ReadHat5.4x86升级openssh
1. 环境准备
解压ReadHat5.4镜像需要版本对应我这里是rhel-server-5.4-i386-dvd.iso解压镜像找到目录rhel-server-5.4-i386-dvd\Server 注意大小版本不一致会导致出现问题。
找到如下文件复制到主机环境(一点点试出来的不要怀疑)
1 | kernel-headers-2.6.18-164.el5.i386.rpm #内核开发包 |
2 | glibc-headers-2.5-42.i386.rpm #gcc 编译环境必用 |
3 | glibc-devel-2.5-42.i386.rpm #gcc 编译环境必用 |
4 | gcc-4.1.2-46.el5.i386.rpm #gcc 编译环境必用 |
5 | e2fsprogs-devel-1.39-23.el5.i386.rpm #GSSAPI |
6 | krb5-devel-1.6.1-36.el5.i386.rpm #GSSAPI 主要是为了安装krb5 |
7 | libselinux-devel-1.33.4-5.5.el5.i386.rpm #GSSAPI |
8 | libsepol-devel-1.15.2-2.el5.i386.rpm #GSSAPI |
9 | pam-devel-0.99.6.2-6.el5.i386.rpm #PAM认证模块 |
10 | keyutils-libs-devel-1.2-1.el5.i386.rpm #GSSAPI |
11 | libgomp-4.4.0-6.el5.i386.rpm #gcc 编译环境必用 |
下载如下文件
1 | zlib-1.2.11.tar.gz |
2 | openssh-7.5p1.tar.gz |
3 | openssl-1.0.2h.tar.gz |
2. 安装
编译环境安装注意顺序
1 | 安装编译环境 |
2 | rpm -ivh kernel-headers-2.6.18-164.el5.i386.rpm |
3 | rpm -ivh glibc-headers-2.5-42.i386.rpm |
4 | rpm -ivh glibc-devel-2.5-42.i386.rpm |
5 | rpm -ivh libgomp-4.4.0-6.el5.i386.rpm |
6 | rpm -ivh gcc-4.1.2-46.el5.i386.rpm |
7 | PAM模块支持 |
8 | rpm -ivh pam-devel-0.99.6.2-6.el5.i386.rpm |
9 | 安装GSSAPI支持 openssh 使用的 |
10 | rpm -ivh e2fsprogs-devel-1.39-23.el5.i386.rpm |
11 | rpm -ivh libsepol-devel-1.15.2-2.el5.i386.rpm |
12 | rpm -ivh libselinux-devel-1.33.4-5.5.el5.i386.rpm |
13 | rpm -ivh keyutils-libs-devel-1.2-1.el5.i386.rpm |
14 | rpm -ivh krb5-devel-1.6.1-36.el5.i386.rpm |
zlib安装
1 | 解压 |
2 | tar -zxvf zlib-1.2.11.tar.gz |
3 | 进入目录 |
4 | cd zlib-1.2.11 |
5 | 编译安装 |
6 | ./configure |
7 | make && make install |
OpenSSL安装
1 | 解压 |
2 | tar -zxvf openssl-1.0.2h.tar.gz |
3 | 进入目录 |
4 | cd openssl-1.0.2h |
5 | 编译安装shell |
6 | ./config --prefix=/usr/local/openssl-1.0.2h shared zlib-dynamic enable-camellia |
7 | make depend |
8 | make && make install |
9 | 移除不必要文件 |
10 | mv /usr/bin/openssl /usr/bin/openssl.bak |
11 | 建立软连接(方便后续升级,只需要更改链接位置) |
12 | ln -s /usr/local/openssl-1.0.2h/ /usr/local/ssl |
13 | 后续操作 |
14 | ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl |
15 | ln -s /usr/local/ssl/include/openssl /usr/include/openssl |
16 | echo "/usr/local/ssl/lib" >> /etc/ld.so.conf |
17 | ldconfig -v |
18 | 查看openssl版本 |
19 | openssl version -a |
安装OpenSSH
1 | 解压 |
2 | tar -zxvf openssh-7.5p1.tar.gz |
3 | 进入目录 |
4 | cd openssh-7.5p1 |
5 | 编译安装 |
6 | ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-ssl-dir=/usr/local/ssl --with-kerberos5=/usr/include/krb5/ |
7 | make && make install |
8 | 修改配置文件。不修改root账户无法远程 |
9 | echo " PermitRootLogin yes " >> /etc/ssh/sshd_config && echo " PasswordAuthentication yes " >> /etc/ssh/sshd_config |
10 | 重启 |
11 | service sshd restart |
后续
1 | #如果是全新安装(如果以前有OpenSSH可以不用) |
2 | cp contrib/redhat/sshd.init /etc/init.d/sshd |
3 | chkconfig sshd on |
4 | chkconfig –list |grep ssh |
5 | chkconfig --add sshd |
6 | chkconfig --list | grep ssh |
3. 错误解决方案
Permission denied
1 | Stopping sshd: [ OK ] |
2 | Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.1.0.0: failed to map segment from shared object: Permission denied |
解决方案关闭selinux
临时关闭为
1 | setenforce 0 |
openssl header and openssl 版本不匹配
这个问题很烦人。出现在ubuntu系统当中显示的openssl header version和 openssl library不匹配。header 头是OpenSSL 1.0.2h 。动态链接库是1.0.1f经过读配置文件
1 | DEFAULT_LIBPATH=/usr/lib:/usr/local/lib |
2 | LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH} |
3 | LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} |
4 | LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} |
5 | export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH |
6 | |
7 | ... |
8 | |
9 | echo Searching for OpenSSL shared library files. |
10 | if [ -x "`which locate`" ] |
11 | then |
12 | libraries=`locate libcrypto.s` |
13 | else |
14 | libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null` |
15 | fi |
16 | for lib in $libraries |
17 | do |
18 | (echo "Trying libcrypto $lib" >>findssl.log |
19 | dir=`dirname $lib` |
20 | LIBPATH="$dir:$LIBPATH" |
21 | LD_LIBRARY_PATH="$dir:$LIBPATH" |
22 | LIBRARY_PATH="$dir:$LIBPATH" |
23 | export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH |
24 | ${CC} -o conftest conftest.c $lib 2>>findssl.log |
25 | if [ -x ./conftest ] |
26 | then |
27 | ver=`./conftest 2>/dev/null` |
28 | rm -f ./conftest |
29 | echo "$ver $lib" |
30 | fi) |
31 | done |
具体找动态库的过程如下。
1 | echo Searching for OpenSSL shared library files. |
2 | if [ -x "`which locate`" ] |
3 | then |
4 | libraries=`locate libcrypto.s` |
5 | else |
6 | libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null` |
7 | fi |
先通过locate 找,如果找不到会用find找。
locate 找的过程如下。docker里面竟然也有
1 | root@user-virtual-machine:~# locate libcrypto.s |
2 | /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
3 | /usr/local/openssl-1.0.2h/lib/libcrypto.so |
4 | /usr/local/openssl-1.0.2h/lib/libcrypto.so.1.0.0 |
5 | /var/lib/docker/aufs/diff/48731f0a6276cfb5d94a8f18690d56f88a586e701f1dd7f56889f26be990277d/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
6 | /var/lib/docker/aufs/diff/651c0c22a557f2bb2ac346fab05e15df10f5ffde66c44c1c2fc3aa17850744a8/usr/lib/x86_64-linux-gnu/libcrypto.so |
7 | /var/lib/docker/aufs/diff/83e4dde6b9cfddf46b75a07ec8d65ad87a748b98cf27de7d5b3298c1f3455ae4/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
8 | /var/lib/docker/aufs/mnt/4f4125739168e5324a507778735f107aca12cea87c92fa63557592631c272f79/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
9 | /var/lib/docker/aufs/mnt/4f4125739168e5324a507778735f107aca12cea87c92fa63557592631c272f79/usr/lib/x86_64-linux-gnu/libcrypto.so |
10 | /var/lib/docker/aufs/mnt/77cad9873440852548dd92b5757290603941be92ca871d6a90280cb13b6e6c7e/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
11 | /var/lib/docker/aufs/mnt/c07784415822e936b897fbff950e8d436d692224675710032487f8c17fae9a41/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
12 | /var/lib/docker/aufs/mnt/de60c0e2b4379a6ab58e7ec8863a075a52b9c79f54e08f0cd7f63fa6682e4c49/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
移除
1 | mv /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /tmp/test/ |
更新一下数据库updatedb再次查看
1 | root@user-virtual-machine:~# locate libcrypto.s |
2 | /usr/local/openssl-1.0.2h/lib/libcrypto.so |
3 | /usr/local/openssl-1.0.2h/lib/libcrypto.so.1.0.0 |
4 | /var/lib/docker/aufs/diff/48731f0a6276cfb5d94a8f18690d56f88a586e701f1dd7f56889f26be990277d/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
5 | /var/lib/docker/aufs/diff/651c0c22a557f2bb2ac346fab05e15df10f5ffde66c44c1c2fc3aa17850744a8/usr/lib/x86_64-linux-gnu/libcrypto.so |
6 | /var/lib/docker/aufs/diff/83e4dde6b9cfddf46b75a07ec8d65ad87a748b98cf27de7d5b3298c1f3455ae4/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
7 | /var/lib/docker/aufs/mnt/4f4125739168e5324a507778735f107aca12cea87c92fa63557592631c272f79/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
8 | /var/lib/docker/aufs/mnt/4f4125739168e5324a507778735f107aca12cea87c92fa63557592631c272f79/usr/lib/x86_64-linux-gnu/libcrypto.so |
9 | /var/lib/docker/aufs/mnt/77cad9873440852548dd92b5757290603941be92ca871d6a90280cb13b6e6c7e/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
10 | /var/lib/docker/aufs/mnt/c07784415822e936b897fbff950e8d436d692224675710032487f8c17fae9a41/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
11 | /var/lib/docker/aufs/mnt/de60c0e2b4379a6ab58e7ec8863a075a52b9c79f54e08f0cd7f63fa6682e4c49/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 |
编译安装即可
实在不行还可以设置LD_LIBRARY_PATH
解决方案
1 | LD_LIBRARY_PATH=/usr/local/ssl/lib |
但是需要把这个加入环境变量
ldconfig: xx.so.15 is not a symbolic link
mv xx.so.15 xx.so.15.b
ln -s xx.so.15.b xx.so.15
bad register name
/tmp/ccOI6RR5.s:1448: Error: bad register name %rbp'
/tmp/ccOI6RR5.s:1451: Error: bad register name%rsp’
/tmp/ccOI6RR5.s:1452: Error: bad register name %rbx'
/tmp/ccOI6RR5.s:1453: Error: bad register name%rbp’
/tmp/ccOI6RR5.s:1454: Error: bad register name %r12'
/tmp/ccOI6RR5.s:1455: Error: bad register name%r13’
gcc版本bug
在configure \$CC 全局替换成 \$CC -m 64 编译即可
需要编译的时候加入-m64