centeros 6 远程升级ssl ssh 的shell脚本

变量说明

ssl_n=openssl-1.0.2p #ssl 版本
ssh_n=openssh-7.9p1 #ssh 版本
zlib_n=zlib-1.2.11 # zlib 版本

脚本分为两个，因为升级ssh ssh存在断开问题，需要临时启用telnet继续执行

yum配置采用了ftp yum源，具体配置见我的博客：

执行步骤：

1 首先在服务器执行openssh-update.telnet.sh

2 telnet 登录服务器，执行openssh-update.sh

脚本详情：

1 openssh-update.telnet.sh

#!/bin/bash
#config yum
export ssl_n=openssl-1.0.2p
export ssh_n=openssh-7.9p1
export zlib_n=zlib-1.2.11

cp -r /etc/yum.repos.d /etc/yum.repos.d_bak
rm -rf /etc/yum.repos.d/*

echo "[centeros-source]
name=linux "'$releasever'" - "'$basearch'" - source
baseurl=ftp://10.1.1.1/pub/cos6
enabled=1
gpgcheck=0" > /etc/yum.repos.d/rhel-source.repo

yum makecache

yum -y install gcc* telnet* pam-devel openssl-devel

##config telnet#一定要测试！
yum -y install telnet*
# disable字段改为no
sed -i '12c disable = no' /etc/xinetd.d/telnet
service xinetd restart
mv /etc/securetty /etc/securetty.bak

read -p "test telnet[y/n]: " number
if [ $number != 'y' ]
then
echo "error"
exit
fi
echo "please use telnet to countinue"

2 openssh-update.sh

#!/bin/bash
#config yum
export ssl_n=openssl-1.0.2p
export ssh_n=openssh-7.9p1
export zlib_n=zlib-1.2.11

##config zlib
cd /opt
tar zxvf /opt/$zlib_n.tar.gz

cd /opt/$zlib_n/
./configure --prefix=/usr/local/$zlib_n -share
cd /opt/$zlib_n/
make -j4
make -j4 test
read -p "test $zlib_n [y/n]: " number
if [ $number != 'y' ]
then
echo "error"
exit
fi
make -j4 install

mv /usr/local/$zlib_n/lib/libz.a /usr/local/$zlib_n/lib/libz.a.bak`date +%y%m%d`
/bin/cp -r /opt/$zlib_n/libz.a /usr/local/$zlib_n/lib
chmod 644 /usr/local/$zlib_n/lib/libz.a
/bin/cp -r /opt/$zlib_n/ libz.so.1.2.11 /usr/local/$zlib_n/lib
chmod 755 /usr/local/$zlib_n/lib/libz.so.1.2.11
mv /usr/local/$zlib_n/share/man/man3/zlib.3 /usr/local/$zlib_n/share/man/man3/zlib.3.bak`date +%y%m%d`
/bin/cp -r /opt/$zlib_n/zlib.3 /usr/local/$zlib_n/share/man/man3
mv /usr/local/$zlib_n/lib/pkgconfig/zlib.pc /usr/local/$zlib_n/lib/pkgconfig/zlib.pc.bak`date +%y%m%d`
cp -r /opt/$zlib_n/zlib.pc /usr/local/$zlib_n/lib/pkgconfig
chmod 644 /usr/local/$zlib_n/lib/pkgconfig/zlib.pc
mv /usr/local/$zlib_n/include/zlib.h /usr/local/$zlib_n/include/zlib.h.bak`date +%y%m%d`
mv /usr/local/$zlib_n/include/zconf.h /usr/local/$zlib_n/include/zconf.h.bak`date +%y%m%d`
/bin/cp -r /opt/$zlib_n/zlib.h zconf.h /usr/local/$zlib_n/include
chmod 644 /usr/local/$zlib_n/include/zlib.h /usr/local/$zlib_n/include/zconf.h

echo "include ld.so.conf.d/*.conf
## add for update ssh
/usr/local/$zlib_n/lib
##add end">>/etc/ld.so.conf
ldconfig -v

ln -s /usr/local/$zlib_n /usr/local/zlib

##install openssl
cp -r /usr/lib64/openssl /usr/lib64/openssl_old
cp -r /usr/bin/openssl /usr/bin/openssl_old

cd /opt
tar zxvf /opt/$ssl_n.tar.gz
cd /opt/$ssl_n/
./config zlib-dynamic --prefix=/usr/local/$ssl_n --with-zlib-lib=/usr/local/$zlib_n/lib --with-zlib-include=/usr/local/$zlib_n/include --shared
make
make test
read -p "test $ssl_n [y/n]: " number
if [ $number != 'y' ]
then
echo "error"
exit
fi
make install

echo "## add below line to ld.so.conf
/usr/local/$ssl_n/lib
###">>/etc/ld.so.conf
ldconfig -v

ln -s /usr/local/$ssl_n /usr/local/openssl

echo "##config for ssl
export path=/usr/local/openssl/bin:"'$path'"
###">>/etc/profile
source /etc/profile

openssl version -a

##install openssh

service sshd stop
cp -r /etc/ssh /etc/ssh_old`date +%f`
rpm -qa | grep openssh | xargs rpm -e
cd /opt
tar zxvf /opt/$ssh_n.tar.gz
cd /opt/$ssh_n
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/$ssl_n --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib

make && make install

/bin/cp -r ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd

service sshd restart
ssh -v

##permitrootlogin prohibit-password
#permitrootlogin yes
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_old`date +%f`
sed -i '33i permitrootlogin yes' /etc/ssh/sshd_config
service sshd restart

read -p "test ssh [y/n]: " number
if [ $number != 'y' ]
then
echo "error"
exit
fi

## config telnet close
sed -i '12c disable = yes' /etc/xinetd.d/telnet

#/etc/xinetd.d/telnet
mv /etc/securetty.bak /etc/securetty
service xinetd restart
echo "test telnet"