How to smoothly Upgrade OpenSSH to 6.7

How to smoothly Upgrade OpenSSH to 6.7

I. Environment Description

1) Operating System: CentOS 5.5 64-bit

2) Openssl version before Upgrade: openssl 0.9.8e

3) Openssl version after upgrade: openssl 1.0.1j (source code installation)

4) Openssh pre-upgrade version: openssh-4.3p2-41.el5

5) Openssh version after upgrade: openssh_6.7p1 (source code installation)

6) Connection Tool xshell 4

Ii. Install Dropbear instead of OpenSSH

To install dropbear, you can still log on to the system when the sshd fails to be started. You can also use other tools, such as telnet.

1) download the dropbear installation package

Https://matt.ucc.asn.au/dropbear/releases/dropbear-2014.66.tar.bz2

2) Check the installation dependency package

Yum install zlib * gcc make

3) Compile and install dropbear

# Tar jxf dropbear-2014.66.tar.bz2

# Cd dropbear-2014.66

#./Configure

# Make & make install

Check whether the generated file is correct:

4) generate a certificate

#/Usr/local/bin/dropbearkey-t dss-f/etc/dropbear/dropbear_dss_host_key

#/Usr/local/bin/dropbearkey-t rsa-s 4096-f/etc/dropbear/dropbear_rsa_host_key

5) Start dropbear

#/Usr/local/sbin/dropbear-p 2222 // listen to port 2222

Check whether startup is successful:

3. Upgrade OpenSSL to openssl-1.0.1j and delete old versions

1) preparations before Upgrade

Download openssl-1.0.1j

Http://www.openssl.org/source/openssl-1.0.1j.tar.gz

2) Delete the old version

# Rpm-e 'rpm-qa | grep openssl '-- allmatches -- nodeps

3) when installing openssl, remember to add the -- shared option. Otherwise, the newly installed openssl library cannot be found during openssh compilation, and an error is reported: The openssl header does not match the library version.

#./Config -- prefix =/usr -- shared

# Make

# Make test

# Make install

Check whether the openssl version is correctly installed.

4. Upgrade sshd to OpenSSH-6.7 and delete old version ssh

1) preparations before Upgrade

Check whether the package is missing

# Rpm-qa | egrep "gcc | make | perl | pam-devel"

If you have configured yum, you can directly install these packages using yum to check whether the packages are installed.

Yum-y install gcc * make perl pam-devel

2. Download openssh-6.7p1.tar.gz

Http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

Back up ssh:

# Mv/etc/ssh. bak

# Openssl version-

3) Compile and install the new openssh version.

# Tar zxf openssh-6.7p1.tar.gz & cd openssh-6.7p1

#./Configure -- prefix =/usr -- sysconfdir =/etc/ssh -- with-pam -- with-zlib -- with-md5-passwords

# Make

Uninstall the old version of openssh and then make install

# Rpm-qa | grep openssh

# Rpm-e 'rpm-qa | grep openssh'

Openssh-askpass is used to enter a password in the graphic interface.

# Make install

4) Check whether to upgrade to the new version.

5) copy the startup script to/etc/init. d.

# Cp/root/openssh-6.7p1/contrib/RedHat/sshd. init/etc/init. d/sshd

Add to startup

# Chkconfig -- add sshd

6) start sshd and use start or reload. Do not restart. restart will disconnect directly, but will not start the sshd service. In this case, you need to enter the machine through other channels and then start the sshd service.

4. Delete dropbear.

Open another tag in xshell,

Here, Dropbear is used to prevent the upgrade from being successful and replace openssh to connect to the server.

When port 2222 is enabled (the port at which dropbear is started can be set to another), The xshell connection method is as follows:

Xshell: \> ssh 192.168.4.1 2222 (192.168.4.1 is the ip address of the server to be connected)

Delete the dropbear file and kill the process.

# Rm-rf/etc/dropbear // usr/local/sbin/dropbear/usr/local/bin/dropbear *

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Analysis of encryption algorithms and OpenSSL for OpenSSH

Install and configure OpenSSH in Ubuntu Server 13.10

Install OpenSSH remotely on Ubuntu

Solve the latency problem during remote login through OpenSSH

Offline installation of OpenSSH in Ubuntu 12.10

OpenSSH upgrade steps and precautions

Solutions for failures of common OpenSSH users

General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication

Install OpenSSH and configure the sftp lock directory for RedHat

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: