#!/bin/bash# 安装编译环境yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam* zlib*# 【openssl】# 编译安装opensslwget --no-check-certificate https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gztar xf openssl-1.0.2u.tar.gzcd openssl-1.0.2u./config shared && make && make install# 备份当前opensslmv /usr/bin/openssl /usr/bin/openssl_bakmv /usr/include/openssl /usr/include/openssl_bak# 创建软连接ln -s /usr/local/ssl/bin/openssl /usr/bin/opensslln -s /usr/local/ssl/include/openssl /usr/include/openssl# 加载新配置echo "/usr/local/ssl/lib" >> /etc/ld.so.conf/sbin/ldconfig# 查看当前openssl 版本openssl versioncd ..# 【openssh】# 编译安装wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gztar xf openssh-8.9p1.tar.gzcd openssh-8.9p1./configure --prefix=/usr/local/myssh_8.9p1 \--sysconfdir=/usr/local/myssh_8.9p1/ssh \--with-openssl-includes=/usr/local/ssl/include \-with-ssl-dir=/usr/local/ssl \--with-privsep-user=sshd --with-zlib \--with-pammake && make install# 备份opensshmv /etc/init.d/sshd /etc/init.d/sshd.bak_`date '+%Y%m%d'`mv /usr/sbin/sshd /usr/sbin/sshd.bak_`date '+%Y%m%d'`mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak_`date '+%Y%m%d'`# 创建软连接ln -s /usr/local/myssh_8.9p1/sbin/sshd /usr/sbin/sshdln -s /usr/local/myssh_8.9p1/ssh/sshd_config /etc/ssh/sshd_config# 复制sshd启动脚本cp contrib/redhat/sshd.init /etc/init.d/sshd# 允许root用户远程连接# sed -i '20a PermitRootLogin yes' /usr/local/myssh_8.9p1/ssh/sshd_config# 避开绿盟安全扫描echo "Protocol 2" >> /usr/local/myssh_8.9p1/ssh/sshd_configecho "Banner /etc/ssh_banner" >> /usr/local/myssh_8.9p1/ssh/sshd_config# 禁止dns解析sed -i 's/#UseDNS no/UseDNS no/g' /usr/local/myssh_8.9p1/ssh/sshd_config# 不移走的话影响启动mv /usr/lib/systemd/system/sshd.service /root/chkconfig sshd on# 重启sshdsystemctl restart sshd# sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /usr/local/myssh_8.9p1/ssh/sshd_configsed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /usr/local/myssh_8.9p1/ssh/sshd_config#
若有收获,就点个赞吧
0 人点赞
