openssl升级步骤

合集下载
相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

以下操作都是以root用户登录操作

1.先安装telnet,以防升级openssl失败不能登录,就可以用telnet登录。
(1)检查是否安装telnet:rpm -qa|grep xinetd 或者 yum list install |grep xinetd
(2)若安装好,一定要测试一下,telnet是否可以登录。若没有安装,以下命令检查:yum list available|grep xinetd 是否已经存在安装包:
[root@asIVRyyhc2 ~]# yum list available|grep xinetd
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
xinetd.x86_64 2:2.3.14-39.el6_4 http
(3)安装:yum -y install xinetd.x86_64
(4)安装telnet服务:yum list available|grep telnet
[root@asIVRyyhc2 anquan]# yum list|grep telnet
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
telnet.x86_64 1:0.17-47.el6_3.1 http
telnet-server.x86_64 1:0.17-47.el6_3.1 http
(5) yum -y install telnet-server.x86_64
(6)新建配置文件并添加下面:vi /etc/xinetd.d/telnet :
service telnet
{
disable = no
socket_type = stream
server = /usr/sbin/in.telnetd
# server_args =
protocol = tcp
user = root
wait = no
}
(7)重启xinetd服务:service xinetd restart
(8)新建用户:useradd -d /home/aikf -s /bin/bash aikf
(9)passwd aikf 创建密码:aikf_123。
(10)在其他机器上试试telnet是否可以登录,一定要能telnet登录。

2.zlib-1.2.5安装:
(1) tar -jxvf zlib-1.2.5.bz2
(2) cd zlib-1.2.5
(3) ./configure
(4) make
(5) make install

3.删除已经安装的旧的openssh.
(1) yum list installed|grep openssh
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
openssh.x86_64 5.3p1-94.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
openssh-clients.x86_64 5.3p1-94.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
openssh-server.x86_64 5.3p1-94.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
(2) rpm -e openssh-clients.x86_64 --nodeps
(3) rpm -e openssh.x86_64 --nodeps
(4) rpm -e openssh-server.x86_64 --nodeps

4.删除已经安装的旧的openssl
(1) yum list installed|grep openssl
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
openssl.x86_64 1.0.1e-15.el6 @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
(2) rpm -e openssl.x86_64 --nodeps

5.安装openssl
(1) gunzip openssl-1.0.2j.tar.gz
(2) tar -xvf openssl-1.0.2j.tar
(3) cd openssl-1.0.2j
(4) ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic
(5) make depend
(6) make
(7) make MANDIR=/usr/share/man

MANSUFFIX=ssl install
(8) install -dv -m755 /usr/share/doc/openssl-1.0.2j
(9) cp -vfr doc/* /usr/share/doc/openssl-1.0.2j
(10) mkdir /usr/include/openssl
(11) cp ./openssl/*.h /usr/include/openssl

6.安装openssh
(1) gunzip openssh-7.3p1.tar.gz
(2) tar -xvf openssh-7.3p1.tar ; cd openssh-7.3p1
(3) install -v -m700 -d /var/lib/sshd
(4) chown -v root:sys /var/lib/sshd
(5) groupadd -g 50 sshd
(6) useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

(7) rm /usr/lib64/libcrypto.so.1.0.0
(8) ln -s /usr/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0
(9) rm /usr/lib64/libssl.so
(8) ln -s /usr/lib/libssl.so.1.0.0 /usr/lib64/libssl.so
(9) ln -s /usr/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.10
(10) ln -s /usr/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10
(11) ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd
(12) make
(13) make install
(14) install -v -m755 contrib/ssh-copy-id /usr/bin
(15) install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
(16) install -v -m755 -d /usr/share/doc/openssh-7.3p1
(17) install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.3p1
(18) cp ./contrib/redhat/sshd.init /etc/init.d/sshd

7.配置和确认ssh登录
(1) 修改配置:vi /etc/ssh/sshd_config
PermitRootLogin Yes
PasswordAuthentication yes
PermitEmptyPasswords no
(2) service sshd restart

8.停掉xinetd服务
(1) service xinetd stop

相关文档
最新文档