openssh9.3p1&&openssl1.1.1u离线或在线升级

#!/bin/bash # ######################## 蜈蚣出品 ####################### # Function : openssl openssh update # # Platform : Centos6.x - Centos8.x & Rocky8.x # # Version : 2.2 # # Date : 2023-07-01 # ######################################################### # # RHEL8系列操作系统恢复使用旧库，解决编译安装Openssl出现的libssl及libcrypto版本不匹配问题。 # 使用旧库将导致openssl程序版本号与库版本号不一致的问题，暂无完美解决方法。 # clear export LANG="en_US.UTF-8" date_time=$(date +%Y%m%d-%H%M%S) # #请根据官方发行的版本号按需要安装的版本修改 <<================================== # zlib_version="zlib-1.2.13" openssl_version="openssl-1.1.1u" openssh_version="openssh-9.3p1" las_zlib_version=$(echo $zlib_version | awk -F "-" '{print $2}') las_openssl_version=$(echo $openssl_version | awk -F "-" '{print $2}') las_openssh_version=$(echo $openssh_version | awk -F "-" '{print $2}') old_zlib_version=$(find /usr/local -name zlib-* | awk -F "-" '{print $2'}) old_openssl_version=$(openssl version 2>&1 | awk -F" " '{print $2}' | awk -F"-" '{print $1}') old_openssh_version=$(ssh -V 2>&1 | awk -F"," '{print $1}' | awk -F"_" '{print $2}') if [[ $(openssl version 2>&1) =~ Library ]] ; then os_openssl_version=$(openssl version 2>&1 | awk -F"Library" '{print $2}' | awk -F" " '{print $3}') fi # #安装包路径建议根据安装脚本上传的位置修改 <<================================== # upsslssh_home="$PWD" #默认编译路径 install_path="/usr/local" #安装目录 install_files="$upsslssh_home/install" backup_files="$upsslssh_home/backup" log_files="$upsslssh_home/log" #源码包链接 zlib_url="https://www.zlib.net/$zlib_version.tar.gz" openssl_url="https://www.openssl.org/source/$openssl_version.tar.gz" openssh_url="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_version.tar.gz" #需要安装的依赖包 pkg_need="wget tar gcc gcc-c++ glibc make autoconf automake openssl openssl-devel pcre-devel pam pam-devel zlib zlib-devel" #输出信息颜色 color_0="\033[0m" color_R="\033[31m" color_G="\033[32m" color_Y="\033[33m" color_C="\033[36m" echo -e "\n" Install_make() { if [ -e /etc/redhat-release ] ; then os_version=`cat /etc/redhat-release | sed -r 's/.* ([0-9]+)\..*/\1/'` else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前操作系统可能不被支持，脚本退出. . ." sleep 2 echo -e "\n" exit fi if [[ $os_version -lt 6 ]] || [[ $os_version -gt 8 ]] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前操作系统版本可能不被支持，脚本退出. . ." sleep 2 echo -e "\n" exit fi if [ $(id -u) != "0" ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前用户为普通用户，必须使用root用户运行，脚本退出. . ." sleep 2 echo -e "\n" exit fi echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"即将升级Zlib版本至$las_zlib_version，升级OpenSSL版本至$las_openssl_version，升级OpenSSH版本至$las_openssh_version，"$color_0 echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"升级过程中请保持活动的连接窗口，切勿中途中断！为避免升级失败无法重连服务器，"$color_0 echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"请复制一个连接窗口以备不时之需，或自行配置Telnet服务预留另一个远程连接通道。"$color_0 echo -en `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"升级脚本即将开始，如暂不升级请在倒计时结束前按Ctrl+C终止脚本，倒计时: "$color_0 count=11 tput sc while true do if [ $count -ge 1 ] ; then let count-- sleep 1 tput rc tput ed echo -en $color_R"$count "$color_0 else break fi done echo -e "" echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在创建过程目录. . ." sleep 1 #创建文件 mkdir -p $install_files mkdir -p $backup_files mkdir -p $log_files mkdir -p $backup_files/zlib mkdir -p $backup_files/ssl mkdir -p $backup_files/ssh mkdir -p $log_files/zlib mkdir -p $log_files/ssl mkdir -p $log_files/ssh echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在关闭SELINUX. . ." sleep 1 sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config setenforce 0 >/dev/null 2>&1 echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在重建yum源缓存. . ." sleep 2 yum clean all >/dev/null 2>&1 yum makecache >/dev/null 2>&1 if [ $? -eq 0 ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "重建yum源缓存成功" else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "重建yum源缓存失败，脚本退出. . ." sleep 2 echo -e "\n" exit fi echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在安装依赖包. . ." sleep 2 yum install -y $pkg_need --nogpgcheck > $log_files/pkg_need.$date_time.txt 2>&1 if [ $? -eq 0 ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "安装软件依赖包成功" else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "安装软件依赖包失败，脚本退出. . ." sleep 2 echo -e "\n" exit fi } Install_backup() { echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在备份相关文件. . ." sleep 2 \cp -rf /usr/bin/openssl $backup_files/ssl/openssl.$old_openssl_version.$date_time.bak >/dev/null 2>&1 \cp -rf /etc/init.d/sshd $backup_files/ssh/sshd.$old_openssh_version.$date_time.bak >/dev/null 2>&1 \cp -rf /etc/ssh $backup_files/ssh/ssh.$old_openssh_version.$date_time.bak >/dev/null 2>&1 \cp -rf /usr/bin/ssh-copy-id $backup_files/ssh/ssh-copy-id.$old_openssh_version.$date_time.bak >/dev/null 2>&1 \cp -rf /usr/lib/systemd/system/sshd.service $backup_files/ssh/sshd.service.$old_openssh_version.$date_time.bak >/dev/null 2>&1 \cp -rf /etc/pam.d/sshd.pam $backup_files/ssh/sshd.pam.$old_openssh_version.$date_time.bak >/dev/null 2>&1 } Install_tar() { echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$zlib_version.tar.gz源码包. . ." sleep 2 if [ -e $upsslssh_home/$zlib_version.tar.gz ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "源码包$zlib_version.tar.gz已存在" else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "未发现$zlib_version.tar.gz源码包，正在从配置的链接中获取. . ." sleep 1 cd $upsslssh_home wget --no-check-certificate $zlib_url > $log_files/zlib/zlib_wget.$date_time.txt 2>&1 if [ $? -eq 0 ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$zlib_version下载完成" sleep 1 else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$zlib_version下载失败，脚本退出. . ." sleep 2 echo -e "\n" exit fi fi echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$openssl_version.tar.gz源码包. . ." sleep 2 if [ -e $upsslssh_home/$openssl_version.tar.gz ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "源码包$openssl_version.tar.gz已存在" else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "未发现$openssl_version.tar.gz源码包，正在从配置的链接中获取. . ." sleep 1 cd $upsslssh_home wget --no-check-certificate $openssl_url > $log_files/ssl/ssl_wget.$date_time.txt 2>&1 if [ $? -eq 0 ] ; then echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$openssl_version下载完成" sleep 1 else echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$openssl_version下载失败，脚本退出. . ." sleep 2 echo -e "\n" exit 1 fi fi echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$openssh_version.t