Linux Centos7离线升级最新版OpenSSH
先在有网络的机器上下载安装包:
# 在有网络的CentOS 7机器上执行
mkdir -p /opt/download
cd /opt/download
# 使用这个命令可以正确下载
yum install -y yum-utils
repotrack -p /opt/download \
gcc \
gcc-c++ \
make \
autoconf \
openssl \
openssl-devel \
pcre-devel \
pam-devel \
zlib-devel \
tcp_wrappers-devel
# 删除 i686 架构的包
find /opt/download -name "*i686*" -delete
#文件上传至离线机器上执行:
yum localinstall --nogpgcheck --disablerepo=* *.rpm
# 或者强制安装(谨慎使用)
sudo rpm -ivh --nodeps --force *.rpm
安装脚本:
#!/bin/bash
#
#########################################################
# Function :openssh-9.6p1 update (离线版) #
# Platform :Centos7.X #
# Version :2.0 #
# Date :2022-05-01 #
#########################################################
clear
export LANG="en_US.UTF-8"
# 版本定义
zlib_version="zlib-1.3.1"
openssl_version="openssl-1.1.1q"
openssh_version="openssh-9.6p1"
# 安装包地址
file="/opt"
# 默认编译路径
default="/usr/local"
date_time=`date +%Y-%m-%d—%H:%M`
# 安装目录
file_install="$file/openssh_install"
file_backup="$file/openssh_backup"
file_log="$file/openssh_log"
# 源码包本地路径(离线版修改:指定本地tar包路径)
zlib_local="$file/$zlib_version.tar.gz"
openssl_local="$file/$openssl_version.tar.gz"
openssh_local="$file/$openssh_version.tar.gz"
# 创建必要的目录
mkdir -p "$file_install" "$file_backup" "$file_log" \
"$file_backup/zlib" "$file_backup/ssl" "$file_backup/ssh" \
"$file_log/zlib" "$file_log/ssl" "$file_log/ssh" \
"$file_install/zlib"
# 检查本地源码包是否存在
check_local_packages() {
echo -e "\033[33m 检查本地源码包... \033[0m"
sleep 2
local missing_packages=()
if [ ! -f "$zlib_local" ]; then
missing_packages+=("$zlib_version.tar.gz")
fi
if [ ! -f "$openssl_local" ]; then
missing_packages+=("$openssl_version.tar.gz")
fi
if [ ! -f "$openssh_local" ]; then
missing_packages+=("$openssh_version.tar.gz")
fi
if [ ${#missing_packages[@]} -gt 0 ]; then
echo -e "\033[31m--------------------------------------------------------------- \033[0m"
echo -e " 以下源码包缺失,请放置在 $file/ 目录下:"
for pkg in "${missing_packages[@]}"; do
echo -e " - $pkg"
done
echo -e "\033[31m--------------------------------------------------------------- \033[0m"
exit 1
else
echo -e "\033[32m 所有源码包已就绪 \033[0m"
fi
echo ""
}
# 检查依赖包是否已安装
check_dependencies() {
echo -e "\033[33m 检查系统依赖包... \033[0m"
sleep 2
local dependencies=("gcc" "gcc-c++" "glibc" "make" "autoconf" "openssl" "openssl-devel"
"pcre-devel" "pam-devel" "zlib-devel" "tcp_wrappers-devel")
local missing_deps=()
for dep in "${dependencies[@]}"; do
if ! rpm -q "$dep" >/dev/null 2>&1; then
missing_deps+=("$dep")
fi
done
if [ ${#missing_deps[@]} -gt 0 ]; then
echo -e "\033[31m--------------------------------------------------------------- \033[0m"
echo -e " 以下依赖包未安装,请先离线安装:"
for dep in "${missing_deps[@]}"; do
echo -e " - $dep"
done
echo -e "\033[31m 请使用: rpm -ivh package.rpm 或 yum localinstall package.rpm 安装 \033[0m"
echo -e "\033[31m--------------------------------------------------------------- \033[0m"
exit 1
else
echo -e "\033[32m 所有系统依赖包已安装 \033[0m"
fi
echo ""
}
Install_make()
{
# Check if user is root
if [ $(id -u) != "0" ]; then
echo -e "\033[33m--------------------------------------------------------------- \033[0m"
echo -e " 当前用户为普通用户,必须使用root用户运行,脚本退出中......" "\033[31m Error\033[0m"
echo -e "\033[33m--------------------------------------------------------------- \033[0m"
echo ""
sleep 4
exit 1
fi
# 离线版修改:移除wget和tar的在线安装
echo -e "\033[33m 检查必要工具... \033[0m"
sleep 2
if ! type tar >/dev/null 2>&1; then
echo -e "\033[31m tar 未安装,请先离线安装tar工具 \033[0m"
exit 1
fi
echo -e "\033[32m 所有必要工具已就绪 \033[0m"
echo ""
}
Install_backup()
{
echo -e "\033[33m 开始备份文件... \033[0m"
sleep 2
#备份文件
cp -rf /usr/bin/openssl $file_backup/ssl/openssl_$date_time.bak > /dev/null 2>&1
cp -rf /etc/init.d/sshd $file_backup/ssh/sshd_$date_time.bak > /dev/null 2>&1
cp -rf /etc/ssh $file_backup/ssh/ssh_$date_time.bak > /dev/null 2>&1
[ -f /usr/lib/systemd/system/sshd.service ] && \
cp -rf /usr/lib/systemd/system/sshd.service $file_backup/ssh/sshd_$date_time.service.bak > /dev/null 2>&1
[ -f /etc/pam.d/sshd.pam ] && \
cp -rf /etc/pam.d/sshd.pam $file_backup/ssh/sshd_$date_time.pam.bak > /dev/null 2>&1
echo -e "\033[32m 文件备份完成 \033[0m"
echo ""
}
Remove_openssh()
{
echo -e "\033[33m 卸载原有openssh... \033[0m"
sleep 2
# 卸载原有的openssh
rpm -e --nodeps `rpm -qa | grep openssh` 2>/dev/null
echo -e "\033[32m openssh卸载完成 \033[0m"
echo ""
}
# 离线版修改:移除下载相关的函数,直接使用本地文件
Install_zlib(){
echo -e "\033[33m 1.1-正在解压Zlib软件包...... \033[0m"
sleep 2
tar -xzf "$zlib_local" -C "$file_install" > /dev/null
if [ -d "$file_install/$zlib_version" ]; then
echo -e "\033[32m zlib解压成功 \033[0m"
else
echo -e "\033[31m zlib解压失败 \033[0m"
exit 1
fi
echo -e "\033[33m 1.2-正在编译安装Zlib服务...... \033[0m"
sleep 2
cd "$file_install/$zlib_version"
./configure --prefix=$default/$zlib_version > "$file_log/zlib/zlib_configure_$date_time.txt" 2>&1
if [ $? -eq 0 ]; then
make > "$file_log/zlib/zlib_make_$date_time.txt" 2>&1
make test > "$file_log/zlib/zlib_test_$date_time.txt" 2>&1
make install > "$file_log/zlib/zlib_install_$date_time.txt" 2>&1
if [ -e "$default/$zlib_version/lib/libz.so" ]; then
sed -i '/zlib/'d /etc/ld.so.conf
echo "$default/$zlib_version/lib" >> /etc/ld.so.conf
echo "$default/$zlib_version/lib" >> /etc/ld.so.conf.d/zlib.conf
ldconfig -v > "$file_log/zlib/zlib_ldconfig_$date_time.txt" 2>&1
/sbin/ldconfig
echo -e "\033[32m zlib安装成功 \033[0m"
else
echo -e "\033[31m zlib安装失败 \033[0m"
exit 1
fi
else
echo -e "\033[31m zlib配置失败 \033[0m"
exit 1
fi
echo ""
}
Install_openssl(){
echo -e "\033[33m 2.1-正在解压Openssl...... \033[0m"
sleep 2
tar -xzf "$openssl_local" -C "$file_install" > /dev/null
if [ -d "$file_install/$openssl_version" ]; then
echo -e "\033[32m openssl解压成功 \033[0m"
else
echo -e "\033[31m openssl解压失败 \033[0m"
exit 1
fi
echo -e "\033[33m 2.2-正在编译安装Openssl服务...... \033[0m"
sleep 2
cd "$file_install/$openssl_version"
./config shared zlib --prefix=$default/$openssl_version > "$file_log/ssl/ssl_config_$date_time.txt" 2>&1
if [ $? -eq 0 ]; then
make clean > "$file_log/ssl/ssl_clean_$date_time.txt" 2>&1
make -j $(nproc) > "$file_log/ssl/ssl_make_$date_time.txt" 2>&1
make install > "$file_log/ssl/ssl_install_$date_time.txt" 2>&1
# 备份并创建链接
[ -f /usr/bin/openssl ] && mv /usr/bin/openssl /usr/bin/openssl_$date_time.bak
if [ -e "$default/$openssl_version/bin/openssl" ]; then
sed -i '/openssl/'d /etc/ld.so.conf
echo "$default/$openssl_version/lib" >> /etc/ld.so.conf
ln -sf "$default/$openssl_version/bin/openssl" /usr/bin/openssl
ln -sf "$default/$openssl_version/lib/libssl.so.1.1" /usr/lib64/libssl.so.1.1 2>/dev/null
ln -sf "$default/$openssl_version/lib/libcrypto.so.1.1" /usr/lib64/libcrypto.so.1.1 2>/dev/null
ldconfig -v > "$file_log/ssl/ssl_ldconfig_$date_time.txt" 2>&1
/sbin/ldconfig
echo -e "\033[32m openssl安装成功 \033[0m"
echo -e "\033[33m OpenSSL 版本: \033[0m"
openssl version -a
else
echo -e "\033[31m openssl安装失败 \033[0m"
exit 1
fi
else
echo -e "\033[31m openssl配置失败 \033[0m"
exit 1
fi
echo ""
}
Install_openssh(){
echo -e "\033[33m 3.1-正在解压OpenSSH...... \033[0m"
sleep 2
tar -xzf "$openssh_local" -C "$file_install" > /dev/null
if [ -d "$file_install/$openssh_version" ]; then
echo -e "\033[32m openssh解压成功 \033[0m"
else
echo -e "\033[31m openssh解压失败 \033[0m"
exit 1
fi
echo -e "\033[33m 3.2-正在编译安装OpenSSH服务...... \033[0m"
sleep 2
# 备份原有配置
[ -d /etc/ssh ] && mv /etc/ssh "/etc/ssh_$date_time.bak"
cd "$file_install/$openssh_version"
./configure --prefix=$default/$openssh_version --sysconfdir=/etc/ssh \
--with-ssl-dir=$default/$openssl_version --with-zlib=$default/$zlib_version \
> "$file_log/ssh/ssh_configure_$date_time.txt" 2>&1
if [ $? -eq 0 ]; then
make -j $(nproc) > "$file_log/ssh/ssh_make_$date_time.txt" 2>&1
make install > "$file_log/ssh/ssh_install_$date_time.txt" 2>&1
echo -e "\033[32m openssh编译安装成功 \033[0m"
# 迁移配置文件
[ -f /etc/init.d/sshd ] && mv /etc/init.d/sshd "/etc/init.d/sshd_$date_time.bak"
cp -f "$file_install/$openssh_version/contrib/redhat/sshd.init" /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
[ -f /etc/pam.d/sshd.pam ] && mv /etc/pam.d/sshd.pam "/etc/pam.d/sshd.pam_$date_time.bak"
cp -f "$file_install/$openssh_version/contrib/redhat/sshd.pam" /etc/pam.d/sshd.pam 2>/dev/null || \
echo "警告: 未找到sshd.pam文件"
# 创建必要的符号链接
ln -sf "$default/$openssh_version/sbin/sshd" /usr/sbin/sshd
ln -sf "$default/$openssh_version/bin/ssh" /usr/bin/ssh
ln -sf "$default/$openssh_version/bin/ssh-keygen" /usr/bin/ssh-keygen
# 配置sshd_config
echo "Subsystem sftp $default/$openssh_version/libexec/sftp-server" >> /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
# 设置服务
chkconfig --add sshd
chkconfig sshd on
# 启动服务
service sshd start > "$file_log/ssh/ssh_start_$date_time.txt" 2>&1
if [ $? -eq 0 ]; then
echo -e "\033[32m openssh启动成功 \033[0m"
echo -e "\033[33m OpenSSH 版本: \033[0m"
ssh -V
else
echo -e "\033[31m openssh启动失败,请检查日志 \033[0m"
fi
else
echo -e "\033[31m openssh配置失败 \033[0m"
exit 1
fi
echo ""
}
End_install()
{
echo -e "\033[33m 安装完成总结 \033[0m"
echo -e "\033[33m======================================================= \033[0m"
echo -e "OpenSSH 服务状态:"
systemctl status sshd.service || service sshd status
echo ""
echo -e "安装目录: $file_install"
echo -e "备份目录: $file_backup"
echo -e "日志目录: $file_log"
echo -e "\033[33m======================================================= \033[0m"
}
# 主执行流程
echo -e "\033[34m开始OpenSSH离线安装流程...\033[0m"
echo ""
check_local_packages
check_dependencies
Install_make
Install_backup
Remove_openssh
Install_zlib
Install_openssl
Install_openssh
End_install
echo -e "\033[32mOpenSSH离线安装完成!\033[0m"
标题:Linux Centos7离线升级最新版OpenSSH
作者:zytops
地址:https://zytops.com/articles/2025/08/27/1756263341025.html