OpenSSH Smooth upgrade to 6.7 operation steps

Source: Internet
Author: User
Tags install openssl openssl library openssl version dropbear

Smooth upgrade OpenSSH to 6.7

I. Description of the Environment

1) Operating system: CentOS 5.5 64-bit

2) OpenSSL pre-upgrade version: OpenSSL 0.9.8e

3) OpenSSL upgrade version: OpenSSL 1.0.1j (source installation)

4) OpenSSH pre-upgrade version: Openssh-4.3p2-41.el5

5) OpenSSH upgrade version: OPENSSH_6.7P1 (source installation)

6) Connection Tool Xshell 4


Second, install dropbear instead of OpenSSH

The dropbear is installed only to be able to log on to the system when the upgrade fails and the sshd does not boot up. can also be replaced with other tools, such as Telnet

1) Download Dropbear installation package

https://matt.ucc.asn.au/dropbear/releases/dropbear-2014.66.tar.bz2

2) Check the installation dependency package

Yum Install zlib* gcc make

3) Compile and install Dropbear

# tar jxf dropbear-2014.66.tar.bz2

# CD dropbear-2014.66

#./configure

# Make && make install

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbdf0.tmp "alt=" wpsBDF0.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B9/wKiom1SK8cfjX9G_AAJ5XZUBaNE756.jpg "height=" 323 "border=" 0 "/>

Check that the resulting file is correct:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbdf1.tmp "alt=" wpsBDF1.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mHRcy7iAACfNHAZDWM211.jpg "height=" border= "0"/>

4) Generate certificate

#/usr/local/bin/dropbearkey-t Dss-f/etc/dropbear/dropbear_dss_host_key

#/usr/local/bin/dropbearkey-t Rsa-s 4096-f/etc/dropbear/dropbear_rsa_host_key

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe01.tmp "alt=" wpsBE01.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mGCwBUGAAKDlAuTfX0422.jpg "height=" 181 "border=" 0 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe12.tmp "alt=" wpsBE12.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mGhYD7yAANHuqf-B8E781.jpg "height=" 229 "border=" 0 "/>

5) Start Dropbear

#/usr/local/sbin/dropbear-p 2222//Monitor 2222 port

To see if the startup was successful:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe13.tmp "alt=" wpsBE13.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mHAUutKAAHWQqBmuG4755.jpg "height=" 345 "border=" 0 "/>


Third, upgrade OpenSSL to openssl-1.0.1j, and remove the old version

1) Pre-upgrade preparation

Download openssl-1.0.1j

Http://www.openssl.org/source/openssl-1.0.1j.tar.gz

2) Delete old version

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe24.tmp "alt=" wpsBE24.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mGyfxMYAACAEoR78Sk872.jpg "height=" border= "0"/>

#rpm-E ' Rpm-qa | grep OpenSSL '--allmatches--nodeps

3) Install OpenSSL, you must remember to add the--shared option, or OpenSSH compile will not find the newly installed OpenSSL library, will error: OpenSSL header and the library version does not match

#./config--prefix=/usr--shared
# make
# Make Test

# make Install

See if the OpenSSL version is installed correctly after completion

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe34.tmp "alt=" wpsBE34.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mKg78scAAHjgq7bRk4926.jpg "height=" 162 "border=" 0 "/>


Four, upgrade sshd to OpenSSH-6.7 and delete the old version of SSH

1) Pre-upgrade preparation

See if a package is missing

# Rpm-qa | Egrep "Gcc|make|perl|pam|pam-devel"

If you have a yum configuration, you can install these packages directly from Yum, so that you can check whether they are loaded or not installed directly.

Yum-y Install gcc* make Perl Pam Pam-devel

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe35.tmp "alt=" wpsBE35.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mKjIOPNAAH3TJBvbnE805.jpg "height=" 509 "border=" 0 "/>

2) Download openssh-6.7p1.tar.gz

Http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

Backup ssh:

# Mv/etc/ssh/etc/ssh.bak

# OpenSSL Version-a

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe55.tmp "alt=" wpsBE55.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mKRFkE-AAHxy6mKs0k142.jpg "height=" 202 "border=" 0 "/>
3) Compile and install the new version OpenSSH

# tar zxf openssh-6.7p1.tar.gz && CD OPENSSH-6.7P1
#./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords
# make

Uninstall the old version of OpenSSH first, then make the install

# Rpm-qa | grep OpenSSH
# rpm-e ' Rpm-qa | grep OpenSSH '

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe56.tmp "alt=" wpsBE56.tmp "src=" Http://s3.51cto.com/wyfs02/M00/56/B6/wKioL1SK8mLyYi7aAAEyJLnkwsE626.jpg "height=" 149 "border=" 0 "/>

Openssh-askpass is used to enter the password in the graphical interface, do not need to install

# make Install

4) See if you are upgrading to a new version

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe57.tmp "alt=" wpsBE57.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B6/wKioL1SK8mLS9qdDAAA-Xwot8WA746.jpg "height=" border= "0"/>

5) Copy the startup script to/etc/init.d

# cp/root/openssh-6.7p1/contrib/redhat/sshd.init/etc/init.d/sshd

Add to start

# chkconfig--add sshd

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe58.tmp "alt=" wpsBE58.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B6/wKioL1SK8mPB52PyAACFWxsJ9mM409.jpg "height=" "border=" 0 "/>

6) Start the sshd with start or reload. Do not Restart,restart will be disconnected directly, and will not continue to start the sshd service, this time to enter the machine by other means, and then start the sshd service.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe59.tmp "alt=" wpsBE59.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B9/wKiom1SK8cmTRoA8AAA1aUY27EI885.jpg "height=" border= "0"/>

Iv. deletion of Dropbear.

Re-open a label in the Xshell,

Here dropbear is used to prevent the upgrade from being unsuccessful and to replace the OpenSSH connection server.

In case of opening port 2222 (dropbear boot port, you can set other), the way to connect via Xshell is:

xshell:\> ssh 192.168.4.1 2222 (192.168.4.1 is the server IP that needs to be connected)

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe6a.tmp "alt=" wpsBE6A.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B9/wKiom1SK8cmR4N-bAACrvjfK6Ik345.jpg "height=" 108 "border=" 0 "/>

Delete dropbear installed files and kill the process

# rm-rf/etc/dropbear//usr/local/sbin/dropbear/usr/local/bin/dropbear*

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe7b.tmp "alt=" wpsBE7B.tmp "src=" Http://s3.51cto.com/wyfs02/M02/56/B7/wKioL1SK8mOAGLfCAAGSCAqwLSc545.jpg "height=" 165 "border=" 0 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px, "title=" wpsbe7c.tmp "alt=" wpsBE7C.tmp "src=" Http://s3.51cto.com/wyfs02/M01/56/B7/wKioL1SK8mPDQa8cAAA3mTxecdg234.jpg "height=" border= "0"/>

This article is from the "unyielding posture Screaming" blog, please be sure to keep this source http://doerj.blog.51cto.com/6212447/1589474

OpenSSH Smooth upgrade to 6.7 operation steps

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.