xml地图|网站地图|网站标签 [设为首页] [加入收藏]
来自 新濠国际登录平台 2020-01-01 11:19 的文章
当前位置: 新濠国际登录平台 > 新濠国际登录平台 > 正文

通过telnet连接服务器

1.下载最新的openssh包

操作系统:
 [root@station28 ~]# cat /etc/issue.net
 Red Hat Enterprise Linux Server release 5.4 (Tikanga)
 Kernel r on an m
 [root@station28 ~]# uname -a
 Linux station28.example.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
 
在配置sftp时,需要chroot特定的目录,则openssh的版本需不低于5.1,我这下载的是openssh 6.1版本的源码包,需要进行编译,
 则需要安装gcc,同时需要安装openssl-devel-0.9.8e-12.el5
 openssh-6.1p1下载地址:或者进入官网下载
 ftp://ftp.openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz
 若不安装openssl-devel,则报如下错误:
 [root@station28 openssh-6.1p1]#./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh  --with-zlib --with-ssl-dir=/usr/local/ssl--with-md5-passwords --mandir=/usr/share/man
 checking for openssl/opensslv.h... no
 configure: error: *** OpenSSL headers missing - please install first or check config.log ***
 
1、配置yum,安装gcc,openssl-devel-0.9.8e-12.el5,和telnet(当ssh不能用的时候,用于连接服务器)
 [root@station28 ~]# cat /etc/yum.repos.d/base.repo
 [base]
 baseurl=file:///mnt/Server
 gpgcheck=0
 [root@station28 ~]# yum -y install "gcc*"
 [root@station28 ~]# yum -y install "openssl-devel-0.9.8e-12.el5"
 [root@station28 openssh-6.1p1]# yum -y install "telnet-server*"
 
卸载openssh,观察openssh的各个包包含的内容:
 [root@station28 ~]# cd /etc/ssh
 [root@station28 ssh]# mkdir /root/1114_ssh_bak
 [root@station28 ssh]# cp * /root/1114_ssh_bak/
 [root@station28 ssh]# rpm -qa | grep openssh //目前系统安装的是4.3版本的
 openssh-server-4.3p2-36.el5
 openssh-askpass-4.3p2-36.el5
 openssh-4.3p2-36.el5
 openssh-clients-4.3p2-36.el5
 [root@station28 ~]# ssh -V
 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
 [root@station28 ssh]# rpm -ql openssh-server-4.3p2-36.el5 //查看安装包涉及的内容
 /etc/pam.d/sshd
 /etc/rc.d/init.d/sshd
 /etc/ssh
 /etc/ssh/sshd_config
 /usr/libexec/openssh/sftp-server
 /usr/sbin/.sshd.hmac
 /usr/sbin/sshd
 /usr/share/man/man5/sshd_config.5.gz
 /usr/share/man/man8/sftp-server.8.gz
 /usr/share/man/man8/sshd.8.gz
 /var/empty/sshd
 /var/empty/sshd/etc
 /var/empty/sshd/etc/localtime
 [root@station28 ssh]# rpm -ql openssh-askpass-4.3p2-36.el5
 /etc/profile.d/gnome-ssh-askpass.csh
 /etc/profile.d/gnome-ssh-askpass.sh
 /usr/libexec/openssh/gnome-ssh-askpass
 /usr/libexec/openssh/ssh-askpass
 [root@station28 ssh]# rpm -ql openssh-4.3p2-36.el5
 /etc/ssh
 /etc/ssh/moduli
 /usr/bin/ssh-keygen
 /usr/libexec/openssh
 /usr/libexec/openssh/ssh-keysign
 .....
 ....
 [root@station28 ssh]# rpm -ql openssh-clients-4.3p2-36.el5
 /etc/ssh/ssh_config
 /usr/bin/.ssh.hmac
 /usr/bin/scp
 /usr/bin/sftp
 /usr/bin/slogin
 /usr/bin/ssh
 /usr/bin/ssh-add
 /usr/bin/ssh-agent
 /usr/bin/ssh-copy-id
 /usr/bin/ssh-keyscan
 ......
 .....
 [root@station28 ssh]# rpm -qa | grep openssh //全部卸载
 openssh-server-4.3p2-36.el5
 openssh-askpass-4.3p2-36.el5
 openssh-4.3p2-36.el5
 openssh-clients-4.3p2-36.el5
 [root@station28 ssh]# rpm -e openssh-server-4.3p2-36.el5
 [root@station28 ssh]# rpm -e openssh-askpass-4.3p2-36.el5
 [root@station28 ssh]# rpm -e openssh-4.3p2-36.el5 //存在依赖关系,需要先卸载openssh-clients-4.3p2-36.el5.x86_64
 error: Failed dependencies:
        openssh = 4.3p2-36.el5 is needed by (installed) openssh-clients-4.3p2-36.el5.x86_64
 [root@station28 ssh]# rpm -e openssh-clients-4.3p2-36.el5
 [root@station28 ssh]# rpm -e openssh-4.3p2-36.el5
 [root@station28 ssh]# rpm -qa | grep openssh //全部卸载干净
 
[root@station28 ~]# pwd
 /root
 [root@station28 ~]# ls openssh-6.1p1.tar.gz
 openssh-6.1p1.tar.gz
 [root@station28 ~]# tar -zxpf openssh-6.1p1.tar.gz //解压openssh 6.1
 [root@station28 ~]# cd openssh-6.1p1 //执行以下命令进行编译
 [root@station28 openssh-6.1p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh  --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
 [root@station28 openssh-6.1p1]# make
 [root@station28 openssh-6.1p1]# make install //warn的报错忽略
 [root@station28 openssh-6.1p1]# cd /usr/local/ssh/bin //刚用--frefix参数指定的路径/usr/local/ssh,将其bin下的拷贝到/usr/bin下
 [root@station28 bin]# ls
 scp  sftp  slogin  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan
 [root@station28 bin]# cp * /usr/bin/
 [root@station28 bin]# cd /usr/local/ssh/sbin
 [root@station28 sbin]# ls
 sshd
 [root@station28 sbin]# cp sshd /usr/sbin/sshd //同理
 [root@station28 sbin]# cd /root/openssh-6.1p1/contrib/RedHat/ //将sshd.init拷贝到/etc/init.d/下,名字为sshd(ssh的daemon名称)
 [root@station28 redhat]# ls
 gnome-ssh-askpass.csh  gnome-ssh-askpass.sh  openssh.spec  sshd.init  sshd.init.old  sshd.pam  sshd.pam.old
 [root@station28 redhat]# cp sshd.init /etc/init.d/sshd
 [root@station28 redhat]# ls -l /etc/init.d/sshd
 -rwxr-xr-x 1 root root 1768 Nov 14 23:21 /etc/init.d/sshd
 [root@station28 redhat]# chkconfig --add sshd
 [root@station28 redhat]# service sshd restart
 
[root@station28 ~]# service sshd restart //提示报错,只要touch该文件即可规避
 Stopping sshd:                                            [  OK  ]
 lstat(/etc/ssh/ssh_host_ecdsa_key.pub) failed: No such file or directory
 Starting sshd:                                            [  OK  ]
 [root@station28 ~]# touch /etc/ssh/ssh_host_ecdsa_key.pub
 [root@station28 ~]# service sshd restart
 Stopping sshd:                                            [  OK  ]
 Starting sshd:                                            [  OK  ]
 [root@station28 ~]# ssh -V //安装成功
 OpenSSH_6.1p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
 
以下步骤为搭建sftp步骤
 [root@station28 ssh]# mkdir /home/sftpserver
 [root@station28 ssh]# useradd -d /home/sftpserver -s /bin/false test01 //创建用户,指定shell为/bin/false
 useradd: warning: the home directory already exists.
 Not copying any file from skel directory into it.
 [root@station28 ssh]# passwd test01
 Changing password for user test01.
 New UNIX password:
 BAD PASSWORD: it is based on a dictionary word
 Retype new UNIX password:
 passwd: all authentication tokens updated successfully.
 
[root@station28 ssh]# pwd
 /etc/ssh
 [root@station28 ssh]# cp sshd_config  sshd_config_1114.bak
 sshd_config配置如下
 # Authentication: //在Authentication下加入如下两行,指定可以登入的网段
 AllowUsers *@192.168.*.*
 AllowUsers *@127.0.0.1
 # override default of no subsystems
 #Subsystem      sftp    /usr/local/ssh/libexec/sftp-server //将这行注释,使用internal-sftp,添加如下行
 Subsystem      sftp    internal-sftp
 
# Example of overriding settings on a per-user basis
 #Match User anoncvs
 #      X11Forwarding no
 #      AllowTcpForwarding no
 #      ForceCommand cvs server
 //在最下面添加如下行,对test01这个用户chroot到/home/sftpserver目录下
 Match User test01
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
        ChrootDirectory /home/sftpserver
 [root@station28 ssh]# sftp test01@192.168.14.28 //chroot成功
 test01@192.168.14.28's password:
 Connected to 192.168.14.28.
 sftp> pwd
 Remote working directory: /
 
可参考如下rhel下的sftp配置链接: http://www.linuxidc.com/Linux/2012-07/64871.htm新濠国际登录平台 1

新濠国际登录平台 2

新濠国际登录平台 3

新濠国际登录平台 4

 

2.升级openssh之前要先打开服务器telnet,通过telnet登录服务器,因为升级过程中会导致ssh暂时不能用

打开linux telnet服务:

查看telnet是否已经安装:

rpm -qa|grep telnet

telnet-0.17-48.el6.x86_64

telnet-server-0.17-48.el6.x86_64

 

如果没有安装,通过yum安装

[root@leotest ~]# yum install telnet

[root@leotest ~]# yum install telnet-server

 

启动telnet服务:

编辑telnet文件,将disable改成no

[root@leotest xinetd.d]# vi /etc/xinetd.d/telnet

# default: on

# description: The telnet server serves telnet sessions; it uses

#       unencrypted username/password pairs for authentication.

service telnet

{

        flags           = REUSE

        socket_type     = stream

        wait            = no

        user            = root

        server          = /usr/sbin/in.telnetd

        log_on_failure  += USERID

        disable         = no

}

 

 

重启xinetd服务:

service xinetd restart

or:

/etc/rc.d/init.d/xinetd restart

 

通过telnet连接服务器:

[c:~]$ telnet 192.168.5.5

 

 

Connecting to 192.168.5.5:23...

Connection established.

To escape to local shell, press 'Ctrl+Alt+]'.

Red Hat Enterprise Linux Server release 6.8 (Santiago)

Kernel 2.6.32-642.el6.x86_64 on an x86_64

login: test

Password:

[test@leotest ~]$

由于默认telnet只能连接普通用户,所以需要登录普通用户之后跳转到root用户

 

3.备份原openssh相关文件:

cp /usr/sbin/sshd /usr/sbin/sshd.bak

cp /etc/ssh/ssh_config /etc/ssh/ssh_config.bak

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

cp /etc/ssh/moduli /etc/ssh/moduli.bak

 

Note:删除掉下面三个文件,否则安装的时候会报错:

/etc/ssh/ssh_config already exists, install will not overwrite

/etc/ssh/sshd_config already exists, install will not overwrite

/etc/ssh/moduli already exists, install will not overwrite

 

rm /etc/ssh/ssh_config -fr

rm /etc/ssh/sshd_config -fr

rm /etc/ssh/moduli -fr

 

yum install pam-devel

新濠国际登录平台,yum install zlib-devel

yum install openssl-devel

 

 

4.解压并安装openssh

[root@leotest softs]# tar -zxvf openssh-7.4p1.tar.gz

[root@leotest softs]# ls

openssh-7.4p1  openssh-7.4p1.tar.gz  openssh-7.4p1-vs-openbsd.diff.gz

[root@leotest softs]# cd openssh-7.4p1

[root@leotest openssh-7.4p1]#./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --mandir=/usr/share/man

### configure: error: *** zlib.h missing – please install first or check config.log

#yum install zlib-devel

###configure: error: *** Can’t find recent OpenSSL libcrypto (see config.log for details) ***

#yum install openssl openssl-devel

 

重新编译:

重新编译前要先清理之前的编译信息:

make clean

ldconfig

[root@leotest openssh-7.4p1]#  ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --mandir=/usr/share/man

OpenSSH has been configured with the following options:

                     User binaries: /usr/bin

                   System binaries: /usr/sbin

               Configuration files: /etc/ssh

                   Askpass program: /usr/libexec/ssh-askpass

                      Manual pages: /usr/share/man/manX

                          PID file: /var/run

  Privilege separation chroot path: /var/empty

            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin

                    Manpage format: doc

                       PAM support: no

                   OSF SIA support: no

                 KerberosV support: no

                   SELinux support: no

                 Smartcard support:

                     S/KEY support: no

              MD5 password support: no

                   libedit support: no

  Solaris process contract support: no

           Solaris project support: no

         Solaris privilege support: no

       IP address in $DISPLAY hack: no

           Translate v4 in v6 hack: yes

                  BSD Auth support: no

              Random number source: OpenSSL internal ONLY

             Privsep sandbox style: rlimit

 

              Host: x86_64-pc-linux-gnu

          Compiler: gcc

    Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE

Preprocessor flags:

      Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie

         Libraries: -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

 

make && make install

/etc/init.d/sshd restart

 

5.覆盖旧的文件

cp -p /softs/openssh-7.4p1/contrib/redhat/sshd.init /etc/init.d/sshd

本文由新濠国际登录平台发布于新濠国际登录平台,转载请注明出处:通过telnet连接服务器

关键词: