问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

centos 如何降级 openssl?

头像
黒之染
    3.1k58223248

    因为要升级ssh,下载了ssh最新的编译安装包(openssh-7.6p1)、openssl的编译安装包(OpenSSL 1.1.0f)。

    装好openssl之后,再装openssh,竟然提示openssh不支持1.1.0以上的openssl

    想着再按照原来的方法装一次openssl-1.0.2l吧,真装上了(./config shared zlib --prefix=/usr/local/openssl-1.0.2l)。

    openssl version 显示的版本却永远是1.1.0fopenssh也还是装不上,即使我把1.0.2l装在一个新目录,openssh配置openssl的目录是新目录,它也还是读1.1.0fopenssl。。。

    网上能找到的各种软链、修改 /etc/ld.so.conf 的,我都试过了,1.1.0f版本好像是生根了一样,除不掉。。。

    现在用which openssl找出openssl的位置,用ln -s1.0.2lbin/openssl文件链到这了,用openssl version 显示的版本已经是1.0.2l了,但是治标没治本,装openssh的时候,还是提示OpenSSL header version... 1010006f (OpenSSL 1.1.0f 25 May 2017),表示它不知道从哪里读了一个1.1.0f的版本,我明明装了低版本!

    ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib

    我的openssh配置语句是这样的,我把openssl 1.0.2l装在/usr

    centos7openssl
    阅读 9.8k
    1 个回答
    得票最新
    头像
    黒之染
      3.1k58223248

      啊哈哈哈哈哈哈哈哈,我解决了,感谢知乎的答友提醒我看安装包里的 INSTALL 文件,里面很详细,虽然是全英文,但是我眼神好,看到一句 ‘make update’当时就想,我擦,还有这个操作,即使没理解上下文,但是先试试吧,然后重新编译了一次openssl:
      ./config shared --prefix=/usr/local/openssl (这一句我其实用过几回了,都没有效果)
      make
      make update (没想到居然不是用make install!)

      //以下是编译openssh的结果,终于识别我想装的版本啦!!!

      checking OpenSSL header version... 100020cf (OpenSSL 1.0.2l  25 May 2017)
checking OpenSSL library version... 100020cf (OpenSSL 1.0.2l  25 May 2017)
checking whether OpenSSL's headers match the library... yes
checking if programs using OpenSSL functions will link... yes
....(此处省略)
OpenSSH has been configured with the following options:
                 User binaries: /usr/local/openssh/bin
               System binaries: /usr/local/openssh/sbin
           Configuration files: /etc/ssh
               Askpass program: /usr/local/openssh/libexec/ssh-askpass
                  Manual pages: /usr/share/man/manX
                      PID file: /var/run
  Privilege separation chroot path: /var/empty
        sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/openssh/bin
                Manpage format: doc
                   PAM support: yes
               OSF SIA support: no
             KerberosV support: no
               SELinux support: no
             Smartcard support: 
                 S/KEY support: no
          MD5 password support: yes
               libedit support: no
               libldns support: no
  Solaris process contract support: no
       Solaris project support: no
     Solaris privilege support: no
   IP address in $DISPLAY hack: no
       Translate v4 in v6 hack: yes
              BSD Auth support: no
          Random number source: OpenSSL internal ONLY
         Privsep sandbox style: seccomp_filter

          Host: x86_64-pc-linux-gnu
      Compiler: gcc
Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE  
Preprocessor flags: -I/usr/local/openssl/include -I/usr/local/zlib/include  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
  Linker flags: -L/usr/local/openssl/lib -L/usr/local/zlib  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie 
     Libraries: -lcrypto -ldl -lutil -lz  -lcrypt -lresolv
     +for sshd:  -lpam

PAM is enabled. You may need to install a PAM control file 
for sshd, otherwise password authentication may fail. 
Example PAM control files can be found in the contrib/ 
subdirectory
      撰写回答
      你尚未登录,登录后可以
      • 和开发者交流问题的细节
      • 关注并接收问题和回答的更新提醒
      • 参与内容的编辑和改进,让解决方法与时俱进
      推荐问题