Upgrade openssh in linux to check whether telnetrpm-qa is installed | the greptelnettelnet-server-017-31EL45telnet-017-31EL45 opens the telnet service to modify the disable field in the etcxinetddtelnet setting file to no. Start service ntsysv or linux upgrade openssh query whether to install telnet # rpm-qa | grep telnet telnet-server-0.17-31.EL4.5 telnet-0.17-31.EL4.5 open telnet service modify settings file/etc/xinetd. d/change the disable field to no in telnet. Start the service # ntsysv or # service xinetd restart. Because the login user cannot be directly logged on via root telnet, a login user is created. after the security switch is complete, you can delete the useradd opensshinstall (delete the user and the/home/sshinstall directory userdel-r sshinstall to delete the groupdel sshinstall group of this user) install source files in the/usr/local/src directory zlib and openssl install in the/usr/local directory install zlib-1.2.5 # tar-zxvf zlib-1.2.5.tar.gz # cd zlib-1.2.5 #. /configure -- prefix =/usr/local/zlib-1.2.5-share # make test # make install cp libz. a/usr/local/zlib-1.2.5/lib cp libz. so.1.2.5/usr /Local/zlib-1.2.5/lib cd/usr/local/zlib-1.2.5/lib; chmod u = rw, go = r libz. a cp zlib.3/usr/local/zlib-1.2.5/share/man/man3 chmod 644/usr/local/zlib-1.2.5/share/man/man3/zlib.3 cp zlib. pc/usr/local/zlib-1.2.5/lib/pkgconfig chmod 644/usr/local/zlib-1.2.5/lib/pkgconfig/zlib. pc cp zlib. h zconf. h/usr/local/zlib-1.2.5/include chmod 644/usr/local/zlib-1.2.5/include/zlib. h/usr/local/zlib-1.2.5/includ E/zconf. h # vi/etc/ld. so. conf configuration library file search path include ld. so. conf. d /*. conf # add 2010.7.7/usr/local/zlib-1.2.5/lib # add end # ldconfig-v refresh cache file/etc/ld. so. cache # ln-s/usr/local/zlib-1.2.5/usr/local/zlib to install openssl # cd/usr/local/src # tar zxvf openssl-1.0.0a.tar.gz # cd openssl-1.0.0a #. /config shared zlib-dynamic -- prefix =/usr/local/openssl-1.0.0a -- with-zlib-lib =/usr/local/zlib-1.2.5/lib -- with-zlib-I Nclude =/usr/local/zlib-1.2.5/include # make test (this step is a complete test of the SSL encryption protocol, if there is an error, you must first find out the cause, otherwise, SSH may not be available !) # Make install # vi/etc/ld. so. conf configuration file search path ################################## ########### add below line to ld. so. conf/usr/local/openssl-1.0.0a/lib 64-bit OS does not generate lib Directory, is the lib64 directory ##################################### ######## ldconfig-v refresh the cache file/etc/ld. so. cache # ln-s/usr/local/openssl-1.0.0a/usr/local/openssl vi/etc/profile ################## ######################## (add to end of the file) PATH =/ Usr/local/openssl/bin: $ PATH export PATH #################################### ###### exit, log on to the openssl console and check whether the openssl version is correctly installed. # OpenSSL version-a openssl 1.0.0a 1 Jun 2010 built on: Wed Jul 7 17:08:07 CST 2010 platform. linux-x86_64 options: bn (64) rc4 (1x, char) des (idx, cisc, 16, int) idea (int) blowfish (idx) compiler: gcc-fPIC-DOPENSSL_PIC-DZLIB_SHARED-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DH Export-m64-DL_ENDIAN-DTERMIO-O3-Wall-DMD32_REG_T = int-internal-container-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-export OPENSSLDIR: "/usr/local/openssl-1.0.0a/ssl" stop and uninstall Openssh 1. stop OpenSSH service # service sshd stop 2. query and uninstall openssh # rpm-qa | grep openssh openssh-3.9p1-8.RHEL4.24 openssh-askpass-3.9p1-8.RHEL4.24 openssh-clients-3.9p1-8.RHEL4.24 Openssh-server-3.9p1-8.RHEL4.24 openssh-askpass-gnome-3.9p1-8.RHEL4.24 # rpm-e openssh-3.9p1-8.RHEL4.24 -- nodeps # rpm-e openssh-clients-3.9p1-8.RHEL4.24 -- nodeps warning/etc/ssh/ssh_config saved as/etc/ssh/ssh_config.rpmsave # rpm-e openssh-askpass-3.9p1-8.RHEL4.24 # rpm- e openssh-server-3.9p1-8.RHEL4.24 -- nodeps # rpm-e openssh-askpass-gnome-3.9p1-8.RHEL4.24 cd/usr/local/src tar zxvf openssh-5.5p1.tar. Gz cd openssh-5.5p1. /configure -- prefix =/usr -- sysconfdir =/etc/ssh -- with-pam -- with-ssl-dir =/usr/local/openssl-1.0.0a -- with-md5-passwords -- mandir =/usr/share /man -- with-zlib =/usr/local/zlib-1.2.5 # make install # Add sshd to the startup service: go to the ssh installation and decompression Directory # cp. /contrib/redhat/sshd. init/etc/init. d/sshd # chmod + x/etc/init. d/sshd # chkconfig -- add sshd finally, start the SSH service to make the modification take effect: # service sshd start restart to confirm the current OpenSS H and OpenSSL are correct: # if you see a new version number, it will be okay! Disable the telnet service and change the disable field in the/etc/xinetd. d/telnet file to yes. Start the service # ntsysv or # service xinetd restart. Note Question 1. install openssh ,. /configure, reported the following error: configure: error: PAM headers not found Run # rpm-qa | grep pam pam_smb-1.1.7-5 pam_ccreds-1-3 pam_passwdqc-0.7.5-2 pam-0.77-66.17 pam_krb5-2.1.8-1 spamassassin-3.0.6-1.el4 found a pam-0.77-66.17, pam-devel-0.77-66.17.i386.rpm found from the internet, after running the rpm-ivh pam-devel-0.77-66.17.i386.rpm ,. /The normal configure version 0.77-66.17 must be the same. 2. when installing openssh, configure reports the following error :. /configure -- prefix =/usr -- sysconfdir =/etc/ssh -- with-pam -- with-zlib -- with-ssl-dir =/usr/include/openssl -- with-md5-passwords -- mandir = /usr/share/man ..... configure: error: *** zlib too old-check config. log *** Your reported zlib version has known security problems. it's possible your vendor has fixed these problems without changing the version number. if you are sure this is the case, you can disable the check by running ". /configure -- without-zlib-version-check ". if you are in doubt, upgrade zlib to version 1.2.3 or greater. see http://www.gzip.org/zlib/ For details. Therefore, you need to upgrade zlib. 3. if the operating system is 64-bit, the openssl-1.0.0a only generates lib64 without generating the lib directory. Openssh configure is connected to the old version of openssl, which is depressing. 4 .. /configure display information :. /configure -- prefix =/usr -- sysconfdir =/etc/ssh -- with-pam -- with-ssl-dir =/usr/local/openssl-1.0.0a -- with-md5-passwords -- mandir =/usr/share /man -- with-zlib =/usr/local/zlib-1.2.5 display information: openSSH has been configured with the following options: User binaries:/usr/bin System binaries:/usr/sbin Configuration files:/etc/ssh Askpass program: /usr/libexec/ssh-askpass Manual pages:/usr/share/man/manX PID file:/var/run Privilege separation chroot path:/var/empty sshd default user PATH: /usr/bin:/usr/sbin:/sbin Manpage format: doc PAM support: yes osf sia support: no supported OSV support: no SELinux support: no Smartcard support: s/KEY support: no TCP Wrappers support: no MD5 password support: yes libedit support: no Solaris process contract support: no IP address in $ DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g-O2-Wall-Wpointer-arith-Wuninitialized-Wsign-compare-Wformat-security-fno-builtin-memset-std = gnu99 Preprocessor flags: -I/usr/local/openssl-1.0.0a/include-I/usr/local/zlib-1.2.5/include Linker flags: -L/usr/local/openssl-1.0.0a/lib-L/usr/local/zlib-1.2.5/lib Libraries:-lresolv-lcrypto-ldl-lutil-lz-lnsl-lcrypt + for sshd: -lpam is enabled. you may need to install a PAM control file for sshd, otherwise password authentication may fail. example PAM control files can be found in the contrib/subdirectory
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.