Centos7离线安装Telnet及离线升级openssh至最新版本

Telnet下载

telnet-0.17-65.el7_8.x86_64.rpm

telnet-server-0.17-65.el7_8.x86_64.rpm

xinetd-2.3.15-14.el7.x86_64.rpm

Tennet安装

rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
rpm -ivh telnet-0.17-65.el7_8.x86_64.rpm
rpm -ivh telnet-server-0.17-65.el7_8.x86_64.rpm

修改配置

vi /etc/xinetd.d/telnet

修改后内容如下，需要将disable改为no，后续安装完成后将其改为yes重启或关闭xinetd服务即可关闭telnet

# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = no
}

Openssh下载

openssh-9.2p1.tar.gz

zlib-1.2.13.tar.gz

openssl-1.1.1g.tar.gz

Openssh安装

1、解压并编译安装zlib-1.2.13

tar -xzvf zlib-1.2.13.tar.gz
cd zlib-1.2.13
./configure --prefix=/usr/local/zlib
make && make install

2、解压并编译安装openssl

tar -xzvf openssl-1.1.1g
cd openssl-1.1.1g
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v

3、解压并编译安装openssh

tar -xzvf openssh-9.2p1.tar.gz
cd openssh-9.2p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install

sshd_config文件修改

echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

备份后复制新配置

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

启动sshd并查看版本号

service sshd restart

[root@localhost~]# ssh -V
OpenSSH_9.2p1, OpenSSL 1.1.1g  21 Apr 2020

故障排查：

1、升级完成后重启sshd服务报错如下：

[root@localhost~]# systemctl restart sshd
Job for sshd.service failed. See 'systemctl status sshd.service' and 'journalctl -xn' for details.

查看日志：

[root@localhost~]# journalctl -u sshd.service

有如下报错信息

3月 02 14:21:20 localhost systemd[1]: Starting SYSV: OpenSSH server daemon...
3月 02 14:21:20 localhost sshd[13955]: Starting sshd:[  确定  ]
3月 02 14:21:20 localhost systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start.
3月 02 14:21:20 localhost systemd[1]: Started SYSV: OpenSSH server daemon.
3月 02 14:32:29 localhost systemd[1]: Stopping SYSV: OpenSSH server daemon...
3月 02 14:32:29 localhost sshd[13961]: Received signal 15; terminating.
3月 02 14:32:29 localhost sshd[25916]: Stopping sshd:[  确定  ]
3月 02 14:32:29 localhost systemd[1]: Starting SYSV: OpenSSH server daemon...
3月 02 14:32:29 localhost sshd[25926]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
3月 02 14:32:29 localhost sshd[25920]: Starting sshd:[  确定  ]
3月 02 14:32:29 localhost systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start.

22端口被占用导致sshd无法启动

[root@localhost~]# sudo lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 
systemd 1 root 42u IPv6 2721 0t0 TCP *:ssh (LISTEN)

可确认systemd进程pid为1，此时占用22端口

解决方案：

断开ssh连接，使用telnet连接服务器

[root@localhost~]# kill -9 1
[root@localhost~]# systemctl restart sshd

sshd此时启动成功，s远程连接测试正常

断开telnet并关闭telnet功能

service xinetd stop
systemctl disabled xinetd

结束。