.2 配置库文件搜索路径
# echo \# /sbin/ldconfig -v
[root@web2 openssl-0.9.8r]# openssl version -a OpenSSL 0.9.8r 8 Feb 2011
built on: Thu Jun 9 21:19:24 CST 2011 platform: linux-x86_64
options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM OPENSSLDIR: \
三、安装openssh包 3.1 解压缩
# tar zxvf openssh-5.8p1.tar.gz
3.2准备编译
将/etc/ssh的文件夹备份,备份后删除
#mv ssh sshbak #rm –rf ssh
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
3.3 make 3.4 make install
四、启动并验正服务的开启状况
4.1 调试启动,如果以下显示均正常,就可以正常启动sshd了
# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_5.8p1
debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Address already in use. debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address.
4.2 启动服务
#/usr/sbin/sshd 或者
#service sshd start
4.3 查看服务端口中是否有22
#netstat -tnlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21018/sshd
五、修改密钥,添加appserv用户登陆
5.1 在web2上将密钥去掉
#vi .ssh/known_hosts 删除里面所有的内容
5.2修改/etc/ssh/sshd_config文件,将appserv添加至该文件中
在Banner none的地方添加内容如下: AllowUsers appserv
六、关闭telnet 6.1关闭telnet服务
#/etc/init.d/xinetd stop # netstat -tnlp | grep :23 vi /etc/xinetd.d/krb5-telnet
百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读,免费范文网,提供经典小说综合文库Openssh升级操作步骤在线全文阅读。
相关推荐: