准备 telnet留后路
安装telnet-server以及xinetd
[root@bingo ~]# yum install xinetd telnet-server -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.aliyun.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
Package 2:xinetd-2.3.15-13.el7.x86_64 already installed and latest version
Package 1:telnet-server-0.17-64.el7.x86_64 already installed and latest version
Nothing to do
[root@bingo ~]#- 配置telnet
现在很多centos7版本安装telnet-server以及xinetd之后没有一个叫telnet的配置文件了。
如果下面telnet文件不存在的话,可以跳过这部分的更改
[root@bingo ~]# ll /etc/xinetd.d/telnet
ls: cannot access /etc/xinetd.d/telnet: No such file or directory如果下面文件存在,请更改配置telnet可以root登录,把disable = no改成disable = yes
[root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
[root@rhel yum.repos.d]# vim /etc/xinetd.d/telnet
[root@rhel yum.repos.d]# cat /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}配置telnet登录的终端类型,在/etc/securetty文件末尾增加一些pts终端,如下
pts/0
pts/1
pts/2
pts/3配置之后的显示
[root@bingo ~]# vim /etc/securetty
[root@bingo ~]# tail -5 /etc/securetty
xvc0
pts/0
pts/1
pts/2
pts/3
[root@bingo ~]#启动telnet服务,并设置开机自动启动
[root@bingo ~]# systemctl enable xinetd
[root@bingo ~]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
[root@bingo ~]#
[root@bingo ~]# systemctl start telnet.socket
[root@bingo ~]# systemctl start xinetd
[root@bingo ~]# netstat -lntp|grep 23
tcp6 0 0 :::23 :::* LISTEN 1/systemd
[root@bingo ~]#切换到telnet方式登录,以后的操作都在telnet终端下操作,防止ssh连接意外中断造成升级失败
telnet方式登录
一、linux中将openssl升级到1.1.1l
- 下载版本:https://ftp.openssl.org/source/ ,下载最新的1.1.1k版本
- 旧版本地址:https://www.openssl.org/sourc...
将openssl-1.1.1l.tar.gz 上传到服务器
进入openssl-1.1.1.l目录下,编译安装
build
[root@bogon ~]# yum -y install gcc pcre-devel zlib-devel openssl openssl-devel gcc make -y
[root@bogon ~]# ./config --prefix=/usr/local/openssl #指定安装路径
[root@bogon ~]# make && make install #编译安装
- 等待安装完成,执行下面的操作
#备份旧的openssl文件
[root@bogon ~]# mv /usr/bin/openssl /usr/bin/openssl.old
[root@bogon ~]# mv /usr/lib64/openssl /usr/lib64/openssl.old
[root@bogon ~]# mv /usr/lib64/libssl.so /usr/lib64/libssl.so.old
#创建软链接
[root@bogon ~]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
[root@bogon ~]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl
[root@bogon ~]# ln -s /usr/local/openssl/lib/libssl.so /usr/lib64/libssl.so
[root@bogon ~]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
[root@bogon ~]# ldconfig -v #显示正在扫描的目录及搜索到的动态链接库
[root@bogon ~]# openssl version
OpenSSL 1.1.1l 24 Aug 2021二、linux中将openssh升级到8.8
https://openbsd.hk/pub/OpenBS...
[root@bogon openssh-8.8p1]# mv /etc/ssh /etc/sshbak
[root@bogon openssh-8.8p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/openssl/include --with-ssl-dir=/usr/local/openssl --with-zlib --with-md5-passwords
[root@bogon openssh-8.8p1]# make && make install
[root@bogon openssh-8.8p1]# cd
[root@bogon ~]# openssl version
OpenSSL 1.1.1l 24 Aug 2021
[root@bogon ~]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
三、配置启动文件
修改配置文件最终为如下内容,其他的不要动
[root@bogon openssh-8.8p1]# grep "^PermitRootLogin" /etc/ssh/sshd_config
PermitRootLogin yes
[root@bogon openssh-8.8p1]# grep "UseDNS" /etc/ssh/sshd_config
UseDNS no
从原先的解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖)
(可能下面的ssh.pam文件都没用到,因为sshd_config配置文件貌似没使用它,请自行测试。我这边是拷贝了)
[root@bogon openssh-8.8p1]# pwd
/root/openssh-8.8p1
[root@bogon openssh-8.8p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@bogon openssh-8.8p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@bogon openssh-8.8p1]# chmod +x /etc/init.d/sshd
[root@bogon openssh-8.8p1]# chkconfig --add sshd把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
[root@bogon openssh-8.8p1]# mkdir /root/backupltx
[root@bogon openssh-8.8p1]# mv /usr/lib/systemd/system/sshd.service /root/backupltx/设置sshd服务开机启动
[root@bogon openssh-8.8p1]# chkconfig sshd on
注意:正在将请求转发到“systemctl enable sshd.socket”。
Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.
[root@bogon openssh-8.8p1]# /etc/init.d/sshd restart
Restarting sshd (via systemctl): [ 确定 ]
[root@bogon openssh-8.8p1]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
[root@bogon openssh-8.8p1]# systemctl restart sshd
[root@bogon openssh-8.8p1]#
[root@bogon openssh-8.8p1]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 30045/uwsgi
tcp 0 0 10.87.2.201:170 0.0.0.0:* LISTEN 9018/ssh
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1657/mysqld
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1832/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 36299/sshd: /usr/sb
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1303/cupsd
tcp 0 0 10.87.2.201:248 0.0.0.0:* LISTEN 24147/ssh
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1599/master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 30045/uwsgi
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 57973/./zabbix_agen
tcp 0 0 0.0.0.0:2020 0.0.0.0:* LISTEN 26008/uwsgi
tcp 0 0 10.87.2.201:9988 0.0.0.0:* LISTEN 45084/ssh
tcp 0 0 10.87.2.201:11301 0.0.0.0:* LISTEN 27176/ssh
tcp6 0 0 :::22 :::* LISTEN 36299/sshd: /usr/sb
tcp6 0 0 :::23 :::* LISTEN 5794/xinetd
tcp6 0 0 ::1:631 :::* LISTEN 1303/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1599/master
tcp6 0 0 :::10050 :::* LISTEN 57973/./zabbix_agen
[root@bogon openssh-8.8p1]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。