源码升级openssl3.2和openssh9.5

第一：打开telnet

1：首先linux版本

cat /etc/redhat-release

2：查看是否安装过ssl和ssh

rpm -qa|grep ssh

rpm -qa|grep ssl

3：查看当前版本

ssh -V

4：查看是否安装telnet

rpm -qa|grep telnet

5：安装telnet

rpm -ivh telnet xinetd --nodeps

6：启动服务

systemctl start xinetd.service

systemctl enable xinetd.service

7：设置telent允许root登录

vim /etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses \

# unencrypted username/password pairs for authentication.

service telnet

{

disable = no

flags = REUSE

socket_type = stream

wait = no

user = root

server = /usr/sbin/in.telnetd

log_on_failure += USERID

}

disable = no 是允许root远程登陆

disable = yes 是不允许root远程登陆

第二：安装ssl3.2

1：安装依赖

yum install -y gcc* perl* zlib*

2：解压

tar -zxvf openssl-3.2.0-alpha2.tar.gz

3：进入目录

cd openssl-3.2.0-alpha2

4：编译

./config enable-fips --prefix=/usr/local --openssldir=/usr/local/openssl

make -j 2

mv /usr/bin/openssl /usr/bin/openssl.bak

make install

5：设置软连接

ln -sf /usr/local/bin/openssl /usr/bin/openssl

ln -sf /usr/local/include/openssl /usr/include/openssl

6：更新动态链接库

whereis openssl

[root@alibaba openssl-3.2.0-alpha2]# ldd /usr/local/bin/openssl

linux-vdso.so.1 => (0x00007ffec4ebe000)

libssl.so.3 => not found

libcrypto.so.3 => not found

libdl.so.2 => /lib64/libdl.so.2 (0x00007f543395e000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5433742000)

libc.so.6 => /lib64/libc.so.6 (0x00007f5433375000)

/lib64/ld-linux-x86-64.so.2 (0x00007f5433b62000)

[root@alibaba openssl-3.2.0-alpha2]#

发现缺少libssl.so.3

查找这个libssl.so.3

[root@alibaba openssl-3.2.0-alpha2]# find / -name libssl.so.3

/root/openssl-3.2.0-alpha2/libssl.so.3

/usr/local/lib64/libssl.so.3

[root@alibaba openssl-3.2.0-alpha2]

设置软连接

ln -sf /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

刷新库

ldconfig -v

再次查看ldd，发现已经链接上去了

[root@alibaba openssl-3.2.0-alpha2]# ldd /usr/local/bin/openssl

linux-vdso.so.1 => (0x00007fff9c1bf000)

libssl.so.3 => /lib64/libssl.so.3 (0x00007ff9eb9b8000)

libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007ff9eb309000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007ff9eb105000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff9eaee9000)

libc.so.6 => /lib64/libc.so.6 (0x00007ff9eab1c000)

/lib64/ld-linux-x86-64.so.2 (0x00007ff9ebca5000)

[root@alibaba openssl-3.2.0-alpha2]#

查看版本

[root@alibaba openssl-3.2.0-alpha2]# openssl version

OpenSSL 3.2.0-alpha2 28 Sep 2023 (Library: OpenSSL 3.2.0-alpha2 28 Sep 2023)

[root@alibaba openssl-3.2.0-alpha2]#

第三：安装openssh9.5

1：解压

tar -zxvf openssh-9.5p1.tar.gz

2：进入目录

cd openssh-9.5p1/

3：备份pam.d

mv /etc/pam.d/sshd /etc/pam.d/sshd.bak

4：编译

./configure --prefix=/usr \

--sysconfdir=/etc/ssh \

--with-pam \

--with-zlib \

--with-ssl-dir=/usr/local/openssl \

--with-md5-passwords \

--mandir=/usr/share/man \

--without-openssl-header-check

make -j 2

卸载openssh旧版本

rpm -e `rpm -qa | grep openssh` --nodeps

make install

5：拷贝启动服务

cp contrib/redhat/sshd.init /etc/init.d/sshd

cp contrib/redhat/sshd.pam /etc/pam.d/sshd

6：查看升级后版本

[root@alibaba openssh-9.5p1]# ssh -V

OpenSSH_9.5p1, OpenSSL 3.2.0-alpha2 28 Sep 2023

[root@alibaba openssh-9.5p1]#

7：允许root远程登陆

sed -i 's/^\#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

8：授予权限

cd /etc/ssh/

chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key

9：还原sshd

[root@alibaba pam.d]# mv /etc/pam.d/sshd.bak /etc/pam.d/sshd

mv: overwrite ‘/etc/pam.d/sshd’? y

[root@alibaba pam.d]#

10：启动服务

redhat7重启命令

systemctl enable sshd

systemctl restart sshd

systemctl status sshd

redhat6重启命令

chkconfig sshd on

service sshd restart

service sshd status