本文共 5712 字,大约阅读时间需要 19 分钟。
1、通过Filezilla上传需要的相关软件
| 上传至/usr/local/src目录,查看:[root@server ~]# cd /usr/local/src [root@server src]# ls [root@server src]# ls openssh-5.6p1.tar.gz openssl-1.0.0c.tar.gz zlib-1.2.5.tar.gz [root@server src]# |
2、使用ssh -v查看当前SSH的版本: | [root@server ~]# ssh -vOpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-w tunnel:tunnel] [user@]hostname [command] |
3、安装zlib-1.2.5 | 注意:安装之前确保已经装有gcc、gcc-c++库[root@server src]# rpm -qa gcc [root@server src]# rpm -qa gcc-c++如果没有安装可以用yum直接联网安装:[root@server src]# yum -y install gcc[root@server src]# yum -y install gcc-c++ |
| 确保已经安装了gcc和gcc-c++库后,开始安装zlib-1.2.5 [root@server src]# tar -zxvf zlib-1.2.5.tar.gz [root@server src]# cd zlib-1.2.5 [root@server zlib-1.2.5]# ./configure --prefix=/usr/local/zlib-1.2.5 -share[root@server zlib-1.2.5]# make [root@server zlib-1.2.5]# make test[root@server zlib-1.2.5]# make install [root@server zlib-1.2.5]# vi /etc/ld.so.conf #配置库文件搜索路径 增加下列一行/usr/local/zlib-1.2.5/lib[root@server zlib-1.2.5]# ldconfig -v #刷新缓存文件/etc/ld.so.cache |
4、安装openssl | [root@server src]# tar -zxvf openssl-1.0.0c.tar.gz [root@server src]# cd openssl-1.0.0c [root@server openssl-1.0.0c]# ./config shared zlib-dynamic --prefix=/usr/local/openssl-1.0.0c --with-zlib-lib=/usr/local/zlib-1.2.5/lib --with-zlib-include=/usr/local/zlib-1.2.5/include [root@server openssl-1.0.0c]# make [root@server openssl-1.0.0c]# make test (这一步是进行 SSL 加密协议的完整测试,如果出现错误就要一定先找出原因,否则可能导致SSH不能用)[root@server openssl-1.0.0c]# make install [root@server openssl-1.0.0c]# vi /etc/ld.so.conf #配置库文件搜索路径增加下列一行 /usr/local/openssl-1.0.0c/lib #64位OS 没有生成lib目录,是lib64目录 [root@server openssl-1.0.0c]# ldconfig -v #刷新缓存文件/etc/ld.so.cache [root@server openssl-1.0.0c]# vi /etc/profile #将新的ssl加入PATH变量中增加下列两行 PATH=/usr/local/openssl/bin:$PATH export PATH保存、退出[root@server openssl-1.0.0c]# find / -name openssl #查找openssl所在系统位置/usr/lib/openssl #旧的 /usr/local/openssl-1.0.0c/include/openssl #新的 /usr/local/openssl-1.0.0c/bin/openssl #新的 /usr/bin/openssl #旧的 接下来开始替换系统原来的SSL[root@server openssl-1.0.0c]# cp -R /usr/bin/openssl /usr/bin/oldopenssl [root@server openssl-1.0.0c]# cp -R /usr/lib/openssl /usr/lib/oldopenssl [root@server openssl-1.0.0c]# rm -rf /usr/lib/libcrypto.so [root@server openssl-1.0.0c]# rm -rf /usr/lib/libssl.so [root@server openssl-1.0.0c]# ln -s /usr/local/openssl-1.0.0c/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so [root@server openssl-1.0.0c]# ln -s /usr/local/openssl-1.0.0c/lib/libssl.so.1.0.0 /usr/lib/libssl.so [root@server openssl-1.0.0c]# cp -r /usr/local/openssl-1.0.0c/lib/* /usr/lib/openssl [root@server openssl-1.0.0c]# echo /usr/local/openssl-1.0.0c/lib >> /etc/ld.so.conf [root@server openssl-1.0.0c]# ldconfig -v [root@server openssl-1.0.0c]# openssl version -v #查看openssl的新版本号OpenSSL 1.0.0c 2 Dec 2010 |
5、卸载当前使用的openssh | [root@server openssl-1.0.0c]# rpm -qa openssh openssh-4.3p2-41.el5 [root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el5 error: Failed dependencies: openssh = 4.3p2-41.el5 is needed by (installed) openssh-clients-4.3p2-41.el5.i386 openssh = 4.3p2-41.el5 is needed by (installed) openssh-server-4.3p2-41.el5.i386 openssh = 4.3p2-41.el5 is needed by (installed) openssh-askpass-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-askpass-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-server-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-clients-4.3p2-41.el5.i386 [root@server openssl-1.0.0c]# rpm -e openssh-4.3p2-41.el |
6、安装新版本openssh [root@server src]# tar -zxvf openssh-5.6p1.tar.gz [root@server src]# cd openssh-5.6p1 [root@server openssh-5.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl-1.0.0c --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib-1.2.5 --without-openssl-header-check出现:configure: error: PAM headers not found 错误 说明系统中没有安装pam-devel RPM 包,找到安装光盘,安装pam-devel或者用yum直接安装 [root@server openssh-5.6p1]# yum -y install pam*安装完PAM相关包后,再重新编译[root@server openssh-5.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl-1.0.0c --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib-1.2.5 --without-openssl-header-check [root@server openssh-5.6p1]# make [root@server openssh-5.6p1]# make install [root@server openssh-5.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd [root@server openssh-5.6p1]# chmod +x /etc/init.d/sshd [root@server openssh-5.6p1]# chkconfig --add sshd [root@server openssh-5.6p1]# service sshd start正在启动 sshd:WARNING: initlog is deprecated and will be removed in a future release [确定]这时出现“WARNING: initlog is deprecated and will be removed in a future release ”错误,可能是前面编译安装ssh在启动服务的时候没有更改文件路径,解决方法是:编辑/etc/init.d/sshd | 注释如下行#initlog -c "$SSHD $OPTIONS" && success || failure 添加如下行$SSHD $OPTIONS && success || failure | 然后再重新启动sshd服务,正常 [root@server openssh-5.6p1]# /etc/init.d/sshd restart停止 sshd:[确定] 正在启动 sshd:[确定] 最后使用ssh -v查看当前的SSH版本:[root@server openssh-5.6p1]# ssh -vOpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010 usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]OK,升级完成。 |
转载地址:http://bemna.baihongyu.com/