[实践OK]ssh太慢,CentOS6.X下编译并升级安装OpenSSH7.4p1,一台CentOS6.X机器连接SSH太慢,重新编译最新的openssh后连接正常的编译过程。 不指定

jackxiang 2018-8-17 11:05 | |
导语
    Redhat企业级系统的6.7版自带SSH版本为OpenSSH_5.3p1, 基于审计和安全性需求,建议将其升级到最新的OpenSSH版本,当前官网最新版本为7.4p1. 本文档将详细介绍OpenSSH升级的完整步骤。需要说明的是,升级过程中虽然涉及zlib、openssl和openssh的卸载,但是并不会导致当前的ssh远程连接会话断开,因此是可以将整个升级过程写成自动化脚本以进行自动批量部署的。后面咱准备逐步过度到CentOS7了,新版在SSH底层上优化了TCP连接传输功能。在譬如拷贝时会用同一个TCP的FD,而旧版本的是没有这个功能的。再就是刚连接过了在超时设置范围内,再次发起连接时也会复用之前的一个Socket的FD句柄,提高连接效率。
编译安装OpenSSH7.4p1一共分二步,
第一步:安装编译需要的RPM包:


第二步:编译并安装到和原来一样的目录,如下步骤:
tar zxvf openssh-7.4p1.tar.gz
cd openssh-7.4p1
ll
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-kerberos5=/usr/lib64/libkrb5.so
make && make install
cp -rf /usr/local/src/openssh-7.4p1/contrib/redhat/sshd.init /etc/init.d/sshd  
cp -rf contrib/redhat/sshd.init /etc/init.d/sshd  
chmod +x /etc/init.d/sshd
chkconfig --add sshd
vim /etc/init.d/sshd
sed -i '/sbin/restorecon /etc/ssh/ssh_host_key.pub/s/^/#/'  /etc/init.d/sshd  
sed -i 's/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
ssh -V
service sshd restart
vim /etc/ssh/sshd_config
ll
vim /etc/ssh/sshd_config
ps -ef|grep ssh
service sshd start
history

附录:
反查一些OpenSSH需要的动态库,RPM包的安装路径辅助上面参数配置:
rpm -ql openssh-server-5.3p1-122.el6.x86_64
/etc/pam.d/ssh-keycat
/etc/pam.d/sshd
/etc/rc.d/init.d/sshd
/etc/ssh/sshd_config
/etc/sysconfig/sshd
/usr/libexec/openssh/sftp-server
/usr/libexec/openssh/ssh-keycat
/usr/sbin/.sshd.hmac
/usr/sbin/sshd
/usr/share/doc/openssh-server-5.3p1
/usr/share/doc/openssh-server-5.3p1/HOWTO.ssh-keycat
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd



ldd /usr/sbin/sshd
        linux-vdso.so.1 =>  (0x00007fffbc5ff000)
        libpam.so.0 => /lib64/libpam.so.0 (0x00007f2d19bf3000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f2d1980e000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f2d19605000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f2d19401000)
        libutil.so.1 => /lib64/libutil.so.1 (0x00007f2d191fe000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f2d18fe7000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f2d18db0000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f2d18b96000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f2d18951000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f2d1866a000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f2d1843e000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f2d18239000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f2d17ea5000)
        libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f2d17c89000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2d17a6b000)
        /lib64/ld-linux-x86-64.so.2 (0x0000003c0e400000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f2d177f4000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f2d175e9000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f2d173e5000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2d171c6000)

rpm -qf /lib64/libpam.so.0 >> /tmp/jackRpmResult.txt
rpm -qf /usr/lib64/libcrypto.so.10 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/librt.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libdl.so.2 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libutil.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libz.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libcrypt.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libresolv.so.2 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libgssapi_krb5.so.2 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libkrb5.so.3 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libk5crypto.so.3 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libcom_err.so.2 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libc.so.6 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libaudit.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libpthread.so.0 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/ld-linux-x86-64.so.2 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libfreebl3.so >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libkrb5support.so.0 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libkeyutils.so.1 >> /tmp/jackRpmResult.txt
rpm -qf /lib64/libselinux.so.1 >> /tmp/jackRpmResult.txt

需要这些包:
rpm -qa|grep audit-libs-2.2-2
rpm -qa|grep glibc-2.12-1.192
rpm -qa|grep keyutils-libs-1.4-5
rpm -qa|grep krb5-libs-1.10.3-65
rpm -qa|grep libcom_err-1.41.12-23
rpm -qa|grep libselinux-2.0.94-7
rpm -qa|grep nss-softokn-freebl-3.14.3-9
rpm -qa|grep openssl-1.0.1e-57
rpm -qa|grep pam-1.1.1-24
rpm -qa|grep zlib-1.2.3-29


yum 安装软件包:
audit-libs-2.2-2 glibc-2.12-1.192 keyutils-libs-1.4-5 krb5-libs-1.10.3-65 libcom_err-1.41.12-23 libselinux-2.0.94-7 nss-softokn-freebl-3.14.3-9 openssl-1.0.1e-57 pam-1.1.1-24 zlib-1.2.3-29

去掉版本号直接安装:
yum install audit-libs glibc keyutils-libs krb5-libs libcom_err libselinux nss-softokn-freebl openssl pam zlib




参考编译来源:
(1)http://blog.chinaunix.net/uid-28266791-id-5759478.html
(2)https://www.cnblogs.com/xshrim/p/6472679.html

作者:jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除
地址:http://jackxiang.com/post/9860/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!


最后编辑: jackxiang 编辑于2018-8-17 11:57
评论列表
发表评论

昵称

网址

电邮

打开HTML 打开UBB 打开表情 隐藏 记住我 [登入] [注册]