Openssh upgrade (from openssh_7.4p1 to openssh_8.4p1) [operation Script]


Openssh upgrade (from openssh_7.4p1 to openssh_8.4p1)

##--Status before upgrade
[[email protected]cs-e1d6-0001 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
##--Start upgrade
wget -c
wget -c
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel 
yum install -y pam* zlib*
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
tar xfz openssl-1.1.1h.tar.gz
cd openssl-1.1.1h
./config shared 
make -j4
make install
ln -s /usr/local/include/openssl /usr/include/openssl
ln -s /usr/local/bin/openssl /usr/bin/openssl 
ll /usr/include/openssl -ld
echo "/usr/local/lib">>/etc/   
cd ..
tar xf openssh-8.4p1.tar.gz 
cd openssh-8.4p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/  --with-zlib --with-md5-passwords --with-pam
make -j4
make install 
grep -E  "^PermitRootLogin|^UseDNS" /etc/ssh/sshd_config
#cho "PermitRootLogin yes" >>  /etc/ssh/sshd_config 
#ed -i  's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
echo -e "\nKexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"   >> /etc/ssh/sshd_config

 cp -a contrib/redhat/sshd.init /etc/init.d/sshd
 cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
 chmod +x /etc/init.d/sshd
 chkconfig --add sshd
 systemctl enable sshd
 mv  /usr/lib/systemd/system/sshd.service  /app/sshd.service 
 chkconfig sshd on
 /etc/init.d/sshd restart

##Verification after upgrade
[[email protected] ~]# ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1h  22 Sep 2020

This work adoptsCC agreement, reprint must indicate the author and the link to this article

:kissing_ closed_ eyes: