Linux Centos7离线升级最新版OpenSSH

  |   0 评论   |   0 浏览
先在有网络的机器上下载安装包:
# 在有网络的CentOS 7机器上执行
mkdir -p /opt/download
cd /opt/download
# 使用这个命令可以正确下载
yum install -y yum-utils
repotrack -p /opt/download \
    gcc \
    gcc-c++ \
    make \
    autoconf \
    openssl \
    openssl-devel \
    pcre-devel \
    pam-devel \
    zlib-devel \
    tcp_wrappers-devel

# 删除 i686 架构的包
find /opt/download -name "*i686*" -delete

#文件上传至离线机器上执行:
yum localinstall --nogpgcheck --disablerepo=* *.rpm
# 或者强制安装(谨慎使用)
sudo rpm -ivh --nodeps --force *.rpm

安装脚本:

#!/bin/bash
#
#########################################################
# Function :openssh-9.6p1 update (离线版)               #
# Platform :Centos7.X                                   #
# Version  :2.0                                         #
# Date     :2022-05-01                                  #   
#########################################################
clear
export LANG="en_US.UTF-8"

# 版本定义
zlib_version="zlib-1.3.1"
openssl_version="openssl-1.1.1q"
openssh_version="openssh-9.6p1"

# 安装包地址
file="/opt"
# 默认编译路径
default="/usr/local"
date_time=`date +%Y-%m-%d—%H:%M`
# 安装目录
file_install="$file/openssh_install"
file_backup="$file/openssh_backup"
file_log="$file/openssh_log"

# 源码包本地路径(离线版修改:指定本地tar包路径)
zlib_local="$file/$zlib_version.tar.gz"
openssl_local="$file/$openssl_version.tar.gz"
openssh_local="$file/$openssh_version.tar.gz"

# 创建必要的目录
mkdir -p "$file_install" "$file_backup" "$file_log" \
         "$file_backup/zlib" "$file_backup/ssl" "$file_backup/ssh" \
         "$file_log/zlib" "$file_log/ssl" "$file_log/ssh" \
         "$file_install/zlib"

# 检查本地源码包是否存在
check_local_packages() {
    echo -e "\033[33m 检查本地源码包... \033[0m"
    sleep 2
  
    local missing_packages=()
  
    if [ ! -f "$zlib_local" ]; then
        missing_packages+=("$zlib_version.tar.gz")
    fi
  
    if [ ! -f "$openssl_local" ]; then
        missing_packages+=("$openssl_version.tar.gz")
    fi
  
    if [ ! -f "$openssh_local" ]; then
        missing_packages+=("$openssh_version.tar.gz")
    fi
  
    if [ ${#missing_packages[@]} -gt 0 ]; then
        echo -e "\033[31m--------------------------------------------------------------- \033[0m"
        echo -e " 以下源码包缺失,请放置在 $file/ 目录下:"
        for pkg in "${missing_packages[@]}"; do
            echo -e "  - $pkg"
        done
        echo -e "\033[31m--------------------------------------------------------------- \033[0m"
        exit 1
    else
        echo -e "\033[32m 所有源码包已就绪 \033[0m"
    fi
    echo ""
}

# 检查依赖包是否已安装
check_dependencies() {
    echo -e "\033[33m 检查系统依赖包... \033[0m"
    sleep 2
  
    local dependencies=("gcc" "gcc-c++" "glibc" "make" "autoconf" "openssl" "openssl-devel" 
                       "pcre-devel" "pam-devel" "zlib-devel" "tcp_wrappers-devel")
    local missing_deps=()
  
    for dep in "${dependencies[@]}"; do
        if ! rpm -q "$dep" >/dev/null 2>&1; then
            missing_deps+=("$dep")
        fi
    done
  
    if [ ${#missing_deps[@]} -gt 0 ]; then
        echo -e "\033[31m--------------------------------------------------------------- \033[0m"
        echo -e " 以下依赖包未安装,请先离线安装:"
        for dep in "${missing_deps[@]}"; do
            echo -e "  - $dep"
        done
        echo -e "\033[31m 请使用: rpm -ivh package.rpm 或 yum localinstall package.rpm 安装 \033[0m"
        echo -e "\033[31m--------------------------------------------------------------- \033[0m"
        exit 1
    else
        echo -e "\033[32m 所有系统依赖包已安装 \033[0m"
    fi
    echo ""
}

Install_make()
{
    # Check if user is root
    if [ $(id -u) != "0" ]; then
        echo -e "\033[33m--------------------------------------------------------------- \033[0m"
        echo -e " 当前用户为普通用户,必须使用root用户运行,脚本退出中......" "\033[31m Error\033[0m"
        echo -e "\033[33m--------------------------------------------------------------- \033[0m"
        echo ""
        sleep 4
        exit 1
    fi
  
    # 离线版修改:移除wget和tar的在线安装
    echo -e "\033[33m 检查必要工具... \033[0m"
    sleep 2
  
    if ! type tar >/dev/null 2>&1; then
        echo -e "\033[31m tar 未安装,请先离线安装tar工具 \033[0m"
        exit 1
    fi
  
    echo -e "\033[32m 所有必要工具已就绪 \033[0m"
    echo ""
}

Install_backup()
{
    echo -e "\033[33m 开始备份文件... \033[0m"
    sleep 2
  
    #备份文件
    cp -rf /usr/bin/openssl  $file_backup/ssl/openssl_$date_time.bak > /dev/null 2>&1
    cp -rf /etc/init.d/sshd  $file_backup/ssh/sshd_$date_time.bak > /dev/null 2>&1
    cp -rf /etc/ssh  $file_backup/ssh/ssh_$date_time.bak > /dev/null 2>&1
    [ -f /usr/lib/systemd/system/sshd.service ] && \
    cp -rf /usr/lib/systemd/system/sshd.service  $file_backup/ssh/sshd_$date_time.service.bak > /dev/null 2>&1
    [ -f /etc/pam.d/sshd.pam ] && \
    cp -rf /etc/pam.d/sshd.pam  $file_backup/ssh/sshd_$date_time.pam.bak > /dev/null 2>&1
  
    echo -e "\033[32m 文件备份完成 \033[0m"
    echo ""
}

Remove_openssh()
{
    echo -e "\033[33m 卸载原有openssh... \033[0m"
    sleep 2
  
    # 卸载原有的openssh
    rpm -e --nodeps `rpm -qa | grep openssh` 2>/dev/null
  
    echo -e "\033[32m openssh卸载完成 \033[0m"
    echo ""
}

# 离线版修改:移除下载相关的函数,直接使用本地文件

Install_zlib(){
    echo -e "\033[33m 1.1-正在解压Zlib软件包...... \033[0m"
    sleep 2
  
    tar -xzf "$zlib_local" -C "$file_install" > /dev/null
    if [ -d "$file_install/$zlib_version" ]; then
        echo -e "\033[32m zlib解压成功 \033[0m"
    else
        echo -e "\033[31m zlib解压失败 \033[0m"
        exit 1
    fi
  
    echo -e "\033[33m 1.2-正在编译安装Zlib服务...... \033[0m"
    sleep 2
  
    cd "$file_install/$zlib_version"
    ./configure --prefix=$default/$zlib_version > "$file_log/zlib/zlib_configure_$date_time.txt" 2>&1
  
    if [ $? -eq 0 ]; then
        make > "$file_log/zlib/zlib_make_$date_time.txt" 2>&1
        make test > "$file_log/zlib/zlib_test_$date_time.txt" 2>&1
        make install > "$file_log/zlib/zlib_install_$date_time.txt" 2>&1
  
        if [ -e "$default/$zlib_version/lib/libz.so" ]; then
            sed -i '/zlib/'d /etc/ld.so.conf
            echo "$default/$zlib_version/lib" >> /etc/ld.so.conf
            echo "$default/$zlib_version/lib" >> /etc/ld.so.conf.d/zlib.conf
            ldconfig -v > "$file_log/zlib/zlib_ldconfig_$date_time.txt" 2>&1
            /sbin/ldconfig
            echo -e "\033[32m zlib安装成功 \033[0m"
        else
            echo -e "\033[31m zlib安装失败 \033[0m"
            exit 1
        fi
    else
        echo -e "\033[31m zlib配置失败 \033[0m"
        exit 1
    fi
    echo ""
}

Install_openssl(){
    echo -e "\033[33m 2.1-正在解压Openssl...... \033[0m"
    sleep 2
  
    tar -xzf "$openssl_local" -C "$file_install" > /dev/null
    if [ -d "$file_install/$openssl_version" ]; then
        echo -e "\033[32m openssl解压成功 \033[0m"
    else
        echo -e "\033[31m openssl解压失败 \033[0m"
        exit 1
    fi
  
    echo -e "\033[33m 2.2-正在编译安装Openssl服务...... \033[0m"
    sleep 2
  
    cd "$file_install/$openssl_version"
    ./config shared zlib --prefix=$default/$openssl_version > "$file_log/ssl/ssl_config_$date_time.txt" 2>&1
  
    if [ $? -eq 0 ]; then
        make clean > "$file_log/ssl/ssl_clean_$date_time.txt" 2>&1
        make -j $(nproc) > "$file_log/ssl/ssl_make_$date_time.txt" 2>&1
        make install > "$file_log/ssl/ssl_install_$date_time.txt" 2>&1
  
        # 备份并创建链接
        [ -f /usr/bin/openssl ] && mv /usr/bin/openssl /usr/bin/openssl_$date_time.bak
  
        if [ -e "$default/$openssl_version/bin/openssl" ]; then
            sed -i '/openssl/'d /etc/ld.so.conf
            echo "$default/$openssl_version/lib" >> /etc/ld.so.conf
            ln -sf "$default/$openssl_version/bin/openssl" /usr/bin/openssl
            ln -sf "$default/$openssl_version/lib/libssl.so.1.1" /usr/lib64/libssl.so.1.1 2>/dev/null
            ln -sf "$default/$openssl_version/lib/libcrypto.so.1.1" /usr/lib64/libcrypto.so.1.1 2>/dev/null
            ldconfig -v > "$file_log/ssl/ssl_ldconfig_$date_time.txt" 2>&1
            /sbin/ldconfig
  
            echo -e "\033[32m openssl安装成功 \033[0m"
            echo -e "\033[33m OpenSSL 版本: \033[0m"
            openssl version -a
        else
            echo -e "\033[31m openssl安装失败 \033[0m"
            exit 1
        fi
    else
        echo -e "\033[31m openssl配置失败 \033[0m"
        exit 1
    fi
    echo ""
}

Install_openssh(){
    echo -e "\033[33m 3.1-正在解压OpenSSH...... \033[0m"
    sleep 2
  
    tar -xzf "$openssh_local" -C "$file_install" > /dev/null
    if [ -d "$file_install/$openssh_version" ]; then
        echo -e "\033[32m openssh解压成功 \033[0m"
    else
        echo -e "\033[31m openssh解压失败 \033[0m"
        exit 1
    fi
  
    echo -e "\033[33m 3.2-正在编译安装OpenSSH服务...... \033[0m"
    sleep 2
  
    # 备份原有配置
    [ -d /etc/ssh ] && mv /etc/ssh "/etc/ssh_$date_time.bak"
  
    cd "$file_install/$openssh_version"
    ./configure --prefix=$default/$openssh_version --sysconfdir=/etc/ssh \
                --with-ssl-dir=$default/$openssl_version --with-zlib=$default/$zlib_version \
                > "$file_log/ssh/ssh_configure_$date_time.txt" 2>&1
  
    if [ $? -eq 0 ]; then
        make -j $(nproc) > "$file_log/ssh/ssh_make_$date_time.txt" 2>&1
        make install > "$file_log/ssh/ssh_install_$date_time.txt" 2>&1
  
        echo -e "\033[32m openssh编译安装成功 \033[0m"
  
        # 迁移配置文件
        [ -f /etc/init.d/sshd ] && mv /etc/init.d/sshd "/etc/init.d/sshd_$date_time.bak"
        cp -f "$file_install/$openssh_version/contrib/redhat/sshd.init" /etc/init.d/sshd
        chmod u+x /etc/init.d/sshd
  
        [ -f /etc/pam.d/sshd.pam ] && mv /etc/pam.d/sshd.pam "/etc/pam.d/sshd.pam_$date_time.bak"
        cp -f "$file_install/$openssh_version/contrib/redhat/sshd.pam" /etc/pam.d/sshd.pam 2>/dev/null || \
        echo "警告: 未找到sshd.pam文件"
  
        # 创建必要的符号链接
        ln -sf "$default/$openssh_version/sbin/sshd" /usr/sbin/sshd
        ln -sf "$default/$openssh_version/bin/ssh" /usr/bin/ssh
        ln -sf "$default/$openssh_version/bin/ssh-keygen" /usr/bin/ssh-keygen
  
        # 配置sshd_config
        echo "Subsystem sftp $default/$openssh_version/libexec/sftp-server" >> /etc/ssh/sshd_config
        sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config
        sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
  
        # 设置服务
        chkconfig --add sshd
        chkconfig sshd on
  
        # 启动服务
        service sshd start > "$file_log/ssh/ssh_start_$date_time.txt" 2>&1
  
        if [ $? -eq 0 ]; then
            echo -e "\033[32m openssh启动成功 \033[0m"
            echo -e "\033[33m OpenSSH 版本: \033[0m"
            ssh -V
        else
            echo -e "\033[31m openssh启动失败,请检查日志 \033[0m"
        fi
    else
        echo -e "\033[31m openssh配置失败 \033[0m"
        exit 1
    fi
    echo ""
}

End_install()
{
    echo -e "\033[33m 安装完成总结 \033[0m"
    echo -e "\033[33m======================================================= \033[0m"
    echo -e "OpenSSH 服务状态:"
    systemctl status sshd.service || service sshd status
    echo ""
    echo -e "安装目录: $file_install"
    echo -e "备份目录: $file_backup" 
    echo -e "日志目录: $file_log"
    echo -e "\033[33m======================================================= \033[0m"
}

# 主执行流程
echo -e "\033[34m开始OpenSSH离线安装流程...\033[0m"
echo ""

check_local_packages
check_dependencies
Install_make
Install_backup
Remove_openssh
Install_zlib
Install_openssl
Install_openssh
End_install

echo -e "\033[32mOpenSSH离线安装完成!\033[0m"

标题:Linux Centos7离线升级最新版OpenSSH
作者:zytops
地址:https://zytops.com/articles/2025/08/27/1756263341025.html