#!/bin/bash
#upgrade-openssh-pve.sh
#upgrade-openssh-pve.tar.gz file is needed, decompressing and entering!
#VER is the target openssh version, eg:openssh-9.8p1.tar.gz
VER=9.8p1
current_version=$(ssh -V 2>&1);
echo "*********************** Current openssh version is: $current_version"
if [ "$(echo $current_version|awk -F'[,_]' '{print $2}')" != $VER ];then
echo "*********************** Let's begin upgrade openssh to $VER!";
else
echo "*********************** There is nothing to upgrade openssh, the installed version is latest($VER)!";
exit 1;
fi;
if ! grep -q "223.5.5.5" /etc/resolv.conf;then echo "nameserver 223.5.5.5" >> /etc/resolv.conf;fi;
ping -c 1 223.5.5.5> /dev/null 2>&1;
if [ ! $? -ne 0 ]; then
if [ "$(basename "$PWD")" != "upgrade-openssh-pve" ];then
echo "*********************** Error: current path must be in upgrade-openssh-pve because ofno Internet environment!!!";
exit 1;
fi;
fi;
sed -i 's@deb.debian.org@mirrors.huaweicloud.com@g' /etc/apt/sources.list;
sed -i 's@ftp.debian.org@mirrors.huaweicloud.com@g' /etc/apt/sources.list;
sed -i 's@security.debian.org@mirrors.huaweicloud.com/debian-security@g' /etc/apt/sources.list;
sed -i 's@^deb@#deb@g' /etc/apt/sources.list.d/pve-enterprise.list;
bake-time=$(date +"%Y%m%d-%H-%M-%S")
echo "bake time is: $bake-time"
mv /usr/share/proxmox-ve/pve-apt-hook /usr/share/proxmox-ve/pve-apt-hook.bak-${bake-time};
touch /usr/share/proxmox-ve/pve-apt-hook && chmod 777 /usr/share/proxmox-ve/pve-apt-hook;
systemctl stop ssh;
mv /etc/ssh /etc/ssh-bak-${bake-time} && mv /etc/pam.d/sshd /etc/pam.d/sshd-bak-${bake-time};
ping -c 1 223.5.5.5> /dev/null 2>&1;
if [ $? -ne 0 ]; then
apt update;
apt remove -y openssh-server;
systemctl daemon-reload;
apt install -y libssl-dev gcc g++ gdb cpp make cmake libtool libc6 autoconf automake pkg-config build-essential gettext
apt install -y libzstd1 zlib1g libssh-4 libssh-dev libc6-dev libc6 libcrypt-dev libpam0g-dev
apt install -y net-tools vim ethtool firewalld
if ! test -f openssh-${VER}.tar.gz; then
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-${VER}.tar.gz;
fi;
else
if [ ! f "openssh-client_sftp-server-update.tar.gz" ];then
echo "*********************** Error: openssh-client_sftp-server-update.tar.gz does not exist!";
exit 1;
fi;
tar -xzvf openssh-client_sftp-server-update.tar.gz;
dpkg -i ./openssh-client_sftp-server-update/*.deb;
apt remove openssh-server;
systemctl daemon-reload;
apt remove openssh-server;
mv /usr/share/proxmox-ve/pve-apt-hook.bak /usr/share/proxmox-ve/pve-apt-hook;
if [ ! f "openssh-depends.tar.gz" ];then
echo "*********************** Error: openssh-depends.tar.gz does not exist!";
exit 1;
fi;
tar -xzvf openssh-depends.tar.gz;
dpkg -i ./openssh-depends/*.deb;
fi;
if test -f openssh-${VER}.tar.gz; then
if test -d openssh-${VER};then
cd openssh-${VER};
make clean;
else
tar -xvf openssh-${VER}.tar.gz && cd openssh-${VER};
fi
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-pam;
make && make install;
else
echo "*********************** Error: openssh-${VER}.tar.gz file not found, please check!";
exit 1;
fi;
mv /etc/ssh /etc/ssh-${VER} && mv /etc/ssh-bak-${bake-time} /etc/ssh;
mv /etc/pam.d/sshd-bak-${bake-time} /etc/pam.d/sshd;
systemctl unmask ssh && systemctl start ssh && systemctl enable ssh;
upgrade_version=$(ssh -V 2>&1);
echo "*********************** Upgrade completed! old version: $current_version -------> new version: $upgrade_version"
没有合适的资源?快使用搜索试试~ 我知道了~
升级pve的openssh,使其为最新的版本 改包可以离线升级
需积分: 4 0 下载量 69 浏览量
2024-09-04
19:17:32
上传
评论
收藏 94.48MB GZ 举报
温馨提示
规避openssh漏洞(CVE-2024-6387是一个影响OpenSSH的远程代码执行(RCE)漏洞) 针对pve7.x和pve8.x的版本都可以使用。 既可以在线环境下升级,也可以离线环境下升级(资源包都已经下载好了) 直接运行upgrade-openssh-pve.sh脚本即可升级!
资源推荐
资源详情
资源评论
收起资源包目录
upgrade-openssh-pve.tar.gz (4个子文件)
upgrade-openssh-pve
openssh-depends.tar.gz 91.34MB
upgrade-openssh-pve.sh 3KB
openssh-9.8p1.tar.gz 1.82MB
openssh-client_sftp-server-update.tar.gz 1.31MB
共 4 条
- 1
资源评论
一只tobey
- 粉丝: 318
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功