RHEL5.4 OpenSSH upgrade to OPENSSH_7.4P1 version-shell processing

RHEL5.4 OpenSSH upgrade to OPENSSH_7.4P1 version-shell processing

Customer 30 RHEL5.4 System OpenSSH needs to be upgraded to OPENSSH_7.4P1 version

#cat/etc/redhat-release

Red Hat Enterprise Linux Server Release 5.4 (Tikanga)

# Uname-r

2.6.18-164.el5pae

# uname-m

i686

2 scripts were written to prevent remote connections from being interrupted by turning on the Telnet service, the firewall releasing TCP port 23, and downloading the required files

Script 1: Download software, firewall release TCP 23 port, turn on Telnet service

#!/bin/bash#load system paraments. /etc/init.d/functionsfunction downloadsoftware () {[  ! -d /root/tools ] && mkdir -p /root/toolsif [  ' grep  "nameserver 8.8.8.8"  /etc/resolv.conf | wc -l '  -lt 1 ] thenecho  ' nameserver 8.8.8.8 '  >> /etc/resolv.conffiwget -o /root/tools/ openssl-0.9.8f.tar.gz https://dl.packetstormsecurity.net/crypt/ssl/openssl/openssl-0.9.8f.tar.gz -- NO-CHECK-CERTIFICATE&NBSP;&GT;&NBSP;/DEV/NULL&NBSP;2&GT;&AMP;1IF&NBSP;[&NBSP;$?&NBSP;-EQ&NBSP;0&NBSP;] thenaction  "download openssl-0.9.8f.tar.gz"  /bin/trueelseaction  "download  Openssl-0.9.8f.tar.gz " /bin/falseexitfiwget -o /root/tools/openssh-7.4p1.tar.gz http:// Ftp.jaist.ac.jp/pub/openbsd/openssh/portable/openssh-7.4p1.tar.gz > /dev/null 2>&1if  [ $? -eq 0 ]thenaction&nbSP; " Download openssh-7.4p1.tar.gz " /bin/trueelseaction " download openssh-7.4p1.tar.gz " / Bin/falseexitfi}function modiptables () {if [  ' iptables -l | grep -w  ' Dpt:telnet " | wc -l '  -lt 1 ]thensed -i  ' 19 i-a  Rh-firewall-1-input -p tcp -m state --state new -m tcp --dport  23 -j accept '  /etc/sysconfig/iptablesiptables-restore < /etc/sysconfig/ iptables &&/etc/init.d/iptables save > /dev/null 2>&1 & &  /etc/init.d/iptables restartif [  ' Iptables -l | grep -w   "dpt:telnet"  | wc -l '  -eq 1 ]thenaction  "Add telnet port ... "  /bin/truefifi}function starttelnet () {sed -i  '/.*disable/s#yes#no#g '  /etc/ Xinetd.d/krb5-telnet/etc/init.d/xinetd restartif [  ' awk -f  ' [= ]+ '   '/.*disable/{print $2} '  /etc/xinetd.d/ Krb5-telnet '  =  ' no '  ]then action  ' start telnet '  /bin/trueelseaction  ' Start telnet " /bin/falseexitfi  }function main () { Downloadsoftwaremodiptablesstarttelnet}main

Script 2: Uninstall and install OpenSSL, uninstall and install OpenSSH, turn off the Telnet service

#!/bin/bash#load system paraments. /etc/init.d/functionsfunction installopenssl () {# uninstall openssl.for i in  ' rpm -qa openssl* ' dorpm -e  $i  --nodeps   > /dev/null 2>&1done#Install OpenSsl.cd /root/tools &&  tar xf openssl-0.9.8f.tar.gzsleep 5cd /root/tools/openssl-0.9.8f./config shared  zlib  > /dev/null 2>&1 && make  > /dev /null 2>&1 && make install  > /dev/null 2>& 1if [ $? -eq 0 ]thenaction  "Install openssl"   /bin/trueelseaction   "Install openssl"   /bin/falseexitfi#config openssl.mv /usr/include/openssl  /usr/include/openssl.bak > /dev/null 2>&1ln -s /usr/local/ssl/bin/ Openssl /usr/bin/opensslln -s /usr/local/ssl/include/openssl /usr/include/opensslln -s /usr/local/ssl/lib/ libssl.so.0.9.8 /lib/libssl.so.6ln -s /usr/local/ssl/lib/libcrypto.so.0.9.8 /lib/ libcrypto.so.6echo  "/usr/local/ssl/lib"  >> /etc/ld.so.confldconfig -v >  /dev/null 2>&1}function installopenssh () {#Uninstall  OpenSsh./etc/init.d/sshd  Stop mv  /etc/ssh/sshd_config /etc/ssh/sshd_config. ' Date +%f ' for ossh in   ' rpm -qa | grep openssh* ' dorpm -e  $ossh  > /dev/null 2 >&1done#Install OpenSsh.cd /root/tools && tar xf  openssh-7.4p1.tar.gz sleep 5cd /root/tools/openssh-7.4p1./configure --prefix=/usr/local/ Ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl/  > /dev/null 2> &1 && make  >&nbsP;/dev/null 2>&1 && make install  > /dev/null 2> &1if [ $? -eq 0 ]thenaction  "Install openssh"   /bin/ trueelseaction  "install openssh"   /bin/falseexitfi#Config OpenSsh.echo  ' export  path=/usr/local/ssh/bin:/usr/local/ssh/sbin: $PATH '  >> /etc/profilesource /etc/ profileecho  '/usr/local/ssh/sbin/sshd '  >> /etc/rc.d/rc.local#Modify OpenSsh  sshd_config.sed -i  ' s/#UseDNS  no/usedns no/g '  /etc/ssh/sshd_configsed -i  ' s /#PermitRootLogin  prohibit-password/permitrootlogin no/g '  /etc/ssh/sshd_configcheckssh= (' Cat  /etc/ssh/sshd_config | grep -E  "permitrootlogin| Usedns " | grep -v ^# | awk  ' {print $2} ')          if [ ${#CheckSsh [*]} -eq 1&nbsP;]                 then                          if [ ${CheckSsh[0]} = no ]                                  then                                          action  "Modify  sshd_config " /bin/true                                  else                                          action  "Modify sshd_config"  /bin/false                                          exit                          fi        else                         if  [ ${CheckSsh[0]} = no -a ${CheckSsh[1]} = no ]                                  then                                          action  "Modify sshd_config"  /bin/true                                 else                                           action  "Modify sshd_config"  /bin/false                                          exit                         fi         fi#start openssh and check it./usr/local/ ssh/sbin/sshd > /dev/null 2>&1if [  ' Lsof -i :22 | grep  -o sshd | wc -l '  -gt 1 ]thenaction  "Start openssh"  / bin/trueelse action  "Start openssh"  /bin/falseexitfi}function stoptelnet () {sed - i  '/.*disable/s#no#yes#g '  /etc/xinetd.d/krb5-telnet/etc/init.d/xinetd restartif [  ' awk -f  "[= ]+"   '/.*disable/{print $2} '  /etc/xinetd.d/krb5-telnet '  =  " Yes " ]then action  "Stop telnet"  /bin/trueelseaction  "Stop telnet"  /BIN/FALSEEXITFI  } Function main () {Installopensslinstallopensshstoptelnet}main

A summary of the problems that arise when writing scripts and testing scripts

1. After installing OpenSSL, configure OpenSSH

./configure--prefix=/usr/local/ssh--sysconfdir=/etc/ssh

Error occurred:

Checking OpenSSL library version ... Configure:error:OpenSSL >= 0.9.8f required

First try to solve, can not handle, after the online search related issues, according to a Netizen's article to get tips, need to specify

--with-ssl-dir parameters

2. After the test environment upgrade is complete, want to use wget download software, an error occurred

Wget

Wget:error while loading shared libraries:libssl.so.6:cannot open Shared object file:no such file or directory

#ldd/usr/bin/wget linux-gate.so.1 = (0x00b69000) libssl.so.6 = not found libcrypto.so.6 =&G T        Not Found libdl.so.2 =/lib/libdl.so.2 (0x008a4000) librt.so.1 =/lib/librt.so.1 (0x008d8000) libc.so.6 =/lib/libc.so.6 (0x00733000)/lib/ld-linux.so.2 (0x00715000) libpthread.so.0 =/LIB/LIBP thread.so.0 (0x008aa000)

Libssl.so.6 = not Found

Libcrypto.so.6 = not Found

Due to the deletion of the relevant files when OpenSSL was removed, this problem only requires ln to make a soft connection to the new file.

Ln-s/usr/local/ssl/lib/libssl.so.0.9.8/lib/libssl.so.6ln-s/usr/local/ssl/lib/libcrypto.so.0.9.8/lib/ Libcrypto.so.6

In a hurry to write the script, there are some executive permissions do not make judgments, insufficient points out, please also enthusiastic netizen treatise!

This article is from the "Seven" blog, make sure to keep this source http://sevenqi.blog.51cto.com/158746/1904438

RHEL5.4 OpenSSH upgrade to OPENSSH_7.4P1 version-shell processing