#!/bin/bash# 安装编译环境yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam pam-devel# 【openssl】# 备份当前opensslmv /usr/bin/openssl /usr/bin/openssl_bakmv /usr/include/openssl /usr/include/openssl_bak# 编译安装openssltar xf openssl-1.0.2u.tar.gzcd openssl-1.0.2u./config shared && make && make install# 创建软连接ln -s /usr/local/ssl/bin/openssl /usr/bin/opensslln -s /usr/local/ssl/include/openssl /usr/include/openssl# 加载新配置echo "/usr/local/ssl/lib" >> /etc/ld.so.conf/sbin/ldconfig# 查看当前openssl 版本openssl versioncd ..# 【openssh】# 编译安装tar xf openssh-8.8p1.tar.gzcd openssh-8.8p1./configure --prefix=/usr/local/myssh_8.8p1 \--sysconfdir=/usr/local/myssh_8.8p1/ssh \--with-openssl-includes=/usr/local/ssl/include \-with-ssl-dir=/usr/local/ssl \--with-privsep-user=sshd --with-zlib \--with-pam \--with-md5-passwordsmake && make install# 备份opensshmv /etc/init.d/sshd /etc/init.d/sshd.bakmv /usr/sbin/sshd /usr/sbin/sshd.bakmv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bakmv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak_`date '+%Y%m%d'`# 创建软连接ln -s /usr/local/myssh_8.8p1/sbin/sshd /usr/sbin/sshdln -s /usr/local/myssh_8.8p1/ssh/sshd_config /etc/ssh/sshd_config# 复制sshd启动脚本cp -a contrib/redhat/sshd.init /etc/init.d/sshdcp -a /usr/local/myssh_8.8p1/bin/ssh-keygen /usr/bin/ssh-keygen# 允许root用户远程连接sed -i '20a PermitRootLogin yes' /usr/local/myssh_8.8p1/ssh/sshd_config# 避开绿盟安全扫描echo "Protocol 2" >> /usr/local/myssh_8.8p1/ssh/sshd_configecho "Banner /etc/ssh_banner" >> /usr/local/myssh_8.8p1/ssh/sshd_config# 设置对旧版本支持的算法,否则会报错no hostkey algnoecho "HostKeyAlgorithms=+ssh-rsa,ssh-dss" >> /usr/local/myssh_8.8p1/ssh/sshd_config# 禁止dns解析sed -i 's/#UseDNS no/UseDNS no/g' /usr/local/myssh_8.8p1/ssh/sshd_config#chkconfig sshd on#service sshd restart#sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /usr/local/myssh_8.8p1/ssh/sshd_config
若有收获,就点个赞吧
0 人点赞
