Centos7.9升级openssh-9.6脚本

笔者周末对服务器进行一次升级，升级脚本如下：

#!/bin/bash
#

## show openssh version
ssh -V

## show openssl version
openssl version

sleep 30

## create openssh yilai cankao
echo "[yilai]
name=openssh openssl yilai
baseurl=file:///opt/openssh-9.6-update-scripts/openssh-openssl-yilai
gpgcheck=0
enabled=1" > /etc/yum.repos.d/openssh.repo

yum makecache

## install telnet-server
yum -y install telnet telnet-server

## start telnet-server service
systemctl start telnet.socket && systemctl enable telnet.socket

mv /etc/securetty /etc/securetty.bak-20240302

if [ $(systemctl status telnet.socket | grep active | awk -F ' ' '{print $2}') = active ]; then
echo "telnet service is normal!"
fi

echo "please test telnet service is or not normal:"
sleep 60

## backup pam and ssh configuration
cp -a /etc/pam.d /etc/pam.d.bak-20240302
cp -a /etc/ssh /etc/ssh.bak-20240302

## install openssl-1.1.1w package
if [ $(openssl version | awk -F '-' '{print $1}' | awk -F ' ' '{print $2}') = 1.0.1e ]; then
yum -y install openssl-1.0.2k* openssl-devel-1.0.2k*
fi

if [ $(openssl version | awk -F '-' '{print $1}' | awk -F ' ' '{print $2}') = 1.0.2k ]; then
rpm -ivh /opt/openssh-9.6-update-scripts/openssl-1.1.1w-rpm/openssl-1.1.1w-1.el7.centos.x86_64.rpm --nodeps --force
rpm -ivh /opt/openssh-9.6-update-scripts/openssl-1.1.1w-rpm/openssl-devel-1.1.1w-1.el7.centos.x86_64.rpm --nodeps --force
rpm -ivh /opt/openssh-9.6-update-scripts/openssl-1.1.1w-rpm/openssl-debuginfo-1.1.1w-1.el7.centos.x86_64.rpm --nodeps --force
fi
## show openssl new version
rpm -qa | grep openssl

openssl version


sleep 30

## install openssh-9.6 package
yum -y install perl
yum -y localinstall /opt/openssh-9.6-update-scripts/openssh-9.6-gitscript/x86_64/openssh-*

## ssh configuration permission change
chmod 600 /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key

## sshd_config configuration change
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

## start sshd service
systemctl restart sshd.service && systemctl enable sshd.service

/sbin/chkconfig sshd on


## show openssh and openssl version for update complete
openssl version

ssh -V