rpm -qa | grep telnetrpm -qa | grep xinetd
yum list | grep telnetyum list | grep xinetd
②开始安装,客户端和服务端
yum -y install telnet-server.x86_64yum -y install telnet.x86_64yum -y install xinetd.x86_64
注:telnet-server服务启动依赖xinetd服务。
xinetd:eXtended InterNET services daemon,超级Internet服务器,用来管理多种轻量级Internet服务。
查看是否安装xinetd (若安装则不安装):
[root@localhost ~]# rpm -qa | grep xinetd
如果未安装,则安装
[root@localhost init.d]# yum -y install xinetd
③telnet服务默认是不开启的,修改文件/etc/xinetd.d/telnet来开启服务
# default: yes# description: The telnet server servestelnet sessions; it uses \# unencrypted username/password pairs for authentication.service telnet{flags = REUSEsocket_type = streamwait = nouser = rootserver =/usr/sbin/in.telnetdlog_on_failure += USERIDdisable = no
[root@192 ~]# rpm -qa | grep telnettelnet-0.17-64.el7.x86_64telnet-server-0.17-64.el7.x86_64[root@192 ~]# rpm -qa | grep xinetdxinetd-2.3.15-13.el7.x86_64[root@192 ~]#
在centos7之前:
$ service xinetd restart
或
$ /etc/rc.d/init.d/xinetd restart
在centos7中(无xinetd的service启动项):
[root@CentOS-Slave1 xinetd.d]# service xinetd restartRedirecting to /bin/systemctl restart xinetd.service
或
[root@CentOS-Slave1 xinetd.d]# systemctl restart xinetd.service# /bin/systemctl restart xinetd.service
[root@CentOS-Slave1 xinetd.d]# ps -ef | grep xinetdroot 6641 1 0 23:22 ? 00:00:00 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pidroot 6644 5817 0 23:24 pts/3 00:00:00 grep --color=auto xinetd
[root@CentOS-Slave1 pam.d]# telnet 192.168.10.56
[root@CentOS-Slave1 rc3.d]# chkconfig --level 35 xinetd onNote: Forwarding request to 'systemctl enable xinetd.service'.[root@CentOS-Slave1 rc3.d]# systemctl enable xinetd.service
⑧查看
[root@CentOS-Slave1 rc3.d]# chkconfig --list
⑨问题备注(可能出现的)
telnet下root登录,密码正确,总提示:Login incorrect
解决1:注释/etc/pam.d/remote的第一行,
即:auth required pam_securetty.so
二、SSH升级(严格按照文档,保准没问题)
如果ssh版本过低,最好先yum update openssh升级下到目前yum仓库默认的openssh7.4p1版本
默认centos7.3的ssh是如下版本
[root@linux-node3 ~]# cat /etc/redhat-releaseCentOS Linux release 7.3.1611 (Core)[root@linux-node3 ~]# ssh -VOpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013[root@linux-node3 ~]#
执行yum update openssh先升级下(反正官方提供的这种升级是没问题的。如果之前手动编译操作过openssh的升级,变更了默认配置文件路径什么的请自行测试。)
(这里准备统一openssh版本为7.4p1之后再统一编译安装升级到openssh8.xp1)
[root@linux-node3 ~]# yum update openssh -y[root@linux-node3 ~]# ssh -VOpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017[root@linux-node3 ~]#
安装依赖包
升级需要几个组件,有些是和编译相关的等
[root@linux-node3 ~]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-develLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile* base: mirrors.163.com* epel: mirrors.aliyun.com* extras: mirrors.cn99.com* updates: mirrors.cn99.comPackage gcc-4.8.5-36.el7_6.1.x86_64 already installed and latest versionPackage gcc-c++-4.8.5-36.el7_6.1.x86_64 already installed and latest versionPackage glibc-2.17-260.el7_6.4.x86_64 already installed and latest versionPackage 1:make-3.82-23.el7.x86_64 already installed and latest versionPackage autoconf-2.69-11.el7.noarch already installed and latest versionPackage 1:openssl-1.0.2k-16.el7_6.1.x86_64 already installed and latest versionPackage 1:openssl-devel-1.0.2k-16.el7_6.1.x86_64 already installed and latest versionPackage pcre-devel-8.32-17.el7.x86_64 already installed and latest versionPackage pam-devel-1.1.8-22.el7.x86_64 already installed and latest versionNothing to do[root@linux-node3 ~]#
安装pam和zlib等(后面的升级操作可能没用到pam,安装上也没啥影响,如果不想安装pam请自行测试)
[root@linux-node3 ~]# yum install -y pam* zlib*Loaded plugins: fastestmirrorLoading mirror speeds from cached hostfile* base: mirrors.163.com* epel: mirrors.aliyun.com* extras: mirrors.cn99.com* updates: mirrors.cn99.comPackage pam_yubico-2.26-1.el7.x86_64 already installed and latest versionPackage pam_script-1.1.8-1.el7.x86_64 already installed and latest versionPackage pam_oath-2.4.1-9.el7.x86_64 already installed and latest versionPackage pam_snapper-0.2.8-4.el7.x86_64 already installed and latest versionPackage pam_ssh_agent_auth-0.10.3-2.16.el7.x86_64 already installed and latest versionPackage pam_2fa-1.0-1.el7.x86_64 already installed and latest versionPackage pam_mapi-0.3.4-1.el7.x86_64 already installed and latest versionPackage pam_ssh_user_auth-1.0-1.el7.x86_64 already installed and latest versionPackage pam_mount-2.16-5.el7.x86_64 already installed and latest versionPackage pam_radius-1.4.0-3.el7.x86_64 already installed and latest versionPackage pamtester-0.1.2-4.el7.x86_64 already installed and latest versionPackage pam_afs_session-2.6-5.el7.x86_64 already installed and latest versionPackage pam_pkcs11-0.6.2-30.el7.x86_64 already installed and latest versionPackage pam-1.1.8-22.el7.x86_64 already installed and latest versionPackage pam_ssh-2.3-1.el7.x86_64 already installed and latest versionPackage 1:pam_url-0.3.3-4.el7.x86_64 already installed and latest versionPackage pam_wrapper-1.0.7-2.el7.x86_64 already installed and latest versionPackage pam-kwallet-5.5.2-1.el7.x86_64 already installed and latest versionPackage pam-devel-1.1.8-22.el7.x86_64 already installed and latest versionPackage pam_krb5-2.4.8-6.el7.x86_64 already installed and latest versionPackage zlib-devel-1.2.7-18.el7.x86_64 already installed and latest versionPackage zlib-static-1.2.7-18.el7.x86_64 already installed and latest versionPackage zlib-1.2.7-18.el7.x86_64 already installed and latest versionPackage zlib-ada-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest versionPackage zlib-ada-devel-1.4-0.5.20120830CVS.el7.x86_64 already installed and latest versionNothing to do[root@linux-node3 ~]#
下载openssh包和openssl的包
我们都下载最新版本,下载箭头指的包
https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
https://ftp.openssl.org/source/
开始安装openssl
个人习惯把安装包或者工具之类的放下面目录。根据个人喜好随便放,不影响安装
[root@linux-node3 ~]# mkdir /data/tools -p[root@linux-node3 ~]# cd /data/tools/[root@linux-node3 /data/tools]# rz -Erz waiting to receive.[root@linux-node3 /data/tools]# lltotal 5224-rw-r--r-- 1 root root 5348369 Apr 27 12:19 openssl-1.0.2r.tar.gz解压文件[root@linux-node3 /data/tools]# tar xfz openssl-1.0.2r.tar.gz[root@linux-node3 /data/tools]# lltotal 5228drwxr-xr-x 20 root root 4096 Apr 27 12:20 openssl-1.0.2r-rw-r--r-- 1 root root 5348369 Apr 27 12:19 openssl-1.0.2r.tar.gz[root@linux-node3 /data/tools]# cd[root@linux-node3 ~]#现在是系统默认的版本,等会升级完毕对比下[root@linux-node3 ~]# openssl versionOpenSSL 1.0.2k-fips 26 Jan 2017[root@linux-node3 ~]#
备份下面2个文件或目录(如果存在的话就执行)
[root@linux-node3 ~]# ll /usr/bin/openssl-rwxr-xr-x 1 root root 555248 Mar 12 18:12 /usr/bin/openssl[root@linux-node3 ~]# mv /usr/bin/openssl /usr/bin/openssl_bak[root@linux-node3 ~]# ll /usr/include/openssltotal 1864-rw-r--r-- 1 root root 6146 Mar 12 18:12 aes.h-rw-r--r-- 1 root root 63204 Mar 12 18:12 asn1.h-rw-r--r-- 1 root root 24435 Mar 12 18:12 asn1_mac.h-rw-r--r-- 1 root root 34475 Mar 12 18:12 asn1t.h-rw-r--r-- 1 root root 38742 Mar 12 18:12 bio.h-rw-r--r-- 1 root root 5351 Mar 12 18:12 blowfish.h......[root@linux-node3 ~]# mv /usr/include/openssl /usr/include/openssl_bak[root@linux-node3 ~]#
编译安装新版本的openssl
配置、编译、安装3个命令一起执行
&&符号表示前面的执行成功才会执行后面的
[root@linux-node3 ~]# cd /data/tools/openssl-1.0.2r/[root@linux-node3 /data/tools/openssl-1.0.2r]# ./config shared && make && make install
以上命令执行完毕,echo $?查看下最后的make install是否有报错,0表示没有问题
下面2个文件或者目录做软链接 (刚才前面的步骤mv备份过原来的)
[root@linux-node3 ~]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl[root@linux-node3 ~]# ln -s /usr/local/ssl/include/openssl /usr/include/openssl[root@linux-node3 ~]# ll /usr/bin/openssllrwxrwxrwx 1 root root 26 Apr 27 12:31 /usr/bin/openssl -> /usr/local/ssl/bin/openssl[root@linux-node3 ~]# ll /usr/include/openssl -ldlrwxrwxrwx 1 root root 30 Apr 27 12:31 /usr/include/openssl -> /usr/local/ssl/include/openssl[root@linux-node3 ~]#
命令行执行下面2个命令加载新配置
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf/sbin/ldconfig
查看确认版本。没问题
[root@testssh ~]# openssl versionOpenSSL 1.0.2r 26 Feb 2019
安装openssh
上传openssh的tar包并解压
[root@testssh ~]# cd /data/tools/[root@testssh tools]# lltotal 7628-rw-r--r-- 1 root root 1597697 Apr 18 07:02 openssh-8.0p1.tar.gzdrwxr-xr-x 20 root root 4096 Apr 23 23:12 openssl-1.0.2r-rw-r--r-- 1 root root 5348369 Feb 26 22:34 openssl-1.0.2r.tar.gz-rwxr-xr-x 1 root root 853040 Apr 11 2018 sshd[root@testssh tools]# tar xfz openssh-8.0p1.tar.gz[root@testssh tools]# cd openssh-8.0p1可能文件默认显示uid和gid数组都是1000,这里重新授权下。不授权可能也不影响安装(请自行测试)[root@testssh tools]# chown -R root.root /data/tools/openssh-8.0p1
命令行删除原先ssh的配置文件和目录
然后配置、编译、安装
注意下面编译安装的命令是一行,请把第一行末尾的 \ 去掉,然后在文本里弄成一行之后放命令行执行
rm -rf /etc/ssh/*./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include \--with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install
参考下我的截图
安装完毕 检查下结果
修改配置文件最终为如下内容,其他的不要动
[root@linux-node3 ~]# grep "^PermitRootLogin" /etc/ssh/sshd_configPermitRootLogin yes[root@linux-node3 ~]# grep "UseDNS" /etc/ssh/sshd_configUseDNS no[root@linux-node3 ~]#
从原先的解压的包中拷贝一些文件到目标位置(如果目标目录存在就覆盖)
(可能下面的ssh.pam文件都没用到,因为sshd_config配置文件貌似没使用它,请自行测试。我这边是拷贝了)
[root@linux-node3 /data/tools/openssh-8.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd[root@linux-node3 /data/tools/openssh-8.0p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam[root@linux-node3 /data/tools/openssh-8.0p1]# chmod +x /etc/init.d/sshd[root@linux-node3 /data/tools/openssh-8.0p1]# chkconfig --add sshd[root@linux-node3 /data/tools/openssh-8.0p1]# systemctl enable sshd[root@linux-node3 /data/tools/openssh-8.0p1]#
把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
[root@linux-node3 ~]# mv /usr/lib/systemd/system/sshd.service /data/
设置sshd服务开机启动
[root@linux-node3 ~]# chkconfig sshd onNote: Forwarding request to 'systemctl enable sshd.socket'.Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.
接下来测试启停服务。都正常
以后管理sshd通过下面方式了[root@linux-node3 ~]# /etc/init.d/sshd restartRestarting sshd (via systemctl): [ OK ][root@linux-node3 ~]#[root@linux-node3 ~]#[root@linux-node3 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31800/sshdtcp6 0 0 :::22 :::* LISTEN 31800/sshdtcp6 0 0 :::23 :::* LISTEN 1/systemd[root@linux-node3 ~]# /etc/init.d/sshd stopStopping sshd (via systemctl): [ OK ][root@linux-node3 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp6 0 0 :::23 :::* LISTEN 1/systemd[root@linux-node3 ~]# /etc/init.d/sshd startStarting sshd (via systemctl): [ OK ][root@linux-node3 ~]#[root@linux-node3 ~]#
使用systemd方式也行
[root@linux-node3 ~]# systemctl stop sshd[root@linux-node3 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp6 0 0 :::23 :::* LISTEN 1/systemd[root@linux-node3 ~]# systemctl start sshd[root@linux-node3 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31958/sshdtcp6 0 0 :::22 :::* LISTEN 31958/sshdtcp6 0 0 :::23 :::* LISTEN 1/systemd[root@linux-node3 ~]# systemctl restart sshd[root@linux-node3 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31999/sshdtcp6 0 0 :::22 :::* LISTEN 31999/sshdtcp6 0 0 :::23 :::* LISTEN 1/systemd[root@linux-node3 ~]#
测试版本。都正常
[root@linux-node3 ~]# ssh -VOpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019[root@linux-node3 ~]#[root@linux-node3 ~]# telnet 127.0.0.1 22Trying 127.0.0.1...Connected to 127.0.0.1.Escape character is '^]'.SSH-2.0-OpenSSH_8.0
如果不是生产机器。可以试着重启机器测试下登录sshd是否正常。我这边测试都没问题
测试没问题后可以把telnet服务关闭了
[root@linux-node3 ~]# systemctl disable xinetd.serviceRemoved symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.[root@linux-node3 ~]# systemctl stop xinetd.service[root@linux-node3 ~]# systemctl disable telnet.socket[root@linux-node3 ~]# systemctl stop telnet.socket[root@linux-node3 ~]# netstat -lntp
本文参考链接:
https://www.cnblogs.com/nmap/p/10779658.html
https://blog.csdn.net/f110300641/article/details/82758372
文章转载自软件实施干货分享,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
