#/bin/bash
openssl=openssl-1.1.1k
path_now=$(cd "$(dirname "$0")"; pwd)
cd $path_now
tar zxvf ${openssl}.tar.gz
cd /${path_now}/${openssl}/
./config --prefix=/usr/local/openssl shared zlib
make depend
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
#ln -s /usr/local/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/lib64/" >> /etc/ld.so.conf
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/
ldconfig
#/bin/bash
#!/bin/bash
# author:wangxinyu
# company:lx
# version: v8.4
# date: Fri Oct 16 18:16:23 CST 2020
# state: Continuously updated
#
# 使用前提 :
# 1. 配置好yum源
# 2. 防止断连,开启telnet服务
# 3. 上传最新版的软件包
#
#需要手动修改的变量
version="ssh_8.6p1" #定义版本号
soft_dir=$(cd "$(dirname "$0")"; pwd) # 上传安装包的目录
ssl_media="openssl-1.1.1k.tar.gz" #ssl软件包名
ssh_media="openssh-8.6p1.tar.gz" # ssh软件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
OS_version=$(cat /etc/redhat-release | awk '{ if(match($0,"release ")) {print substr($0,RSTART+RLENGTH)}}' | awk -F '.' '{print $1}')
#
#if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then
# soft_dir="/$soft_dir/$version" # 定义工作目录
#mkdir -p $soft_dir
#else
# echo "`date +%H:%M:%S`--install media is not exist" |tee -a $soft_dir/check_point.log
#echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log
#exit;
#fi
#安装升级所需依赖包
function InstallDeploy(){
echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $soft_dir/check_point.log
yum -y install gcc pam-devel zlib-devel perl openssl-devel
echo "`date +%H:%M:%S`--install completed " |tee -a $soft_dir/check_point.log
}
#
function Unpack(){
echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $soft_dir/check_point.log
cd $soft_dir
tar xvf $ssl_soft
tar xvf $ssh_soft
echo "`date +%H:%M:%S`--Unpack completed " |tee -a $soft_dir/check_point.log
}
function Backup(){
echo "`date +%H:%M:%S`--Backup important files..." |tee -a $soft_dir/check_point.log
\cp -af /usr/lib64/openssl /usr/lib64/openssl.old
\cp -af /usr/bin/openssl /usr/bin/openssl.old
\cp -af /usr/include/openssl /usr/include/openssl.old
\cp -af /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
\cp -af /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
\cp -af /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
\mv /usr/bin/openssl /usr/bin/openssl.bak
\mv /usr/include/openssl /usr/include/openssl.bak
\cp -arf /etc/ssh/ /etc/ssh_`date +%F`
echo "`date +%H:%M:%S`--Backup completed " |tee -a $soft_dir/check_point.log
}
function Installopenssl(){
echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $soft_dir/check_point.log
cd $soft_dir/openssl*/
echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $soft_dir/check_point.log
./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlib
make depend
make && make install
# 加载动态库
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/lib64/" >> /etc/ld.so.conf
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/
openssl version -a
echo "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $soft_dir/check_point.log
echo "`date +%H:%M:%S`--version: `openssl version`" |tee -a $soft_dir/check_point.log
echo "`date +%H:%M:%S`--Installopenssl completed " |tee -a $soft_dir/check_point.log
}
function Installopenssh(){
echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $soft_dir/check_point.log
cd $soft_dir/openssh*/
echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $soft_dir/check_point.log
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--with-md5-passwords \
--with-pam \
--with-tcp-wrappers \
--with-ssl-dir=/usr/local/openssl \
--with-zlib=/usr/local/lib64 \
--without-hardening
make &&
chmod 600 /etc/ssh/ssh_host*
make install &&
echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $soft_dir/check_point.log
}
function Configssh(){
echo "`date +%H:%M:%S`--Config ssh...." |tee -a $soft_dir/check_point.log
cd $soft_dir/openssh*/
if test -e /usr/lib/systemd/system/sshd.service
then
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk
fi
#mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk
cp contrib/redhat/sshd.init /etc/init.d/sshd
chmod a+x /etc/init.d/sshd
cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
chkconfig sshd on
if [ "a$OS_version" == "a7" ]
then
systemctl enable sshd
fi
echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
sed -i 's/GSSAPICleanupCredentials no/#&/' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/#&/' /etc/ssh/sshd_config
echo "`date +%H:%M:%S`--Config ssh...." |tee -a ./check_point.log
echo "`date +%H:%M:%S`--Restart ssh service...." |tee -a $soft_dir/check_point.log
if [ "a$OS_version" == "a7" ]
then
systemctl restart sshd
else
service sshd restart
fi
echo "`date +%H:%M:%S`--Restart ssh completed " |tee -a $soft_dir/check_point.log
}
function start(){
InstallDeploy
Unpack
Backup
Installopenssl
Installopenssh
Configssh
openssl version -a
ssh -V
}
start
| 
转播
