OpenSSHµÄÔ´Âë±àÒëÓëÉý¼¶
1. AS4 Éý¼¶²½Öè1.1 ½¨ÒéʹÓÃÔ´Âë°²×°·½Ê½£¬ÏÂÔØ°²×°°ü
cd /root
wget -c "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz"
tar zxvf openssh-5.0p1.tar.gz
cd openssh-5.0p1
1.2Éý¼¶ÇëÈ·ÈÏZlibºÍOpenSSLµÄ°æ±¾:
openssh-5.0p1ÒªÇóZlibµÄ°æ±¾ÔÚ1.2.1.2ÒÔÉÏ,OpenSSL°æ±¾ÔÚ0.9.6ÒÔÉÏ.ÏÂÃæÊÇZlibºÍ OpenSSLµÄ¹Ù·½µØÖ·:
[url]http://www.gzip.org/zlib/[/url]
[url]http://www.openssl.org/[/url]
×¢Òâ: OpenSSL 0.9.5aÊôÓڿɽÓÊܵİ汾£¬µ«ÊÇÔÚʹÓÃSSH protocol 1 ʱ£¬Ò»Ð©¼ÓÃܹ¦ÄÜ¿ÉÄÜ»á³öÏÖÎÊÌ⣨³öÓÚ°²È«¿¼ÂÇ£¬½¨ÒéʹÓÃSSH protocol 2£©¡£Ïê¼ûINSTALLÎĵµ¡£
1.3±àÒë³£ÓõIJÎÊý--prefix=ºÍ--sysconfdir=£¬Ê¡ÂÔÒÔÉϲÎÊý£¬Ä¬ÈϵÄssh½«°²×°ÔÚ /usr/local/binÏ£¬sshd×°ÔÚ/usr/local/sbin£¬sftp-server×°ÔÚ/usr/local/libexec/sftp-server£¬ÅäÖÃÎļþÔÚ/usr/locale/etcÏ¡£
./configure --sysconfdir=/etc/ssh
make
make install
1.4¶Ô±È°²×°Ä¬ÈϺ͵±Ç°ÅäÖÃÎļþ£¬¸ö±ðÖØÒª²ÎÊýÇëÎñ±ØÐÞ¸Ä
diff sshd_config /etc/ssh.bak/sshd_config
1.5ÅäÖÃÎļþÍƼöÉèÖÃ
È·ÈÏ/usr/local/libexec/sftp-server·¾¶ÊÇ·ñÕýÈ·
1.6¼ì²éÅäÖÃÎļþµÄÕýÈ·ÐÔ
grep -v ^# /etc/ssh/sshd_config | awk '{print $1}' | sort | uniq -d
ÊÇ·ñÓÐÖظ´µÄÐÐ
/usr/local/sbin/sshd -t
²ÎÊýÊÇ·ñÕýÈ·
1.7Ìí¼Ó/etc/init.d½Å±¾ºÍservice·þÎñ
Ïȱ¸·ÝÔÀ´µÄ½Å±¾
cp /etc/init.d/sshd /etc/init.d/sshd.bak
Ö÷ÒªÊÇÐÞ¸Ässh-keygenºÍsshdµÄ·¾¶¡£PIDÎļþÒ²×÷ÏàÓ¦Ð޸ģ¬±ÜÃâ¸ú֮ǰµÄsshdÓгåÍ»£¬ÕâÑù¾ÍÄܹ»ÔÚ±£Ö¤ÔÓÐsshd²»ÊÜÓ°ÏìµÄÇé¿öÏÂÅäÖÃеÄsshd·þÎñ¡£ÐÞ¸ÄÏÂÃæÈýÏ
ÔÀ´£º
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
PID_FILE=/var/run/sshd.pid
¸Ä³É£º
KEYGEN=/usr/local/bin/ssh-keygen
SSHD=/usr/local/sbin/sshd
PID_FILE=/var/run/sshd2.pid
Ìí¼Óservice·þÎñ£º
/sbin/chkconfig --add sshd
1.8ÖØÆðsshd·þÎñ
×¢Ò⣺Æô¶¯ÐµÄsshd·þÎñÇ°£¬ÏÈÁÙʱÐÞ¸Ässhd_configÀïµÄ¶Ë¿Ú£¬±ÜÃâ¸úÔÓÐssh¶Ë¿Ú³åÍ»¡£
/sbin/service sshd start
>/root/.ssh/known_hosts
ÓÃsshµÇ½²âÊÔ£¬Èç¹ûÄÜÕý³£µÇ¼¾Í¿ÉÒÔ»»»Ø¹ÜÀíԱʹÓõÄssh¶Ë¿Ú£¨Çл»Ö®Ç°»¹ÊDZØÐë°Ñ¾É°æsshÕ¼ÓõĶ˿ڻ»µô£©¡£
×¢Ò⣺Զ³Ì¶ÔsshËù×öµÄÈκÎÖØ´óÐ޸ģ¬±ØÐëÈ·±£ÓÐÁíÍâµÄ·½Ê½¿ÉÒԵǼ·þÎñÆ÷¡£
Íê³ÉËùÓй¤×÷ºó£¬°ÑÔÓеÄsshd·þÎñ¹Ø±Õ¡£
/etc/init.d/sshd.bak stop
sshÉý¼¶Íê³É£¬Ð°æµÄ/usr/local/sbin/sshd½«´úÌæ¾É°æµÄ/usr/sbin/sshd
Èç¹û²»Äܵǽ£¬Çë¼ì²é¡£
Éý¼¶²½Ö裺
1£©Æô¶¯telnet·þÎñ
vi /etc/inetd.conf
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
¼ì²é/etc/rc.confÖÐÊÇ·ñinetd_enable="YES£¬/etc/rc.d/inetd restart£¬Æô¶¯inetd
ÓÃtelnetµÇ½·þÎñÆ÷£¬½øÐÐÏÂÃæ²Ù×÷
2£©Éý¼¶openssh
cd /root/
wget -c [url]ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.0p1.tar.gz[/url]
tar zxvf openssh-5.0p1.tar.gz
cd openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh --without-zlib-version-check
make
make install
¶Ô±È°²×°Ä¬ÈϺ͵±Ç°ÅäÖÃÎļþ£¬¸ö±ðÖØÒª²ÎÊýÇëÎñ±ØÐÞ¸Ä
diff sshd_config /etc/ssh/sshd_config
¼ì²éÅäÖÃÎļþµÄÕýÈ·ÐÔ
grep -v ^# /etc/ssh/sshd_config | awk '{print $1}' | sort | uniq -d
ÊÇ·ñÓÐÖظ´µÄÐÐ
/usr/sbin/sshd -t
²ÎÊýÊÇ·ñÕýÈ·
ÖØÆðsshd
kill -HUP `cat /var/run/sshd.pid`
ÓÃsshµÇ½¼ì²éopenssh·þÎñÊÇ·ñ°²×°£¬Æô¶¯Õý³£
¹Ø±Õtelnet·þÎñ£¬Í˳ötelnet
killall inetd
È·ÈÏtelnet·þÎñ¹Ø±Õ
4£º¹ØÓÚopensslµÄÉý¼¶£º
×îеÄopenssl°ü£¬[url]http://www.openssl.org/source/openssl-0.9.8g.tar.gz[/url]
¿É²ÉÓÃÔ´Âë°²×°µÄÐÎʽ£¬
./config --prefix=/usr/local/openssl-0.9.8
make
make install
È»ºóÉý¼¶SSH£¬½« --with-ssl-dirÖ¸ÏòopensslµÄ°²×°Ä¿Â¼¡£
4:FAQ
1£ºÆô¶¯sshd ·þÎñµÄʱºòÌáʾ´íÎóUnsupported option UsePAM£¿
´ð£ºÄ¬ÈϵÄconfigureûÓÐÆôÓÃ--with-pamÑ¡ÏÈç¹ûÔÚsshd_configÅäÖÃÎļþÀï¼ÓÈë
UsePAM no
¾Í»áµ¼ÖÂÉÏÃæµÄ´íÎóÌáʾ¡£UsePAMÓësshÃÜÂëÈÏÖ¤Ïà¹Ø£¬µ«¹«Ë¾·þÎñÆ÷½ûֹͨ¹ýÃÜÂëÈÏÖ¤·½Ê½µÇ¼¡£ËùÒÔ±àÒëµÄʱºò²»½¨ÒéʹÓÃ--with-pamÑ¡ÏÅäÖÃÎļþÀﲻʹÓÃUsePAM no£¬¶ø¸ÄΪʹÓÃ
PasswordAuthentication no
ChallengeResponseAuthentication no
µÄ·½Ê½À´½ûÖ¹ÃÜÂëµÇ¼¡£
Ò³:
[1]