Linux-SSH升级及回退方案VIP专享VIP免费

LINUX-SSH升级及回退方案1.验证对比与记录的当前ssh及ssl版本是否一致ssh-V2.验证对比与记录的当前系统版本是否一致cat/etc/redhat-release一、配置yum源方法一：服务器中插入对应版本系统镜像光盘。cd/etc/yum.repos.d/转移原始配置文件lsmkdirbakmv*.repobak重新生成配置文件viyum.repo[local_rhel6]name=local_rhel6baseurl=file:///mnt/enabled=1gpgcheck=0挂载光盘镜像mount/dev/sr0/mnt清除yum缓存yumcleanall方法二：在系统中传入yum软件包创建yum目录cd/homemkdiryum向yum文件夹中考入yum软件包cd/etc/yum.repos.d/转移原始配置文件lsmkdirbakmv*.repobak重新生成配置文件viyum.repo[local_rhel6]name=local_rhel6baseurl=file:///home/yumenabled=1gpgcheck=0挂载光盘镜像mount/dev/sr0/mnt清除yum缓存yumcleanall二、安装Telnet查看telnet安装情况rpm-qa|greptelnet安装telnetyuminstalltelnet*将disable的yes修改为novi/etc/xinetd.d/telnetservicetelnet{flags=REUSEsocket_type=streamwait=nouser=rootserver=/usr/sbin/in.telnetdlog_on_failure+=USERIDdisable=no}重启服务servicexinetdrestart查询防火墙状态/etc/init.d/iptablesstatus临时关闭防火墙/etc/init.d/iptablesstop创建telnet登录用户useraddteltestpasswdteltest测试telnet登录三、安装相关软件查询软件安装状态rpm-qa|grepgccrpm-qa|grepzlib-develrpm-qa|grepopenssl-develrpm-qa|greppam-devel安装软件yum-yinstallgccyum-yinstallzlib-develyum-yinstallopenssl-develyum-yinstallpam-devel四、编译安装opensshcd/homemkdirsshtest传入openssh7.4文件解压并进入软件目录tar-xvfopenssh-7.4p1.tar.gzcdopenssh-7.4p1备份公钥cp-ar/etc/ssh/etc/ssh_bak编译安装./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--without-zlib-version-check--with-openssl-includes=/usr/--with-md5-passwords--mandir=/usr/share/manmakemakeinstall修改/etc/ssh/sshd_config文件sed-i's/GSSAPIAuthentication/#GSSAPIAuthentication/g'/etc/ssh/sshd_configsed-i's/GSSAPIAuthentication/#GSSAPIAuthentication/g'/etc/ssh/ssh_configsed-i's/GSSAPICleanupCredentials/#GSSAPICleanupCredentials/g'/etc/ssh/sshd_config允许root登录vi/etc/ssh/sshd_config#PermitRootLoginyes将ssh设置为开机启动chkconfigsshdonRedhat7版本命令行有变化systemctlenablesshd.service重启服务servicesshdrestart验证版本及登录ssh-V关闭TELNET登录将disable的no修改为yesvi/etc/xinetd.d/telnetservicetelnet{flags=REUSEsocket_type=streamwait=nouser=rootserver=/usr/sbin/in.telnetdlog_on_failure+=USERIDdisable=yes重启服务servicexinetdrestart五、回退方案卸载旧版sshyum-yremoveopenssh重装旧版sshyum-yinstallopensshopenssh-clientsopenssh-server将ssh设置为开机启动chkconfigsshdon重启服务servicesshdrestart验证版本及登录ssh-V六、禁用R系列服务检查rsh、rexec、rlogin服务是否关闭监听端口rexec512端口rlogin513端口rsh514端口netstat-an|grep512netstat-an|grep513netstat-an|grep514chkconfig--list基于xinetd的服务：echo-stream:关闭rexec:关闭rlogin:关闭rsh:关闭rsync:关闭关闭服务chkconfigrexecoffchkconfigrloginoffchkconfigrshoff