FEDROA20 upgrading Ssh,ssl to the latest current version

Manual installation under Fedroa20 openssh-server

This example takes Fedroa20 as an example and needs to be downloaded: Zlib-1.2.8.tar, Openssl-1.0.2e.tar, Openssh-7.1p1.tar. Note that it is wrong to download Openssh-7.1.tar without the config file.

Install the Zlib library

1, first decompression installation ZLIB:TAR-XF Zlib-1.2.8.tar

2. # tar XZVF zlib-1.2.8.tar.tar.gz
# CD zlib-1.2.8
#./configure--prefix=/usr/local/zlib
# make
# make Install
In this way, the zlib is compiled and installed in the/usr/local/zilib.

3. Make upgrade Package

cp-r/usr/local/zlib/* zlib_up/

TAR-CVF Zlib_up.tar zlib_up

Zlib is a universal compression library, provides a set of in-memory compression and decompression functions, and can detect the extracted data integrity (integrity), specifically in the role of SSL is unclear

Two upgrade SSL
1. Decompression and upgrade

#tar XVF Openssl-1.0.2e.tar
#cd openssl-1.0.2e
#./config--shared Zlib-dynamic
#make
#make Test (This step is a complete test of the SSL encryption protocol, if the error must first find out why, or blindly continue may cause SSH can not use!) ）
#make Install

2. Testing

#ldconfig-V Flush the cache file/etc/ld.so.cache

#openssl Version–a View the version number and discover that the version number has not been upgraded

3. View Library files

#ldd/usr/bin/openssl

Linux-gate.so.1 = (0xb7743000)

libssl.so.10 =/lib/libssl.so.10 (0xb76b9000)

4 Copy Upgrade

#cp-dp/apps/openssl/usr/bin/openssl

#cp-DP libssl.so*/usr/local/ssl/lib/

#cp-DP libcrypto.so*/usr/local/ssl/lib/

5 Check Again

#openssl Version–a View version number succeeded

#openssl genrsa-des3-out Server.key 1024 Verify that the generated key value is available

The SSL upgrade started unsuccessfully and will later copy the Bin,lib, config file, and discover success. Most of the upgrades are these three configuration files. Do not know if there is a better way to check if the upgrade is successful, the current look is a successful upgrade

Three-install SSH files

# tar XZVF Openssh-7.1p1.tar
# CD OPENSSH-4.5P1
#./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib=/usr/local/zlib--with-ssl-dir=/usr/local/ OpenSSL--with-md5-passwords

The following errors occur

1, configure when prompted PAM has errors, that is generally because the system does not install Pam-devel RPM package, find the installation CD-ROM, install pam-devel can solve it)

#rpm –ivhpam-devel ...

2, prohibit the root user remote login: Modify the Permitrootlogin, the default is yes and commented out;

is to remove the note and change it to No.

3, modify the permissions Ssh_host_rsa_key and Ssh_host_ecdsa_key, modified to 600,

4 authentication methods are not supported, such as when the client is logged in with the following prompts:

[[email protected] ~]$ ssh [email protected]

Permission denied (publickey,keyboard-interactive).

Workaround:

Set this configuration of the sshd configuration file (sshd_config): passwordauthentication Yes

Then restart Services: Service sshd restart

5 error in the last step: privilegeseparation user sshd does not exist

Workaround:

#vi/etc/passwd

Insertion: sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin

Make install again to compile the installation successfully. Check if the SSH service is started: # Ssh–v

FEDROA20 upgrading Ssh,ssl to the latest current version