我要评论升级 openssl
一、查看当前安装的版本
# openssl version
openssl 1.0.2g 1 mar 2016
注意:不要卸载旧版本,会出依赖方面的问题!
二、下载
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
三、编译
tar zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g && ./config --prefix=/usr/local/ssl shared && make && make install
编译安装需较长时间!!!
说明:一定要加上shared 参数,要不在安装openssh的时候提示无法找到路径!
四、建立软链接
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/bin/openssl /usr/local/bin/openssl #仅适用centos6
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so
5.写入openssl库文件的搜索路径
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
如果出现错误 bash: /etc/ld.so.conf: operation not permitted 可以尝试使用
sudo echo "/usr/local/openssl/lib" >> /etc/ld.so.conf.d/openssl-aarch64.conf
这里因为查看 /etc/ld.so.conf 文件中引用了 /etc/ld.so.conf.d/ 下的所有文件,所以自己输出一个配置文件更合理
6.使修改后的/etc/ld.so.conf生效
ldconfig -v
7.查看openssl版本
openssl version
升级 openssh
一、查看当前版本
#ssh -v
openssh_7.2p2 ubuntu-4ubuntu2.8, openssl 1.0.2g 1 mar 2016
二、下载
wget -c https://ftp.riken.jp/pub/openbsd/openssh/portable/openssh-8.3p1.tar.gz
三、编译
tar zxvf openssh-8.3p1.tar.gz
cd openssh-8.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-pam && make && make install
个别情况下需要加以下参数编译通过:--without-openssl-header-check
四、版本验证
#ssh -v
openssh_8.3p1, openssl 1.1.1g 21 apr 2020
五、启动
cp /root/openssh-8.3p1/opensshd.init /etc/init.d/ssh
/etc/init.d/ssh restart
报错及处理
- 报错一(debian9编译openssl):
root@192-168-11-6:~# ldd /usr/local/ssl/bin/openssl
/usr/local/ssl/bin/openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `openssl_1_1_1' not found (required by /usr/local/ssl/bin/openssl)
/usr/local/ssl/bin/openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `openssl_1_1_1' not found (required by /usr/local/ssl/bin/openssl)
linux-vdso.so.1 (0x00007ffdd3320000)
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007febcb923000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007febcb48a000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007febcb286000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007febcb069000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007febcacca000)
/lib64/ld-linux-x86-64.so.2 (0x00007febcbe47000)
root@192-168-11-6:~#
- 报错二(ubuntu):
#openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: no such file or directory
- 报错三(ubuntu18.04)
root@jumper:~# openssl version
openssl: relocation error: openssl: symbol evp_mdc2 version openssl_1_1_0 not defined in file libcrypto.so.1.1 with link time reference
1&2&3处理方法:
cd openssl-1.1.1d
cp libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
cp libssl.so.1.1 /usr/lib/x86_64-linux-gnu/
- 报错四:configure: error: *** zlib.h missing
处理方法:
apt-get install zlib1g-dev #for ubuntu/debian
yum install zlib-devel #for centos
- 报错五:configure: error: pam headers not found
apt-get install libpam0g-dev #for ubuntu/debian
yum -y install pam-devel #for centos:
- 报错六:configure: error: your openssl headers do not match your library #debian9
添加参数后可以编译通过。
./configure --without-openssl-header-check
- 安装后启动sshd报错
/etc/ssh/sshd_config line 16: deprecated option useprivilegeseparation
/etc/ssh/sshd_config line 19: deprecated option keyregenerationinterval
/etc/ssh/sshd_config line 20: deprecated option serverkeybits
/etc/ssh/sshd_config line 31: deprecated option rsaauthentication
/etc/ssh/sshd_config line 38: deprecated option rhostsrsaauthentication
处理方法:
编辑配置文件,将相应行注释掉。
发表评论