Upgrade OpenSSL and OpenSSH under CentOS7

CentOS 7.7.1908 version upgrade openssl and openssh

The environment is as follows

1、 First check the current openssl and openssh versions

[ root@VMServer ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908(Core)[root@VMServer ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017[root@VMServer ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017[root@VMServer ~]# rpm -qa | grep openss
openssl098e-0.9.8e-29.el7.centos.3.x86_64
openssh-7.4p1-21.el7.x86_64
openssl-1.0.2k-19.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
openssh-clients-7.4p1-21.el7.x86_64
openssl-libs-1.0.2k-19.el7.x86_64
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
[ root@VMServer ~]#

2、 Upgrade openssl first

mv openssl-1.1.1g.tar.gz /opt
cd /opt
# Unzip openssl-1.1.1g source package
tar -zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
# Environment configuration before compilation
. /config --prefix=/usr/local/openssl
. /config -t
# make compile
make
# make install compile and install
make install
# Check function library
ldd /usr/local/openssl/bin/openssl
# Add missing library
echo "/usr/local/openssl/lib">>/etc/ld.so.conf
# Update function library
ldconfig -v
# Remove the old version of openssl
mv /usr/bin/openssl /usr/bin/openssl_old_bak
# Soft link the new version of openssl to/usr/bin/Under contents
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
# Check version
which openssl
openssl version -a

Check the version information after upgrading openssl

3、 Upgrade openssh again

# Copy openssh-8.2p1.tar.gz source package to/opt directory
cp /root/openssh-8.2p1.tar.gz /opt
cd /opt
# If you can access the Internet, you can directly yum install zlib-devel pam-devel
# yum -y install zlib-devel
# yum -y install pam-devel
# If you cannot access the Internet, download zlib in advance-devel and pam-rpm package required by devel, local rpm-ivh --Install by force
rpm -ivh --force zlib*.rpm
rpm -ivh --force pam*.rpm

# Unzip openssh-8.2p1.tar.gz source package
tar -zxvf openssh-8.2p1.tar.gz
cd openssh-8.2p1/
# Backup old version
mv /etc/ssh /etc/ssh_bak
sleep 1
# Environment configuration before compilation
. /configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib --without-hardening
# make compile
make
# make install compile and install
make install

# modify/etc/ssh/sshd_config configuration, allowing root user SSH login, because openssh-8.This option is not available in 2p1 configuration
echo "PermitRootLogin yes">>/etc/ssh/sshd_config
# Backup old version of sshd
mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /etc/sysconfig/sshd /opt
mv  /usr/lib/systemd/system/sshd.service  /opt

# Copy the new version of sshd to/usr/sbin/
\ cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
# Uninstall the original openssh
for i in$(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done

# After uninstalling, the openssh configuration file will become the rpmsave suffix and restore it to the original directory
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
# Replace the new version of openssh related commands
\ cp -arf /usr/local/openssh/bin/* /usr/bin/
\ cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd

# Copy startup script
cp /opt/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
# Add execution permissions to the startup script
chmod +x /etc/init.d/sshd
# Copy sshd.pam
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

# Restart the sshd service and set it to start at boot
systemctl daemon-reload
service sshd restart
chkconfig --add sshd
chkconfig --level 2345 sshd on
chkconfig --list

The above operations can all be written into the script

4、 Finally verify the version information of openssh

Several methods can be verified

ssh -V
nc -v 127.0.0.122
telnet 127.0.0.122
ssh -v localhost

You can see that it has been upgraded to openssh 8.2p1

This article refers to http://www.dengb.com/Linuxjc/1355285.html