ubuntu1404编译安装openssh-server75

问题

ubuntu14.04.5 server 上openssh-server需要升级到7.5版本。
通过指定高版本源使用apt-get install openssh-server会存在无法重启等故障,决定尝试手动编译安装。

解决过程

0 将openssl和openssh-server源码放到可以下载的地方。

1 安装系统,配置代理,配置源

1
2
3
4
5
6
7
8
deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse

取消版本检查,避免版本升级,/etc/update-manager/release-upgrades
参数lts改为never

2 安装编译环境

1
2
3
apt-get update
apt-get upgrade
apt-get install gcc make zlib1g-dev -y

3 安装下载源码

1
2
3
4
5
# wget source code and unzip
wget -N http://192.168.13.1/data/openssh/7.5/openssl-1.0.2k.tar.gz -P /usr/src/
wget -N http://192.168.13.1/data/openssh/7.5/openssh-7.5p1.tar.gz -P /usr/src/
tar xzvf /usr/src/openssl-1.0.2k.tar.gz -C /usr/src/
tar zxvf /usr/src/openssh-7.5p1.tar.gz -C /usr/src/

4 安装openssl

1
2
3
4
5
6
7
8
9
10
11
12
13
# make and make install openssl
cd /usr/src/openssl-1.0.2k
./config shared zlib
make
make install
mv /usr/bin/openssl /tmp/7
mv /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /tmp/7/libcrypto.so.1.0.0.$(date +%s)
rm -rf /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /lib/x86_64-linux-gnu/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl;ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl
grep '/usr/local/ssl/lib' /etc/ld.so.conf || echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v
openssl version

5 安装openssh

1
2
3
4
5
6
7
#apt-get remove openssh-server
cp -r /etc/ssh /etc/ssh-bak03
cd /usr/src/openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-ssl-dir=/usr/local/ssl
make
make install
sed -i 's/#UseLogin no/UseLogin yes/g' /etc/ssh/sshd_config

6 修改启动脚本
由于使用系统的脚本/etc/init.d/ssh stop,不能停止sshd,故重新制作sshd服务。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
mv /etc/init/ssh.conf /etc/init/ssh.conf.bak
chmod -x /etc/init.d/ssh
cat > /etc/init/sshd.conf << EOF
description "Openssh-server"
author "root"
start on runlevel [2345]
pre-start script
echo "[`date`] sshd Starting" >> /var/log/sshd.log
end script
exec /usr/sbin/sshd -D
EOF
init-checkconf /etc/init/sshd.conf
service sshd status
#kill 以前sshd进程或重启系统
ps aux | grep '/usr/sbin/sshd' |awk '{print $2}' |head -1 |xargs kill -9

查看sshd状态和重启操作

1
2
3
4
5
6
7
root@ubuntu:~# service sshd status
sshd start/running, process 1312
root@ubuntu:~# service sshd restart
sshd stop/waiting
sshd start/running, process 1335
root@ubuntu:~# tail /var/log/sshd.log
[Thu Mar 15 22:40:38 CST 2018] sshd Starting

脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# 1 upgrade openssl
apt-get update
apt-get install gcc make zlib1g-dev -y
wget -N http://192.168.13.1/data/openssh/7.5/openssl-1.0.2k.tar.gz -P /usr/src/
tar xzvf /usr/src/openssl-1.0.2k.tar.gz -C /usr/src/
cd /usr/src/openssl-1.0.2k
./config shared zlib
make
make install
mv /usr/bin/openssl /tmp/7
cp /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /tmp/7/libcrypto.so.1.0.0.$(date +%s)
rm -rf /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /lib/x86_64-linux-gnu/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl;ln -s /usr/local/ssl/include/openssl /usr/include/openssl
grep '/usr/local/ssl/lib' /etc/ld.so.conf || echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v
openssl version
#2 openssh upgrade
wget -N http://192.168.13.1/data/openssh/7.5/openssh-7.5p1.tar.gz -P /usr/src/
tar zxvf /usr/src/openssh-7.5p1.tar.gz -C /usr/src/
cp -r /etc/ssh /etc/ssh-bak03
cd /usr/src/openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-ssl-dir=/usr/local/ssl
make
make install
sed -i 's/#UseLogin no/UseLogin yes/g' /etc/ssh/sshd_config
#3 sshd-config
mv /etc/init/ssh.conf /etc/init/ssh.conf.bak
chmod -x /etc/init.d/ssh
cat > /etc/init/sshd.conf << EOF
description "Openssh-server"
author "root"
start on runlevel [2345]
pre-start script
echo "[`date`] sshd Starting" >> /var/log/sshd.log
end script
exec /usr/sbin/sshd -D
EOF
init-checkconf /etc/init/sshd.conf
ps aux | grep '/usr/sbin/sshd' |awk '{print $2}' |head -1 |xargs kill -9
service sshd start
service sshd status

遗留问题

ln -s /usr/local/ssl/lib/libcrypto.so.1.0.0 /lib/x86_64-linux-gnu/

解决1 :lvconfig -d 会根据/etc/ld.so.conf重新创建链接文件,会覆盖之前手动创建的ln -s 关系。执行cp /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /tmp/7/libcrypto.so.1.0.0.$(date +%s),将原始文件移动出/lib/x86_64-linux-gnu目录解决。

ps -ef | grep ‘/usr/sbin/sshd’ |awk ‘{print $2}’ |head -1 |xargs kill -9
这两行有时不生效。
解决2 :ps -ef 显示当前用户查看到的进程,使用ps aux查看系统所有进程。
ps aux | grep ‘/usr/sbin/sshd’ |awk ‘{print $2}’ |head -1 |xargs kill -9

参考链接

http://blog.csdn.net/jubincn/article/details/6929094
https://stackoverflow.com/questions/19233529/run-bash-script-as-daemon