同时升级openssl 1.0.1g和openssh-6.6p1
2014-05-23 10:25
585 查看
升级前的准备工作:
开启服务器的telnet 因为在升级过程中可能导致ssh无法使用。
下载升级软件:
从站点上下在最新的软件包 http://www.openssl.org/ http://www.openssh.org/
解压:
#tar -zxvf openssh-6.6p1.tar.gz
#tar -zxvf openssl-1.0.1g.tar.gz
升级openssl
备份原有的openssl:
#mkdir -p /root/usr/openssl
#mkdir -p /root/usr/include/
#cp /usr/bin/openssl /root/usr/openssl
#cp -r /usr/include/openssl /root/usr/include/openssl
编译
#cd openssl-1.0.1g
#./config --prefix=/usr --shared
补充说明:
要加上shared参数,否则在升级ssh时会出现头文件和库文件不匹配的信息:
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 1000103f (OpenSSL 1.0.1c 10 May 2012)
checking OpenSSL library version... 90802f (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
会无法正常运行
补充说明:
如果不想升级ssh,那么只要使用
#./config --prefix=/usr
但是升级完后版全是升上去了,但是sshd -v时,发现sshd显示的还是原来的openssl版本。
#make
#make test
#make install
#openssh version -a
OpenSSL 1.0.1g 7 Apr 2014
built on: Fri May 23 16:56:53 CST 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/ssl"
此时去运行sshd -v 或是重启sshd服务时会提示:
OpenSSL version mismatch. Built against 1000103f, you have 90802f
当现面以上进示时,只能强行重新编译SSH。
升级SSH
备份原来的ssh版本
#mv /etc/ssh /etc/ssh_old
编译
#cd openssh-6.6p1
#./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-openssl-includes=/usr/ --with-md5-passwords --mandir=/usr/share/man
#make
#make isntall
#service sshd restart
#sshd -v
OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-k key_gen_time] [-o option] [-p port]
[-u len]
开启服务器的telnet 因为在升级过程中可能导致ssh无法使用。
下载升级软件:
从站点上下在最新的软件包 http://www.openssl.org/ http://www.openssh.org/
解压:
#tar -zxvf openssh-6.6p1.tar.gz
#tar -zxvf openssl-1.0.1g.tar.gz
升级openssl
备份原有的openssl:
#mkdir -p /root/usr/openssl
#mkdir -p /root/usr/include/
#cp /usr/bin/openssl /root/usr/openssl
#cp -r /usr/include/openssl /root/usr/include/openssl
编译
#cd openssl-1.0.1g
#./config --prefix=/usr --shared
补充说明:
要加上shared参数,否则在升级ssh时会出现头文件和库文件不匹配的信息:
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 1000103f (OpenSSL 1.0.1c 10 May 2012)
checking OpenSSL library version... 90802f (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008)
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
会无法正常运行
补充说明:
如果不想升级ssh,那么只要使用
#./config --prefix=/usr
但是升级完后版全是升上去了,但是sshd -v时,发现sshd显示的还是原来的openssl版本。
#make
#make test
#make install
#openssh version -a
OpenSSL 1.0.1g 7 Apr 2014
built on: Fri May 23 16:56:53 CST 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/ssl"
此时去运行sshd -v 或是重启sshd服务时会提示:
OpenSSL version mismatch. Built against 1000103f, you have 90802f
当现面以上进示时,只能强行重新编译SSH。
升级SSH
备份原来的ssh版本
#mv /etc/ssh /etc/ssh_old
编译
#cd openssh-6.6p1
#./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-openssl-includes=/usr/ --with-md5-passwords --mandir=/usr/share/man
#make
#make isntall
#service sshd restart
#sshd -v
OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-k key_gen_time] [-o option] [-p port]
[-u len]
相关文章推荐
- centos6.5升级openssh和openssl +修改ssh端口为自定义
- CentOS5.x用yum升级OpenSSH和OpenSSL
- CentOS 5.4 32位 OpenSSl OpenSSH升级过程.
- Centos 6.5 x64升级SSH到OpenSSH_6.6p1完整步骤
- 升级OpenSSH7.2p1到OpenSSH7.6P1,升级openssl
- redhat7.2升级openssl、openssh
- CentOS6.3升级openssl和openssh
- 记服务器升级openssl-1.0.1g之安全漏洞Heartbleed
- rhel6.4中升级 OpenSSL 1.0.1f 到 openssl-1.0.1g
- openssl升级到1.0.1g
- 升级到OpenSSL 1.0.0 OpenSSH_5.5p1的脚本
- openssl、openssh升级
- 升级openssh基于openssl
- openssl 升级到OpenSSL 1.0.1g 修复HEARTBEATS漏洞
- openssl、openssh升级
- openssl 升级为1.0.1g
- 主机安全加固--升级openssh及openssl
- 解决openssh,openssl升级出现的坑
- CentOS 5 中OpenSSL和OpenSSH升级
- openssl+openssh源码升级详细配置(Redhat)