#!/bin/bash
set -e
###########变量区##############
file="ssh9.3p2_ssl1.1.1u_rpm_x86_64.tar.gz"
BackupDir=/tmp/sshd_backup_`date +%Y%m%d`
PatchLog=$BackupDir/ssh_ssl_upgrage.log
ExecDir=/tmp/updatessh
#影藏版本号(远程登录提示的版本号,可能与“ssh -V”查询的有差异,是否加单引号和双信号都可用)
version="OpenSSH_9.3"
##########################
function _echo () {
local info=$*
echo -e "\e[1;33m ${info} \e[0m" |tee -a $PatchLog
}
function runcheck()
{
if [ "`id -u`" -ne 0 ]
then
echo -e "\033[31m"$0:this script must be run as root!" \033[0m"
exit 1
elif [ "`uname -p`" != "x86_64" ]
then
echo -e "\033[31m"$0:this script must be run on x86_64!" \033[0m"
exit 1
elif [ "`rpm -q --queryformat '%{VERSION}' centos-release`" != "7" ]
then
echo -e "\033[31m"$0:this script must be run on centos7.x版本!" \033[0m"
exit 1
#编译安装openssl与已有openssl11-libs存在冲突
elif test ! -z "$(rpm -qa | grep openssl11-libs)"; then
echo -e "\033[31m"系统已安装openssl11-libs包与当前升级包冲突,可能影响nignx等服务,请手动卸载后继续!" \033[0m"
exit 1
#判断^PermitRootLogin是否多行(大于1)
elif [ `grep -n '^PermitRootLogin ' /etc/ssh/sshd_config|wc -l` -gt 1 ];then
echo -e "\033[31m"注意!经检测配置文件存在多个root远程登录配置参数,查询如下:" \033[0m"
grep -n '^PermitRootLogin ' /etc/ssh/sshd_config
echo -e "\033[31m"请手动验证后继续!" \033[0m"
exit 1
else
[ -d $BackupDir ] || mkdir -p $BackupDir >>/dev/null
fi
}
#yum
function pkginstall()
{
_echo "# `date +%F-%X` install base pkg......"
yum install libXt-devel imake libSM libICE zlib-devel pam-devel -y>> /dev/null && sleep 5
_echo "# `date +%F-%X` install base pkg done."
}
#wget
function rpmdown()
{
[ -d $ExecDir ] || mkdir -p $ExecDir >/dev/null
[ -f $ExecDir/$file ] || cp $file $ExecDir
if [ $? -eq 0 ]
then
cd $ExecDir
tar -xzvf $file
else
echo -e "\033[31m"$file download faild,please check!" \033[0m"
exit 1
fi
}
#OpenSSL
function install_openssl()
{
if test ! -z "$(rpm -qa | grep openssl | grep -v libs)"; then
ssl_ver=`openssl version|awk '{print $1"-"$2}'`
_echo "# `date +%F-%X` uninstall $ssl_ver......"
rpm -e `rpm -qa | grep openssl | grep -v libs` --nodeps
fi
_echo "# `date +%F-%X` install openssl......"
rpm -Uvh openssl* --nodeps
# cp /etc/ld.so.conf /etc/ld.so.conf.bak
# sed -i '/openssl/d' /etc/ld.so.conf
# #sed -i 's/openssl-1.1.1h/openssl/g' /etc/ld.so.conf
# echo "/usr/local/openssl/lib">> /etc/ld.so.conf
# ldconfig
# _echo "# `date +%F-%X` openssl upgrade done......"
# _echo "# `date +%F-%X` Curren version:"
# openssl version|tee -a $PatchLog
}
#OpenSSH
function install_openssh()
{
_echo "------------------------------------------"
_echo "# `date +%F-%X` Stop sshd......"
# systemctl stop sshd
if systemctl is-active --quiet sshd; then
systemctl stop sshd
fi
_echo "# `date +%F-%X` backup /etc/pam.d/sshd......"
cp /etc/pam.d/sshd $BackupDir
_echo "# `date +%F-%X` /etc/ssh/sshd_config......"
cp /etc/ssh/sshd_config $BackupDir
_echo "# `date +%F-%X` uninstall openssh......"
rpm -e `rpm -qa | grep openssh` --nodeps
_echo "# `date +%F-%X` install openssh......"
rpm -Uvh openssh* --nodeps
_echo "# `date +%F-%X` chmod 600 /etc/ssh/*_key......"
chmod 600 /etc/ssh/*_key
_echo "# `date +%F-%X` recover /etc/pam.d/sshd......"
\cp $BackupDir/sshd /etc/pam.d/sshd
_echo "# `date +%F-%X` recover /etc/ssh/sshd_config......"
\cp $BackupDir/sshd_config /etc/ssh/sshd_config
_echo "# `date +%F-%X` restart sshd......"
systemctl restart sshd
_echo "# `date +%F-%X` openssh upgrade done......"
_echo "# `date +%F-%X` Curren version:"
#ssh -V|tee -a $PatchLog
ssh -V
_echo "# `date +%F-%X` openssh && openssl update sucess!"
#############
##添加ssh-copy-id 命令(本脚本编译前已添加)
##tar -zxf $file ssh-copy-id && mv ssh-copy-id /usr/bin/ && chmod +x ssh-copy-id
#mv ssh-copy-id /usr/bin/ && chmod +x /usr/bin/ssh-copy-id
#############
}
rpmclear()
{
rm -rf $ExecDir >/dev/null && _echo "# `date +%F-%X` clear $ExecDir done."
}
main()
{
runcheck
# pkginstall
rpmdown
install_openssl
install_openssh
rpmclear
}
main
##安全加固(本脚本安装包已默认加固)
#if [ `grep 'chacha20-poly1305@openssh.com' /etc/ssh/sshd_config|wc -l` -eq 0 ]
#then
#echo Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com >> /etc/ssh/sshd_config && \
#echo KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 >> /etc/ssh/sshd_config
#systemctl restart sshd
#fi
#隐藏版本号: (本地执行"ssh -V"任可见,根据实际版本号进行替换,x.x可为任意字母或数字)
#根据ssh-V 和 strings /usr/sbin/sshd|grep 'OpenSSH_' 确定要修改的版本
#备份文件
cp -a /usr/sbin/sshd /usr/sbin/sshd-bak-`date +%F`
#sed -i 's/OpenSSH_9.3/OpenSSH_x.x/g' /usr/sbin/sshd
sed -i "s/${version}/OpenSSH_x.x/g" /usr/sbin/sshd
systemctl restart sshd
##授权(确认root能远程登录再执行,升级为8.6后默认为不允许root登录)(可选项)
if [ `grep -n '^PermitRootLogin ' /etc/ssh/sshd_config|wc -l` -eq 0 ]
then
echo -e "\033[31m"注意!经检测root用户远程登录未配置,root用户无法远程登录!!" \033[0m"
while true; do
read -p "请确认开启/禁用: root远程登录?[y/n]:" sure
case $sure in
y|Y|Yes|yes|YES)
echo "输入为:$sure,开启root远程登录中...."
sed -i '/^#PermitRootLogin/s/#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
#判断并删除^PermitRootLogin开头行重复值(倒序删除)
if [ `grep -n '^PermitRootLogin ' /etc/ssh/sshd_config|wc -l` -gt 1 ];then
for i in $(grep -n '^PermitRootLogin' /etc/ssh/sshd_config | sed '1d' | cut -d ':' -f 1|sort -rn)
do
sed -i "${i}d" /etc/ssh/sshd_config
done
fi
systemctl restart sshd
echo -e "\033[32m" 开启root远程登录完成,请新开窗口验证后再退出当前终端!!" \033[0m"
#break
exit 0
;;
n|N|NO|no)
echo "输入为: $sure,禁用root远程登录中..."
sed -i '/^#PermitRootLogin/s/#PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
#判断并删除^PermitRootLogin开头行重复值(倒序删除)
if [ `grep -n '^PermitRootLogin ' /etc/ssh/sshd_config|wc -l` -gt 1 ];then
for i in $(grep -n '^PermitRootLogin' /etc/ssh/sshd_config | sed '1d' | cut -d ':' -f 1|sort -rn)
do
sed -i "${i}d" /etc/ssh/sshd_config
done
fi
systemctl restart sshd
echo -e "\033[32m" 禁用root远程登录完成" \033[0m"
exit 0
;;
*)
echo "输入错误,请重新输入"
;;
esac
done
fi
没有合适的资源?快使用搜索试试~ 我知道了~
centos7.x-ssh9.3p2-ssl1.1.1u-rpm-x86-64升级脚本
共2个文件
sh:1个
gz:1个
5星 · 超过95%的资源 需积分: 0 39 下载量 40 浏览量
2023-07-27
13:19:37
上传
评论
收藏 6.32MB ZIP 举报
温馨提示
特点: 1、同时升级openssh与openssl,采用rpm包形式,一键快速升级版本,无需每台单独再次进行编译, 2、隐藏openssh-版本号 3、保留scp与ssh-copy-id命令 安装: 执行 bash upgrade_ssl_ssh.sh 进行安装 验证 openssl版本: openssl version OpenSSL 1.1.1u 30 May 2023 openssh版本: ssh -V OpenSSH_9.3p2, OpenSSL 1.1.1u 30 May 2023
资源推荐
资源详情
资源评论
收起资源包目录
centos7.x_ssh9.3p2_ssl1.1.1u升级脚本.zip (2个子文件)
ssh9.3p2_ssl1.1.1u_rpm_x86_64.tar.gz 6.31MB
upgrade_ssl_ssh.sh 7KB
共 2 条
- 1
资源评论
- A放我出去我没病웃유2023-10-10#完美解决问题 #注释完整 #全网独家 #内容详尽 #运行顺畅 #完美解决问题
liuxin638507
- 粉丝: 1496
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功