AIX6.1上源码编译升级openssh6.6p1
2014-10-17 13:50
218 查看
最近因为绿盟扫描到AIX5.3 AIX6.1系统有openssh高危漏洞,OPENSSH6.4之前的都报高危漏洞,IBM官网上也只有最新的openssh6.0安装文件供下载,没办法只有自己试验的用源码来安装升级,期间各种报错,搞了差不多一周的时间,才顺利的安装的把openssh版本升上去了。以下是安装步骤
1,修改/etc/profile文件
cp -p /etc/profile /etc/profile_bak
/etc/profile文件添加export LIBPATH=/opt/freeware/libexport PATH=$PATH:/usr/local/bin:/usr/local/sbin
source /etc/profile
2,安装openssl1.0.1g从http://www-frec.bull.com/recherche.php下载所需的opensslRPM安装包,并安装:openssl-1.0.1g-1.aix6.1.ppc.rpm
openssl-devel-1.0.1g-1.aix6.1.ppc.rpm
root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-1.0.1g-1.aix6.1.ppc.rpm warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmorigopenssl ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-devel-1.0.1g-1.aix6.1.ppc.rpm openssl-devel ##################################################
接下来需要安装zlib,由于没有安装GCC,需要首先安装GCC从http://www-frec.bull.com/recherche.php下载GCC RPM包,并下载相关的倚赖安装包,并安装:
2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip
gcc-4.8.1-2.aix6.1.ppc.rpm
首先将2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip解压出来root@SHDNSDB02:/home/weihu>jar -xvf 2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip inflated: libmpc-0.9-1.aix5.3.ppc.rpm inflated: zlib-1.2.5-6.aix6.1.ppc.rpm inflated: info-5.0-2.aix6.1.ppc.rpm inflated: gettext-0.17-8.aix6.1.ppc.rpm inflated: libiconv-1.14-1.aix6.1.ppc.rpm inflated: gmp-5.1.3-1.aix6.1.ppc.rpm inflated: mpfr-3.1.2-1.aix6.1.ppc.rpm inflated: gcc-4.8.1-2.aix6.1.ppc.rpm inflated: gcc-cpp-4.8.1-2.aix6.1.ppc.rpm inflated: libgcc-4.8.1-2.aix6.1.ppc.rpm inflated: bash-4.2-9.aix6.1.ppc.rpm
root@SHDNSDB02:/home/weihu>rpm -Uvh libgcc-4.8.1-2.aix6.1.ppc.rpm libgcc ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh gmp-5.1.3-1.aix6.1.ppc.rpm gmp ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh gettext-0.17-8.aix6.1.ppc.rpm --nodeps/gettext ##################################################add libintl.so.1 (32bits) shared member to /opt/freeware/lib/libintl.aadd libintl.so.1 (64bits) shared member to /opt/freeware/lib/libintl.a/root@SHDNSDB02:/home/weihu>rpm -Uvh libiconv-1.14-1.aix6.1.ppc.rpm libiconv ##################################################add shr4.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.aadd shr.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.aadd shr4_64.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.a/root@SHDNSDB02:/home/weihu>rpm -Uvh mpfr-3.1.2-1.aix6.1.ppc.rpm mpfr ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh zlib-1.2.5-6.aix6.1.ppc.rpm zlib ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh info-5.0-2.aix6.1.ppc.rpm warning: /opt/freeware/info/dir created as /opt/freeware/info/dir.rpmnewinfo ##################################################Please check that /etc/info-dir does exist.You might have to rename it from /etc/info-dir.rpmsave to /etc/info-dir.root@SHDNSDB02:/home/weihu>rpm -Uvh libmpc-0.9-1.aix5.3.ppc.rpm libmpc ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh bash-4.2-9.aix6.1.ppc.rpm bash ##################################################
## Binary "bash" is avaible on 32bit and 64bit ##
The default used is 64bit
Please change symbolic link from "bash" into /bin directory To do that tape: # rm -f /bin/bash # ln -sf /opt/freeware/bin/bash_32 /bin/bashroot@SHDNSDB02:/home/weihu>mv /bin/bash /bin/bash_bakroot@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_bash_32 bash_64 root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_32 /bin/bash
root@SHDNSDB02:/home/weihu>rpm -Uvh gcc-cpp-4.8.1-2.aix6.1.ppc.rpm gcc-4.8.1-2.aix6.1.ppc.rpm gcc-cpp ##################################################gcc ##################################################root@SHDNSDB02:/home/weihu>type gccgcc is /usr/bin/gcc到此GCC已经安装好。
接下来编译zlib,我用的zlib版本是zlib-1.2.5.tar.bz2,解压并编译它(*注意这里一定要安装,否则会报错:configure: error: *** zlib.h missing - please install first or check config.log ****)root@SHDNSDB02:/home/weihu>bzip2 -d zlib-1.2.5.tar.bz2
root@SHDNSDB02:/home/weihu>tar -xvf zlib-1.2.5.tar
root@SHDNSDB02:/home/weihu>cd zlib-1.2.5
root@SHDNSDB02:/home/weihu>./configure
root@SHDNSDB02:/home/weihu>make
root@SHDNSDB02:/home/weihu>make install
编译openssh,并将openssh源码包打包成root@SHDNSDB02:/home/weihu>gzip -d openssh-6.6p1.tar.gz root@SHDNSDB02:/home/weihu>tar xvf openssh-6.6p1.tar root@SHDNSDB02:/home/weihu>cd openssh-6.6p1
root@SHDNSDB02:/home/weihu>./configure
root@SHDNSDB02:/home/weihu/openssh-6.6p1>contrib/aix/buildbff.sh (*这条命令生成BFF格式可安装文件,如果脚本最后没有生成openssh-6.6p1.bff文件,你需要检查LIB_ PATH是否设置好,并且source /etc/profile让设置立即生效,同时需要make clean清空上次configure的文件,然后再次./configure并执行buildbff.sh文件*)
root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat opensshopenssh-6.6p1.bff openssh.xml opensshd.init openssh-exec(): openssh.xml.in opensshd.init.in root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh-6.6p1.bff -rw-r--r-- 1 root system 4966400 Oct 16 16:17 openssh-6.6p1.bff
在当前目录下安装openssh-6.6p1.bff文件root@SHDNSDB02:/home/weihu/openssh-6.6p1>inutoc .
(*注意运行上面的命令出现此错误sh: 0403-057 Syntax error at line 1 : `(' is not expected.,只需要删除当前目录下的openssh-exec(): 文件即可正常运行*)
root@SHDNSDB02:/home/weihu/openssh-6.6p1>installp -acgNQqX -d . -f .toc
到此OPENSSH安装成功这个时候看ssh版本还是以前的root@SHDNSDB02:/>type sshdsshd is /usr/sbin/sshd关闭sshdroot@SHDNSDB02:/>stopsrc -s sshd
备份老版本sshd,建立软链接到新版本root@SHDNSDB02:/>mv /usr/sbin/sshd /usr/sbin/sshd_bakroot@SHDNSDB02:/>ln -s /usr/local/sbin/sshd /usr/sbin/sshd 启动ssh
root@SHDNSDB02:/>/usr/sbin/sshd
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Could not load host key: /usr/local/etc/ssh_host_ecdsa_key
Could not load host key: /usr/local/etc/ssh_host_ed25519_key
建立KEY文件root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ecdsa -f /usr/local/etc/ssh_host_ecdsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ed25519 -f /usr/local/etc/ssh_host_ed25519_key
重新开启ssh服务root@SHDNSDB02:/>/usr/sbin/sshd
至此ssh服务启动完成,可以正常远程连接查看以下ssh服务进程和OPENSSH的版本root@SHDNSDB02:/>ps -ef|grep sshd weihu 44957866 5767496 0 14:38:48 - 0:00 /usr/sbin/sftp-server -m /etc/ssh/sshd_config weihu 45481992 48365574 0 13:55:31 - 0:00 sshd: weihu@pts/3 weihu 46661832 7340288 0 13:09:51 - 0:00 sshd: weihu@pts/1 root 48365574 1 0 13:55:18 - 0:00 sshd: weihu [priv] root 3998086 1 0 16:47:30 - 0:00 sshd: weihu [priv] root 4063686 6357374 0 16:59:02 pts/0 0:00 grep sshd weihu 4194786 3998086 0 16:47:52 - 0:00 sshd: weihu@pts/0 weihu 5767496 6750580 0 14:38:48 - 0:01 sshd: weihu@notty root 6750580 1 0 14:38:47 - 0:00 sshd: weihu [priv] root 7340288 1 0 13:09:44 - 0:00 sshd: weihu [priv] root 7406052 1 0 16:58:54 - 0:00 /usr/sbin/sshdroot@SHDNSDB02:/>sshd -vunknown option -- vOpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
做到这一步openssh的版本就算是升上去了,但是有一个问题还未解决root@SHDNSDB02:/>stopsrc -s sshdroot@SHDNSDB02:/>startsrc -s sshd上面的命令无法对ssh进程产生重启和关闭的作用,而且当我重启系统后,ssh是不会自启动的,还好开启了telnet,这个问题暂时还未解决,希望看到此文的网络大牛们给指导指导。上文所需要的全部安装包,我已经上传,有需要的可以下载,下载地址如下: http://down.51cto.com/data/1884215
本文出自 “明镜亦非台” 博客,谢绝转载!
1,修改/etc/profile文件
cp -p /etc/profile /etc/profile_bak
/etc/profile文件添加export LIBPATH=/opt/freeware/libexport PATH=$PATH:/usr/local/bin:/usr/local/sbin
source /etc/profile
2,安装openssl1.0.1g从http://www-frec.bull.com/recherche.php下载所需的opensslRPM安装包,并安装:openssl-1.0.1g-1.aix6.1.ppc.rpm
openssl-devel-1.0.1g-1.aix6.1.ppc.rpm
root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-1.0.1g-1.aix6.1.ppc.rpm warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmorigopenssl ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-devel-1.0.1g-1.aix6.1.ppc.rpm openssl-devel ##################################################
接下来需要安装zlib,由于没有安装GCC,需要首先安装GCC从http://www-frec.bull.com/recherche.php下载GCC RPM包,并下载相关的倚赖安装包,并安装:
2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip
gcc-4.8.1-2.aix6.1.ppc.rpm
首先将2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip解压出来root@SHDNSDB02:/home/weihu>jar -xvf 2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip inflated: libmpc-0.9-1.aix5.3.ppc.rpm inflated: zlib-1.2.5-6.aix6.1.ppc.rpm inflated: info-5.0-2.aix6.1.ppc.rpm inflated: gettext-0.17-8.aix6.1.ppc.rpm inflated: libiconv-1.14-1.aix6.1.ppc.rpm inflated: gmp-5.1.3-1.aix6.1.ppc.rpm inflated: mpfr-3.1.2-1.aix6.1.ppc.rpm inflated: gcc-4.8.1-2.aix6.1.ppc.rpm inflated: gcc-cpp-4.8.1-2.aix6.1.ppc.rpm inflated: libgcc-4.8.1-2.aix6.1.ppc.rpm inflated: bash-4.2-9.aix6.1.ppc.rpm
root@SHDNSDB02:/home/weihu>rpm -Uvh libgcc-4.8.1-2.aix6.1.ppc.rpm libgcc ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh gmp-5.1.3-1.aix6.1.ppc.rpm gmp ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh gettext-0.17-8.aix6.1.ppc.rpm --nodeps/gettext ##################################################add libintl.so.1 (32bits) shared member to /opt/freeware/lib/libintl.aadd libintl.so.1 (64bits) shared member to /opt/freeware/lib/libintl.a/root@SHDNSDB02:/home/weihu>rpm -Uvh libiconv-1.14-1.aix6.1.ppc.rpm libiconv ##################################################add shr4.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.aadd shr.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.aadd shr4_64.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.a/root@SHDNSDB02:/home/weihu>rpm -Uvh mpfr-3.1.2-1.aix6.1.ppc.rpm mpfr ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh zlib-1.2.5-6.aix6.1.ppc.rpm zlib ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh info-5.0-2.aix6.1.ppc.rpm warning: /opt/freeware/info/dir created as /opt/freeware/info/dir.rpmnewinfo ##################################################Please check that /etc/info-dir does exist.You might have to rename it from /etc/info-dir.rpmsave to /etc/info-dir.root@SHDNSDB02:/home/weihu>rpm -Uvh libmpc-0.9-1.aix5.3.ppc.rpm libmpc ##################################################root@SHDNSDB02:/home/weihu>rpm -Uvh bash-4.2-9.aix6.1.ppc.rpm bash ##################################################
## Binary "bash" is avaible on 32bit and 64bit ##
The default used is 64bit
Please change symbolic link from "bash" into /bin directory To do that tape: # rm -f /bin/bash # ln -sf /opt/freeware/bin/bash_32 /bin/bashroot@SHDNSDB02:/home/weihu>mv /bin/bash /bin/bash_bakroot@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_bash_32 bash_64 root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_32 /bin/bash
root@SHDNSDB02:/home/weihu>rpm -Uvh gcc-cpp-4.8.1-2.aix6.1.ppc.rpm gcc-4.8.1-2.aix6.1.ppc.rpm gcc-cpp ##################################################gcc ##################################################root@SHDNSDB02:/home/weihu>type gccgcc is /usr/bin/gcc到此GCC已经安装好。
接下来编译zlib,我用的zlib版本是zlib-1.2.5.tar.bz2,解压并编译它(*注意这里一定要安装,否则会报错:configure: error: *** zlib.h missing - please install first or check config.log ****)root@SHDNSDB02:/home/weihu>bzip2 -d zlib-1.2.5.tar.bz2
root@SHDNSDB02:/home/weihu>tar -xvf zlib-1.2.5.tar
root@SHDNSDB02:/home/weihu>cd zlib-1.2.5
root@SHDNSDB02:/home/weihu>./configure
root@SHDNSDB02:/home/weihu>make
root@SHDNSDB02:/home/weihu>make install
编译openssh,并将openssh源码包打包成root@SHDNSDB02:/home/weihu>gzip -d openssh-6.6p1.tar.gz root@SHDNSDB02:/home/weihu>tar xvf openssh-6.6p1.tar root@SHDNSDB02:/home/weihu>cd openssh-6.6p1
root@SHDNSDB02:/home/weihu>./configure
root@SHDNSDB02:/home/weihu/openssh-6.6p1>contrib/aix/buildbff.sh (*这条命令生成BFF格式可安装文件,如果脚本最后没有生成openssh-6.6p1.bff文件,你需要检查LIB_ PATH是否设置好,并且source /etc/profile让设置立即生效,同时需要make clean清空上次configure的文件,然后再次./configure并执行buildbff.sh文件*)
root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat opensshopenssh-6.6p1.bff openssh.xml opensshd.init openssh-exec(): openssh.xml.in opensshd.init.in root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh-6.6p1.bff -rw-r--r-- 1 root system 4966400 Oct 16 16:17 openssh-6.6p1.bff
在当前目录下安装openssh-6.6p1.bff文件root@SHDNSDB02:/home/weihu/openssh-6.6p1>inutoc .
(*注意运行上面的命令出现此错误sh: 0403-057 Syntax error at line 1 : `(' is not expected.,只需要删除当前目录下的openssh-exec(): 文件即可正常运行*)
root@SHDNSDB02:/home/weihu/openssh-6.6p1>installp -acgNQqX -d . -f .toc
到此OPENSSH安装成功这个时候看ssh版本还是以前的root@SHDNSDB02:/>type sshdsshd is /usr/sbin/sshd关闭sshdroot@SHDNSDB02:/>stopsrc -s sshd
备份老版本sshd,建立软链接到新版本root@SHDNSDB02:/>mv /usr/sbin/sshd /usr/sbin/sshd_bakroot@SHDNSDB02:/>ln -s /usr/local/sbin/sshd /usr/sbin/sshd 启动ssh
root@SHDNSDB02:/>/usr/sbin/sshd
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Could not load host key: /usr/local/etc/ssh_host_ecdsa_key
Could not load host key: /usr/local/etc/ssh_host_ed25519_key
建立KEY文件root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ecdsa -f /usr/local/etc/ssh_host_ecdsa_key
root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ed25519 -f /usr/local/etc/ssh_host_ed25519_key
重新开启ssh服务root@SHDNSDB02:/>/usr/sbin/sshd
至此ssh服务启动完成,可以正常远程连接查看以下ssh服务进程和OPENSSH的版本root@SHDNSDB02:/>ps -ef|grep sshd weihu 44957866 5767496 0 14:38:48 - 0:00 /usr/sbin/sftp-server -m /etc/ssh/sshd_config weihu 45481992 48365574 0 13:55:31 - 0:00 sshd: weihu@pts/3 weihu 46661832 7340288 0 13:09:51 - 0:00 sshd: weihu@pts/1 root 48365574 1 0 13:55:18 - 0:00 sshd: weihu [priv] root 3998086 1 0 16:47:30 - 0:00 sshd: weihu [priv] root 4063686 6357374 0 16:59:02 pts/0 0:00 grep sshd weihu 4194786 3998086 0 16:47:52 - 0:00 sshd: weihu@pts/0 weihu 5767496 6750580 0 14:38:48 - 0:01 sshd: weihu@notty root 6750580 1 0 14:38:47 - 0:00 sshd: weihu [priv] root 7340288 1 0 13:09:44 - 0:00 sshd: weihu [priv] root 7406052 1 0 16:58:54 - 0:00 /usr/sbin/sshdroot@SHDNSDB02:/>sshd -vunknown option -- vOpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
做到这一步openssh的版本就算是升上去了,但是有一个问题还未解决root@SHDNSDB02:/>stopsrc -s sshdroot@SHDNSDB02:/>startsrc -s sshd上面的命令无法对ssh进程产生重启和关闭的作用,而且当我重启系统后,ssh是不会自启动的,还好开启了telnet,这个问题暂时还未解决,希望看到此文的网络大牛们给指导指导。上文所需要的全部安装包,我已经上传,有需要的可以下载,下载地址如下: http://down.51cto.com/data/1884215
本文出自 “明镜亦非台” 博客,谢绝转载!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- AIX6.1 升级OpenSSH(摘自网络)
- Linux服务器中OpenSSH的源码编译与升级
- FreeBSD从源码升级系统--重新编译
- DevExpress DXperience Universal 11.1.6 下载+源码+编译+汉化流程+升级+替换强名
- 编译DXperience 7.1源码和升级原有的应用程序
- 源码编译升级内核
- AIX6.1上升级安装gcc 4.2.0-3
- 源码方式升级openssl和openssh
- VC++2008项目源码升级到VC++2013下编译和部署的问题
- Liferay 6.1开发学习:编译调试修改源码
- 32位ubuntu系统升级为64位系统,然后编译4.3android源码 很顺利很成功
- CentOS 5.5 openssh平滑升级到6.1操作步骤
- DevExpress DXperience Universal 11.1.6 下载+源码+编译+汉化流程+升级+替换强名
- openssl+openssh源码升级详细配置(Redhat)
- AIX6.1 下构建 GCC/G++ 编译环境
- 同时升级openssl 1.0.1g和openssh-6.6p1
- DevExpress DXperience Universal 11.1.6 下载+源码+编译+汉化流程+升级+替换强名
- 源码方式升级openssl和openssh
- DevExpress DXperience Universal 11.1.6 下载+源码+编译+汉化流程+升级+替换强名
- aix6.1 openssh安装