系統(tǒng)版本：CentOS release 6.5 (Final)

默認(rèn)版本：OpenSSH_5.3p1, OpenSSL 1.0.1e-fips

升級(jí)版本：OpenSSH_8.6p1, OpenSSL 1.1.1g

相關(guān)升級(jí)文件下載：https://download.csdn.net/download/qq_25868251/19426574?（其中基于 openssl1.1?的是 centos7 版本的）

一、安裝應(yīng)急服務(wù)

1.安裝相關(guān)依賴(lài)及服務(wù)

yum install -y gcc pam-devel zlib-devel perl expat-devel perl-Time-HiRes perl-Test-Harness perl-Test-Simple xinetd telnet-server vsftpd

（1）.此處安裝 telnet 服務(wù)的目的是使 linux 能通過(guò) telnet 登錄系統(tǒng)，避免升級(jí)過(guò)程出現(xiàn)問(wèn)題導(dǎo)致 ssh 無(wú)法登錄，必要情況還需要安裝 vsftpd 服務(wù)，假如 ssh 無(wú)法使用而且需要上傳相關(guān)文件會(huì)用到此服務(wù)，此處建議安裝上，出現(xiàn)問(wèn)題可以省略很多不必要的麻煩。注意：默認(rèn)防火墻并不開(kāi)放 23 端口，可直接關(guān)閉防火墻，若服務(wù)器不允許關(guān)閉，請(qǐng)?jiān)诜阑鸩呗蚤_(kāi)放 23 端口，ftp 服務(wù)需要開(kāi)放 21和 20（建議使用默認(rèn)配置，匿名登錄即可）

? a.若 yum 安裝遇到無(wú)法使用源的情況，請(qǐng)參照該教程：

Centos6.5 解決源無(wú)法使用問(wèn)題_啊 這的博客-CSDN博客

? b.若想進(jìn)一步了解 vsftpd 服務(wù)，請(qǐng)參考該教程：

ftp之vsftpd使用過(guò)程遇到的坑_vsftpd3.0.5 pam不起作用_啊 這的博客-CSDN博客

2、配置服務(wù)及開(kāi)啟服務(wù)

（1）將 disable yes 改為 disable no

[root@localhost ~]# vi /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet {flags = REUSEsocket_type = streamwait = nouser = rootserver = /usr/sbin/in.telnetdlog_on_failure += USERID # disable = yes disable = no }

（2）啟動(dòng)服務(wù)

[root@localhost ~]# chkconfig xinetd on # 設(shè)置開(kāi)機(jī)自啟 [root@localhost ~]# mv /etc/securetty /etc/securetty_bak # 設(shè)置允許root通過(guò)telnet登錄 [root@localhost ~]# service xinetd start # 啟動(dòng)telnet Starting xinetd: [ OK ] [root@localhost yum.repos.d]# service vsftpd start # 啟動(dòng)ftp Starting vsftpd for vsftpd: [ OK ]

（3）開(kāi)啟后通過(guò)另外的服務(wù)器 telnet ip 進(jìn)行測(cè)試，若連接失敗，請(qǐng)檢查防火墻，若密碼正確但一直登錄不上，則可能是 selinux 導(dǎo)致：

臨時(shí)關(guān)閉：setenforce 0?永久關(guān)閉：sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

二、升級(jí) openssl1.1.1g

1.備份當(dāng)前版本的 ssl

[root@localhost ~]# mv /usr/bin/openssl /usr/bin/openssl_bak [root@localhost ~]# mv /usr/include/openssl /usr/include/openssl_bak # 若有則備份，若無(wú)則忽略 [root@localhost ~]# mv /usr/lib64/libssl.so.1.0.1e /usr/lib64/libssl.so.1.0.1e_bak # 重命名之后會(huì)發(fā)現(xiàn)無(wú)法使用 yum 和 rpm 命令了，若是有外網(wǎng)條件的，后面需要下載之前忘記下載的依賴(lài)或者軟件，重命名回來(lái)使用 yum 就可以了，無(wú)外網(wǎng)條件就通過(guò) ftp 上傳 rpm 包進(jìn)行安裝（其實(shí)這幾個(gè)過(guò)程更新 openssl 并不會(huì)導(dǎo)致無(wú)法登錄 ssh 以及 ssh 進(jìn)行文件傳輸，會(huì)導(dǎo)致的可能是其他誤操作或者在更新 openssh 的時(shí)候） [root@localhost ~]# mv /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10_bak [root@localhost ~]# mv /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10_bak

2.卸載當(dāng)前版本 openssl

[root@localhost ~]# rpm -qa |grep openssl openssl-1.0.1e-15.el6.x86_64 [root@localhost ~]# rpm -e --nodeps openssl-1.0.1e-15.el6.x86_64

3.安裝新版本 openssl

[root@localhost ~]# tar -zxf openssl-1.1.1g.tar.gz [root@localhost ~]# cd openssl-1.1.1g [root@localhost openssl-1.1.1g]# ./config --prefix=/usr/local/openssl shared Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1g (0x1010107fL) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm Creating Makefile********************************************************************** *** *** *** OpenSSL has been successfully configured *** *** *** *** If you encounter a problem while building, please open an *** *** issue on GitHub <https://github.com/openssl/openssl/issues> *** *** and include the output from the following command: *** *** *** *** perl configdata.pm --dump *** *** *** *** (If you are new to OpenSSL, you might want to consult the *** *** 'Troubleshooting' section in the INSTALL file first) *** *** *** ********************************************************************** [root@localhost ~]# make [root@localhost ~]# make test [root@localhost ~]# make install

（1）.若 ./config 出現(xiàn)如下錯(cuò)誤，則說(shuō)明沒(méi)有安裝到 perl 依賴(lài)

[root@localhost ~]# cd openssl-1.1.1g [root@localhost openssl-1.1.1g]# ./config --prefix=/usr/local/openssl shared Operating system: x86_64-whatever-linux2 You need Perl 5.[root@localhost openssl-1.1.1g]# yum install -y perl There was a problem importing one of the Python modules required to run yum. The error leading to this problem was:libcrypto.so.10: cannot open shared object file: No such file or directoryPlease install a package which provides this module, or verify that the module is installed correctly.It's possible that the above module doesn't match the current version of Python, which is: 2.6.6 (r266:84292, Nov 22 2013, 12:16:22) [GCC 4.4.7 20120313 (Red Hat 4.4.7-4)]If you cannot solve this problem yourself, please go to the yum faq at:http://yum.baseurl.org/wiki/Faq

（2）若 make test 出現(xiàn)以下錯(cuò)誤，則說(shuō)明 expat 沒(méi)有安裝

make[1]: Leaving directory `/root/openssl-1.1.1g' [root@localhost openssl-1.1.1g]# make test make depend && make _tests make[1]: Entering directory `/root/openssl-1.1.1g' make[1]: Leaving directory `/root/openssl-1.1.1g' make[1]: Entering directory `/root/openssl-1.1.1g' ( cd test; \mkdir -p test-runs; \SRCTOP=../. \BLDTOP=../. \RESULT_D=test-runs \PERL="/usr/bin/perl" \EXE_EXT= \OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \OPENSSL_DEBUG_MEMORY=on \/usr/bin/perl .././test/run_tests.pl ) Can't locate Test/Harness.pm in @INC (@INC contains: /root/openssl-1.1.1g/test/../util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at .././test/run_tests.pl line 112. BEGIN failed--compilation aborted at .././test/run_tests.pl line 112. make[1]: *** [_tests] Error 2 make[1]: Leaving directory `/root/openssl-1.1.1g' make: *** [tests] Error 2

（3）若 make test 出現(xiàn)如下錯(cuò)誤，則說(shuō)明?perl-Time-HiRes 沒(méi)有安裝

make depend && make _tests make[1]: Entering directory `/root/openssl-1.1.1g' make[1]: Leaving directory `/root/openssl-1.1.1g' make[1]: Entering directory `/root/openssl-1.1.1g' ( cd test; \mkdir -p test-runs; \SRCTOP=../. \BLDTOP=../. \RESULT_D=test-runs \PERL="/usr/bin/perl" \EXE_EXT= \OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \OPENSSL_DEBUG_MEMORY=on \/usr/bin/perl .././test/run_tests.pl ) Can't locate Test/Harness.pm in @INC (@INC contains: /root/openssl-1.1.1g/test/../util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at .././test/run_tests.pl line 112. BEGIN failed--compilation aborted at .././test/run_tests.pl line 112. make[1]: *** [_tests] Error 2 make[1]: Leaving directory `/root/openssl-1.1.1g' make: *** [tests] Error 2

（4）若 make test 出現(xiàn)如下錯(cuò)誤，則說(shuō)明?perl-Test-Harness 沒(méi)有安裝

[root@localhost openssl-1.1.1g]# make test make depend && make _tests make[1]: Entering directory `/root/openssl-1.1.1g' make[1]: Leaving directory `/root/openssl-1.1.1g' make[1]: Entering directory `/root/openssl-1.1.1g' ( cd test; \mkdir -p test-runs; \SRCTOP=../. \BLDTOP=../. \RESULT_D=test-runs \PERL="/usr/bin/perl" \EXE_EXT= \OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \OPENSSL_DEBUG_MEMORY=on \/usr/bin/perl .././test/run_tests.pl ) Can't locate Test/Harness.pm in @INC (@INC contains: /root/openssl-1.1.1g/test/../util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at .././test/run_tests.pl line 112. BEGIN failed--compilation aborted at .././test/run_tests.pl line 112. make[1]: *** [_tests] Error 2 make[1]: Leaving directory `/root/openssl-1.1.1g'

（5）若 make test 出現(xiàn)如下錯(cuò)誤，則說(shuō)明?perl-Test-Simple 沒(méi)有安裝（若已經(jīng)安裝還是提示該錯(cuò)誤，說(shuō)明安裝的版本太低，默認(rèn) yum 安裝的版本是 perl-Test-Simple-0.92-144 ），這里解決我是在網(wǎng)上找了一個(gè)高版本的進(jìn)行rpm安裝后解決的：perl-Test-Simple-1.302162-79.1.noarch.rpm

make depend && make _tests make[1]: Entering directory `/root/openssl-1.1.1g' make[1]: Leaving directory `/root/openssl-1.1.1g' make[1]: Entering directory `/root/openssl-1.1.1g' ( cd test; \mkdir -p test-runs; \SRCTOP=../. \BLDTOP=../. \RESULT_D=test-runs \PERL="/usr/bin/perl" \EXE_EXT= \OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \OPENSSL_DEBUG_MEMORY=on \/usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/01-test_sanity.t ................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/01-test_symbol_presence.t .......... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/01-test_test.t ..................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/02-test_errstr.t ................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/02-test_internal_ctype.t ........... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/02-test_lhash.t .................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/02-test_ordinals.t ................. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/02-test_stack.t .................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_exdata.t ................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_asn1.t ............ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_chacha.t .......... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_curve448.t ........ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_ec.t .............. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_mdc2.t ............ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_modes.t ........... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_poly1305.t ........ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_siphash.t ......... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_sm2.t ............. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_sm4.t ............. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_ssl_cert_table.t .. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_internal_x509.t ............ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/03-test_ui.t ....................... Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/04-test_asn1_decode.t .............. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/04-test_asn1_encode.t .............. Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/04-test_asn1_string_table.t ........ Dubious, test returned 2 (wstat 512, 0x200) No subtests run ../test/recipes/04-test_bio_callback.t ............. Dubious, test returned 2 (wstat 512, 0x200.....省略...........................................Parse errors: No plan found in TAP output ../test/recipes/80-test_ca.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_cipherbytes.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_cipherlist.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ciphername.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_cms.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_cmsapi.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ct.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_dane.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_dtls.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_dtls_mtu.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_dtlsv1listen.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ocsp.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_pkcs12.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ssl_new.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ssl_old.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_ssl_test_ctx.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_sslcorrupt.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_tsa.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/80-test_x509aux.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_asn1_time.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_async.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_bio_enc.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_bio_memleak.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_constant_time.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_fatalerr.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_gmdiff.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_gost.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_ige.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_includes.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_memleak.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_overhead.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_secmem.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_shlibload.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_srp.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_sslapi.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_sslbuffers.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_store.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_sysdefault.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_threads.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_time_offset.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13ccs.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13encryption.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_tls13secrets.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/90-test_v3name.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/95-test_external_boringssl.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/95-test_external_krb5.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/95-test_external_pyca.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/99-test_ecstress.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output ../test/recipes/99-test_fuzz.t (Wstat: 512 Tests: 0 Failed: 0)Non-zero exit status: 2Parse errors: No plan found in TAP output Files=155, Tests=0, 2 wallclock secs ( 0.26 usr 0.22 sys + 0.53 cusr 0.21 csys = 1.22 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory `/root/openssl-1.1.1g' make: *** [tests] Error 2

4.鏈接與配置

# （1）設(shè)置軟連接 [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/include/openssl /usr/include/openssl [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/lib/libssl.so.1.0.0 /usr/lib64/libssl.so.10 [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/lib/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10 # （2）將 OpenSSL 的動(dòng)態(tài)鏈接庫(kù)地址寫(xiě)入動(dòng)態(tài)鏈接裝入器（dynamic loader） [root@localhost openssl-1.1.1g]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf # （3）重新加載動(dòng)態(tài)鏈接庫(kù) [root@localhost openssl-1.1.1g]# ldconfig -v

5.最后查看 openssl 版本

[root@localhost openssl-1.1.1g]# openssl version -a OpenSSL 1.1.1g 21 Apr 2020 built on: Fri Jun 4 01:56:09 2021 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/openssl/ssl" ENGINESDIR: "/usr/local/openssl/lib/engines-1.1" Seeding source: os-specific

三、升級(jí)openssh8.6p1

1.卸載舊版本 openssh

[root@localhost ~]# rpm -e --nodeps `rpm -qa | grep openssh`

2.安裝相關(guān)依賴(lài)

[root@localhost ~]# yum install -y libICE libSM libX11 libXt atk cairo gtk2

3.安裝新版本openssh

[root@localhost openssh]# ll total 10824 -rw-r--r--. 1 root root 5491570 Jun 1 11:01 openssh8.6-c6.zip -rw-r--r--. 1 root root 611856 May 10 20:58 openssh-8.6p1-1.el6.x86_64.rpm -rw-r--r--. 1 root root 42728 May 10 20:58 openssh-askpass-8.6p1-1.el6.x86_64.rpm -rw-r--r--. 1 root root 24512 May 10 20:58 openssh-askpass-gnome-8.6p1-1.el6.x86_64.rpm -rw-r--r--. 1 root root 735316 May 10 20:58 openssh-clients-8.6p1-1.el6.x86_64.rpm -rw-r--r--. 1 root root 3690132 May 10 20:58 openssh-debuginfo-8.6p1-1.el6.x86_64.rpm -rw-r--r--. 1 root root 477096 May 10 20:58 openssh-server-8.6p1-1.el6.x86_64.rpm [root@localhost openssh]# rpm -ivh ./*.rpm Preparing... ########################################### [100%]1:openssh ########################################### [ 17%]2:openssh-askpass ########################################### [ 33%]3:openssh-askpass-gnome ########################################### [ 50%]4:openssh-clients ########################################### [ 67%]5:openssh-server ########################################### [ 83%]6:openssh-debuginfo ########################################### [100%]

（1）若不卸載就版本直接更新 ，需要修改以下文件權(quán)限

cd /etc/ssh chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key

（2）配置?/etc/ssh/sshd_config 文件（安裝后 sshd_config 為默認(rèn)狀態(tài)）

[root@localhost ssh]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config [root@localhost ssh]# echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config

（3）重啟 sshd（若發(fā)現(xiàn)重啟后ssh斷了，則需要用到 telnet 去操作，可以先做后面的步驟后再重啟 sshd）

[root@localhost ssh]# service sshd restart

（4）重新配置配還原的?/etc/pam.d/sshd 文件

[root@localhost ~]# >/etc/pam.d/sshd # 先清空，后配置 [root@localhost ~]# echo '#%PAM-1.0 > auth required pam_sepermit.so > auth include password-auth > account required pam_nologin.so > account include password-auth > password include password-auth > # pam_selinux.so close should be the first session rule > session required pam_selinux.so close > session required pam_loginuid.so > # pam_selinux.so open should only be followed by sessions to be executed in the user context > session required pam_selinux.so open env_params > session optional pam_keyinit.so force revoke > session include password-auth'>/etc/pam.d/sshd

? a.重新登錄 ssh 你會(huì)發(fā)現(xiàn)無(wú)法連接，報(bào)以下第一段錯(cuò)誤，只需要在 sshd_config 文件中最后加入如下第二段配置，并重啟即可

Key exchange failed. No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [root@localhost ~]# vi /etc/ssh/sshd_config # 末尾加入如下內(nèi)容 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [root@localhost ~]# service sshd restart

? b.若輸入正確密碼后還是不能登錄 ssh ，說(shuō)明是 selinux 限制，上面有提到，關(guān)閉即可。

---

四、小結(jié)

1.上述升級(jí)過(guò)程為比較規(guī)范的升級(jí)過(guò)程，升級(jí)過(guò)程中所出現(xiàn)的錯(cuò)誤也是我不斷百度并實(shí)驗(yàn)得以解決，若升級(jí)過(guò)程有其他的錯(cuò)誤已經(jīng)解決方案也請(qǐng)?jiān)u論，或者給個(gè)鏈接，大家一起學(xué)習(xí)學(xué)習(xí)。

其中 openssl 升級(jí)也可以忽略不做 make test 那一步，升級(jí)就會(huì)很順暢，但是后續(xù)有什么后果，或者導(dǎo)致某些服務(wù)不可用的情況還不可知，所以是否要忽略這一步大家自行判斷，因?yàn)橛行┉h(huán)境完全外網(wǎng)隔離的，安裝依賴(lài)等相對(duì)麻煩。

以下是我參考其他鏈接的執(zhí)行步驟（該方法可行，在 centos6 版本中測(cè)試了均沒(méi)出現(xiàn)問(wèn)題），參考地址：CentOS升級(jí)Openssl至1.1.1g_樂(lè)大師的博客-CSDN博客

# 解壓文件，并安裝 # tar xfz openssl-1.1.1g.tar.gz # cd openssl-1.1.1g # ./config --prefix=/usr/local/openssl # make && make install# 備份源文件及目錄 # mv /usr/bin/openssl /usr/bin/openssl.old # mv /usr/include/openssl/ /usr/include/openssl.old# 設(shè)置相關(guān)軟鏈接 ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so# 將 OpenSSL 的動(dòng)態(tài)鏈接庫(kù)地址寫(xiě)入動(dòng)態(tài)鏈接裝入器（dynamic loader） echo "/usr/local/openssl/lib" >> /etc/ld.so.conf# 重新加載動(dòng)態(tài)鏈接庫(kù) ldconfig -v# 測(cè)試升級(jí)后版本 openssl version -v

2.還有一個(gè)大家可能關(guān)注的問(wèn)題，使用 ssh -V 查看的版本和 openssl version 查出的 openssl 版本不一致。其原因是 ssh -V 顯示的是 openssh 編譯成 rpm 包時(shí)使用的 openssl ，不是當(dāng)前部署的 openssl ，這個(gè)其實(shí)不影響實(shí)際版本，若一定要求版本一致，可以使用編譯安裝 openssh，可參考下這篇 centos7 編譯安裝的：Centos 7.3 下 編譯Openssh 8.6 RPM （使用Openssl 1.1.1k）_centos openssl rpm_lijq3370的博客-CSDN博客

總結(jié)

以上是生活随笔為你收集整理的centos6.5 升级openssl1.1.1g、openssh8.6p1小记的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。