According to the company's network check recently, all SSH servers on Linux Hosts are 1.x versions, which are insecure and require upgrading. The upgrade is trivial because many Linux Hosts establish a trust relationship. If the upgrade fails, it will be difficult for different Linux Hosts to log on. After some exploration, I finally found a way to continuously connect to ssh for upgrading.
According to the company's network check recently, all SSH servers on Linux Hosts are 1.x versions, which are insecure and require upgrading. The upgrade is a trivial matter, mainly because many Linux Hosts have established trust relationships,
If the Linux host fails to be accessed due to the upgrade, it will be troublesome. After some exploration, I finally found a way to continuously connect to ssh for upgrading.
Download idea
To the/tmp directory of the Linux server to be upgraded, run the following command:Command:
Cd/Tmp
Tar zxvf zlib-1.2.5.tar.tar
Cd zlib-1.2.5
./Configure
Make; make install
Then install Openssh
Cd/tmp
Tar zxvf openssh-5.5p1.tar.gz
Cd openssh-5.5p1
./Configure -- prefix =/usr -- sysconfdir =/etc/ssh
Make; make install
Note:
1. Compile and install the SDK with the root permission.
2. Due to REdHat 4. the ssh execution file of Version x is stored in/usr/bin by default, so -- prefix =/usr is specified. If this path is not specified, the compiled file will be installed in/usr/local/bin, and the ssh configuration file will be stored in the/etc/ssh directory, and RedHat 4. the default path of x is the same.
3. After executing the make install statement, the system will prompt that sshd_config and ssh_config already exist, and a key file also exists. Key file can not matter, we copy the sshd_config, ssh_config under the openssh-5.5p1 directory to the/etc/ssh directory, replace the original file
Then execute service sshd restart
Run te on the local machineLnEt 127.0.0.1 22, you can see that the upper left corner of the screen has printed a line of SSH-2.0-OpenSSH_5.5, indicating that the program has been successfully upgraded.
The entire upgrade process can be remotely operated, and the ssh connection will not be interrupted. Because the key file of the server is not updated, the original trust relationship is still valid.