centos7.2离线更新openssl和openssh
centos7.2离线更新openssl和openssh
一、 原来环境和版本
二、准备的包
三、安装依赖包
安装pam
安装xinted
安装zlib
安装telnet
开启xinetd
启动telnet
关闭selinux
关闭防火墙
四、升级OpenSSL
确保先有编译环境gcc,gcc-c++
卸载旧的openssl包
安装
make
配置ssl库
查看openssl版本
五、升级OpenSSH
卸载
安装
备份ssh
删除原ssh配置目录
make
配置
查看版本
执行命令(这一步也很重要):
六、关闭telnet
关闭telnet服务
还原
配置生效
删除(卸载)telnet-server包,命令如下:
注释23端口号
一、 原来环境和版本
centos7.2
[root@incloudos openssh-8.0p1]# uname -r 3.10.0-327.el7.x86_64 [root@incloudos openssh-8.0p1]# cat
/etc/redhat-release CentOS Linux release 7.2.1511 (Core)
openssl
[root@incloudos ~]# openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Mon Jun 29 12:45:07
UTC 2015 platform: linux-x86_64
openssh
[root@incloudos ~]# ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
httpd
[root@incloudos ~]# httpd -V Server version: Apache/2.4.6 (CentOS) Server built: Jul 18 2016 15:30:14
Server's Module Magic Number: 20120211:24 Server loaded: APR 1.4.8, APR-UTIL 1.5.2 Compiled using:
APR 1.4.8, APR-UTIL 1.5.2 Architecture: 64-bit
二、准备的包
openssl-1.0.2o.tar.gz
openssh-7.7p1.tar.gz
pam-1.1.8-22.el7.x86_64.rpm
pam-devel-1.1.8-22.el7.x86_64.rpm
zlib-1.2.7-17.el7.x86_64.rpm
zlib-devel-1.2.7-17.el7.x86_64.rpm
telnet-0.17-64.el7.x86_64.rpm
telnet-server-0.17-64.el7.x86_64.rpm
openssl-1.0.2k-12.el7.x86_64.rpm
之所以需要低版本的openssl,是因为如果在后面卸载openssl后,无法继续操作的话,再次安装openssl,不至于造
成系统无法使用。
这些包可以自己搜索一下去下载,也可以通过yumdownloader来下载。(yumdownload 是安装yum-utils后可以使
用)
先在外网安装yum-utils
yum install yum-utils
例如下载pam,可以执行:
#yumdownloader pam
也可以不用安装yum-utils,可以使用下面的命令下载相关依赖包
#yum install --downloadonly --downloaddir=/root/ pam
先下载好离线包,然后复制到内网机器,准备升级。
升级openssh,先要开启telnet,确保telnet可以正常登陆。这样当openssh升级出现问题的时候,还可以通过
telnet登录到服务器操作。
三、安装依赖包
pam, pam-devel, xinted, zlib, zlib-devel, telnet, telnet-server
安装pam
先查看是否有pam已经安装
#rpm -qa |grep pam
服务器上面有pam的包。
采用rpm -U升级安装,免得rpm -e --nodeps卸载包出现问题。(而且真有可能出现问题,尤其是zlib包)
安装xinted
#rpm -Uvh xinetd-2.3.15-13.el7.x86_64.rpm
[root@incloudos ~]# rpm -qa |grep pam
fprintd-pam-0.5.0-4.0.el7_0.x86_64
pam-1.1.8-12.el7_1.1.x86_64
#rpm -Uvh pam-1.1.8-22.el7.x86_64.rpm
#rpm -Uvh pam-devel-1.1.8-22.el7.x86_64.rpm
[root@incloudos 2pam]# rpm -Uvh pam-1.1.8-22.el7.x86_64.rpm
warning: pam-1.1.8-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5:
NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:pam-1.1.8-22.el7 ################################# [ 50%]
Cleaning up / removing...
2:pam-1.1.8-12.el7_1.1 ################################# [100%]
[root@incloudos 3pam-devel]# rpm -Uvh pam-devel-1.1.8-22.el7.x86_64.rpm
warning: pam-devel-1.1.8-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID
f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:pam-devel-1.1.8-22.el7 ################################# [100%]
安装zlib
#rpm -Uvh zlib-1.2.7-18.el7.x86_64.rpm
#rpm -Uvh zlib-devel-1.2.7-18.el7.x86_64.rpm
先用createrepo,再新建zlib-devel.repo,试用 yum install zlib-devel安装,提示
[root@incloudos 4xinted]# rpm -Uvh xinetd-2.3.15-13.el7.x86_64.rpm
warning: xinetd-2.3.15-13.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5:
NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:xinetd-2:2.3.15-13.el7 ################################# [ 50%]
Cleaning up / removing...
2:xinetd-2:2.3.15-12.el7 ################################# [100%]
[root@incloudos 5zlib]# rpm -Uvh zlib-1.2.7-18.el7.x86_64.rpm
warning: zlib-1.2.7-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5:
NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:zlib-1.2.7-18.el7 ################################# [ 50%]
Cleaning up / removing...
2:zlib-1.2.7-15.el7 ################################# [100%]
[root@incloudos 5zlib]# rpm -Uvh zlib-devel-1.2.7-18.el7.x86_64.rpm
warning: zlib-devel-1.2.7-18.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID
f4a80eb5: NOKEY
error: Failed dependencies:
zlib-devel(x86-32) is needed by (installed) openssl-devel-1:1.0.1e-42.el7.9.i686
[root@incloudos yum.repos.d]# yum install zlib-devel
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package zlib-devel.x86_64 0:1.2.7-15.el7 will be updated
---> Package zlib-devel.x86_64 0:1.2.7-18.el7 will be an update
--> Finished Dependency Resolution
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:
1. You have an upgrade for zlib-devel which is missing some
dependency that another package requires. Yum is trying to
solve this by installing an older version of zlib-devel of the
different architecture. If you exclude the bad architecture
yum will tell you what the root cause is (which package
requires what). You can try redoing the upgrade with
--exclude zlib-devel.otherarch ... this should give you an error
message showing the root cause of the problem.
没升成功zlib-devel, 因为之前已经在使用zlib-devel-1.2.7-15.el7.i686
先略过...
安装telnet
#rpm -Uvh telnet-0.17-64.el7.x86_64.rpm
#rpm -Uvh telnet-server-0.17-64.el7.x86_64.rpm
开启xinetd
#systemctl start xinetd
查看状态
#systemctl status xinetd
#systemctl enable xinetd
2. You have multiple architectures of zlib-devel installed, but
yum can only see an upgrade for one of those architectures.
If you don't want/need both architectures anymore then you
can remove the one with the missing update and everything
will work.
3. You have duplicate versions of zlib-devel installed already.
You can use "yum check" to get yum show these errors.
...you can also use --setopt=protected_multilib=false to remove
this checking, however this is almost never the correct thing to
do as something else is very likely to go wrong (often causing
much more problems).
Protected multilib versions: zlib-devel-1.2.7-18.el7.x86_64 != zlib-devel-1.2.7-
15.el7.i686
[root@incloudos 6telnet]# rpm -Uvh telnet-0.17-64.el7.x86_64.rpm
warning: telnet-0.17-64.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5:
NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:telnet-1:0.17-64.el7 ################################# [ 50%]
Cleaning up / removing...
2:telnet-1:0.17-59.el7 ################################# [100%]
[root@incloudos 6telnet]# rpm -Uvh telnet-server-0.17-64.el7.x86_64.rpm
warning: telnet-server-0.17-64.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID
f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:telnet-server-1:0.17-64.el7 ################################# [100%]
