CentOS7 openssl升级

openssl升级

下载

# openssl 路径： 
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz 

#openssh 路径： 
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz

安装工具与依赖

yum install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-deve

yum install  -y pam* zlib*

安装 openssl

# 备份原来的openssl

mv /usr/bin/openssl /usr/bin/openssl_bak

mv /usr/include/openssl /usr/include/openssl_bak

# 安装
tar -xzf openssl-1.1.1l.tar.gz && cd openssl-1.1.1l && ./config --prefix=/usr/local/openssl --shared && make && make install

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/openssl/include/openssl /usr/include/openssl

`echo "/usr/local/openssl/lib" >>/etc/ld.so.conf`

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

ldconfig

openssl version

# OpenSSL 1.1.1h 22 Sep 2020

安装openssh

#安装openssh前 将openssl 安装到/usr/local/openssl

# 备份原来的 ssh配置


tar -xzf openssh-8.7p1.tar.gz 

cd /etc/ssh && mkdir –p /root/sshbak && mv ./* /root/sshbak

cd /data/openssh-8.7p1

./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords --with-pam

make && make install

mv /usr/bin/ssh /usr/bin/ssh-bak20210830

ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd

chkconfig --add sshd && systemctl enable sshd

mv  /usr/lib/systemd/system/sshd.service  /data/

chkconfig sshd on

ssh -V

# OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020

vim /etc/ssh/sshd_config
# 设置 usePAM = yes
systemctl restart sshd