How to smoothly Upgrade OpenSSH to 6.1
Smooth upgrade of openssh
I. Environment Description
1) Operating System: CentOS 5.5 64-bit
2) Openssh version: openssh-4.3p2-41.el5
3) Openssh version after upgrade: OpenSSH_6.1p1 (source code installation)
4) Connection Tool xshell 4
Ii. Install Dropbear instead of OpenSSH
1) download the dropbear installation package
Https://matt.ucc.asn.au/dropbear/releases/dropbear-2014.66.tar.bz2
2) Check the installation dependency package
Yum install zlib * gcc make
3) Compile and install dropbear
# Tar jxf dropbear-2014.66.tar.bz2
# Cd dropbear-2014.66
#./Configure
# Make & make install
Check whether the generated file is correct:
4) generate a certificate
#/Usr/local/bin/dropbearkey-t dss-f/etc/dropbear/dropbear_dss_host_key
#/Usr/local/bin/dropbearkey-t rsa-s 4096-f/etc/dropbear/dropbear_rsa_host_key
5) Start dropbear
#/Usr/local/sbin/dropbear-p 2222 // listen to port 2222
Check whether startup is successful:
3. Upgrade sshd to OpenSSH-6.1 and delete old version ssh
1) preparations before Upgrade
Check whether the package is missing
# Rpm-qa | egrep "gcc | openssl-devel | make | perl | pam-devel"
If you have configured yum, you can directly install these packages using yum to check whether the packages are installed.
Yum-y install gcc * make openssl-devel perl pam-devel
2. Download openssh-6.1p1.tar.gz
Http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz
Back up ssh:
# Mv/etc/ssh. bak
# Openssl version-
3) Compile and install the new openssh version.
# Tar zxf openssh-6.1p1.tar.gz & cd openssh-6.1p1
#./Configure -- prefix =/usr -- sysconfdir =/etc/ssh -- with-pam -- with-zlib -- with-md5-passwords
# Make
Uninstall the old version of openssh and then make install
# Rpm-qa | grep openssh
# Rpm-e 'rpm-qa | grep openssh'
Openssh-askpass is used to enter a password in the graphic interface.
# Make install
4) Check whether to upgrade to the new version.
5) copy the startup script to/etc/init. d.
# Cp/root/openssh-6.1p1/contrib/RedHat/sshd. init/etc/init. d/sshd
Add to startup
# Chkconfig -- add sshd
6) start sshd and use start or reload. Do not restart. restart will disconnect directly, but will not start the sshd service. In this case, you need to enter the machine through other channels and then start the sshd service.
4. Delete dropbear.
Open another tag in xshell,
Here, Dropbear is used to prevent the upgrade from being successful and replace openssh to connect to the server.
When port 2222 is enabled (the port at which dropbear is started can be set to another), The xshell connection method is as follows:
Xshell: \> ssh 192.168.4.1 2222 (192.168.4.1 is the ip address of the server to be connected)
Delete the dropbear file and kill the process.
# Rm-rf/etc/dropbear // usr/local/sbin/dropbear/usr/local/bin/dropbear *
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
Analysis of encryption algorithms and OpenSSL for OpenSSH
Install and configure OpenSSH in Ubuntu Server 13.10
Install OpenSSH remotely on Ubuntu
Solve the latency problem during remote login through OpenSSH
Offline installation of OpenSSH in Ubuntu 12.10
OpenSSH upgrade steps and precautions
Solutions for failures of common OpenSSH users
General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication
Install OpenSSH and configure the sftp lock directory for RedHat
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: