Smooth upgrade OpenSSH to 6.7
I. Description of the Environment
1) Operating system: CentOS 5.5 64-bit
2) OpenSSL pre-upgrade version: OpenSSL 0.9.8e
3) OpenSSL upgrade version: OpenSSL 1.0.1j (source installation)
4) OpenSSH pre-upgrade version: Openssh-4.3p2-41.el5
5) OpenSSH upgrade version: OPENSSH_6.7P1 (source installation)
6) Connection Tool Xshell 4
Second, install dropbear instead of OpenSSH
The dropbear is installed only to be able to log on to the system when the upgrade fails and the sshd does not boot up. can also be replaced with other tools, such as Telnet
1) Download Dropbear installation package
https://matt.ucc.asn.au/dropbear/releases/dropbear-2014.66.tar.bz2
2) Check the installation dependency package
Yum Install zlib* gcc make
3) Compile and install Dropbear
# tar jxf dropbear-2014.66.tar.bz2
# CD dropbear-2014.66
#./configure
# Make && make install
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbdf0.tmp "alt=" wpsBDF0.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B9/wKiom1SK8cfjX9G_AAJ5XZUBaNE756.jpg "height=" 323 "border=" 0 "/>
Check that the resulting file is correct:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbdf1.tmp "alt=" wpsBDF1.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mHRcy7iAACfNHAZDWM211.jpg "height=" border= "0"/>
4) Generate certificate
#/usr/local/bin/dropbearkey-t Dss-f/etc/dropbear/dropbear_dss_host_key
#/usr/local/bin/dropbearkey-t Rsa-s 4096-f/etc/dropbear/dropbear_rsa_host_key
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe01.tmp "alt=" wpsBE01.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mGCwBUGAAKDlAuTfX0422.jpg "height=" 181 "border=" 0 "/>
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe12.tmp "alt=" wpsBE12.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mGhYD7yAANHuqf-B8E781.jpg "height=" 229 "border=" 0 "/>
5) Start Dropbear
#/usr/local/sbin/dropbear-p 2222//Monitor 2222 port
To see if the startup was successful:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe13.tmp "alt=" wpsBE13.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mHAUutKAAHWQqBmuG4755.jpg "height=" 345 "border=" 0 "/>
Third, upgrade OpenSSL to openssl-1.0.1j, and remove the old version
1) Pre-upgrade preparation
Download openssl-1.0.1j
Http://www.openssl.org/source/openssl-1.0.1j.tar.gz
2) Delete old version
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe24.tmp "alt=" wpsBE24.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mGyfxMYAACAEoR78Sk872.jpg "height=" border= "0"/>
#rpm-E ' Rpm-qa | grep OpenSSL '--allmatches--nodeps
3) Install OpenSSL, you must remember to add the--shared option, or OpenSSH compile will not find the newly installed OpenSSL library, will error: OpenSSL header and the library version does not match
#./config--prefix=/usr--shared
# make
# Make Test
# make Install
See if the OpenSSL version is installed correctly after completion
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe34.tmp "alt=" wpsBE34.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mKg78scAAHjgq7bRk4926.jpg "height=" 162 "border=" 0 "/>
Four, upgrade sshd to OpenSSH-6.7 and delete the old version of SSH
1) Pre-upgrade preparation
See if a package is missing
# Rpm-qa | Egrep "Gcc|make|perl|pam|pam-devel"
If you have a yum configuration, you can install these packages directly from Yum, so that you can check whether they are loaded or not installed directly.
Yum-y Install gcc* make Perl Pam Pam-devel
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe35.tmp "alt=" wpsBE35.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mKjIOPNAAH3TJBvbnE805.jpg "height=" 509 "border=" 0 "/>
2) Download openssh-6.7p1.tar.gz
Http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz
Backup ssh:
# Mv/etc/ssh/etc/ssh.bak
# OpenSSL Version-a
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe55.tmp "alt=" wpsBE55.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mKRFkE-AAHxy6mKs0k142.jpg "height=" 202 "border=" 0 "/>
3) Compile and install the new version OpenSSH
# tar zxf openssh-6.7p1.tar.gz && CD OPENSSH-6.7P1
#./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords
# make
Uninstall the old version of OpenSSH first, then make the install
# Rpm-qa | grep OpenSSH
# rpm-e ' Rpm-qa | grep OpenSSH '
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe56.tmp "alt=" wpsBE56.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mLyYi7aAAEyJLnkwsE626.jpg "height=" 149 "border=" 0 "/>
Openssh-askpass is used to enter the password in the graphical interface, do not need to install
# make Install
4) See if you are upgrading to a new version
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe57.tmp "alt=" wpsBE57.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mLS9qdDAAA-Xwot8WA746.jpg "height=" border= "0"/>
5) Copy the startup script to/etc/init.d
# cp/root/openssh-6.7p1/contrib/redhat/sshd.init/etc/init.d/sshd
Add to start
# chkconfig--add sshd
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe58.tmp "alt=" wpsBE58.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mPB52PyAACFWxsJ9mM409.jpg "height=" "border=" 0 "/>
6) Start the sshd with start or reload. Do not Restart,restart will be disconnected directly, and will not continue to start the sshd service, this time to enter the machine by other means, and then start the sshd service.
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe59.tmp "alt=" wpsBE59.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B9/wKiom1SK8cmTRoA8AAA1aUY27EI885.jpg "height=" border= "0"/>
Iv. deletion of Dropbear.
Re-open a label in the Xshell,
Here dropbear is used to prevent the upgrade from being unsuccessful and to replace the OpenSSH connection server.
In case of opening port 2222 (dropbear boot port, you can set other), the way to connect via Xshell is:
xshell:\> ssh 192.168.4.1 2222 (192.168.4.1 is the server IP that needs to be connected)
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe6a.tmp "alt=" wpsBE6A.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B9/wKiom1SK8cmR4N-bAACrvjfK6Ik345.jpg "height=" 108 "border=" 0 "/>
Delete dropbear installed files and kill the process
# rm-rf/etc/dropbear//usr/local/sbin/dropbear/usr/local/bin/dropbear*
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe7b.tmp "alt=" wpsBE7B.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B7/wKioL1SK8mOAGLfCAAGSCAqwLSc545.jpg "height=" 165 "border=" 0 "/>
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe7c.tmp "alt=" wpsBE7C.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B7/wKioL1SK8mPDQa8cAAA3mTxecdg234.jpg "height=" border= "0"/>
This article is from the "unyielding posture Screaming" blog, please be sure to keep this source http://doerj.blog.51cto.com/6212447/1589474
OpenSSH Smooth upgrade to 6.7 operation steps
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
