## ssh从7.4升级到8.0

仅支持centos7系统
ssh端口为22，需要修改端口的话请修改文件/etc/ssh/sshd_config 中的端口
下载好zlib-1.2.11.tar.gz openssl-1.0.2r.tar.gz openssh-8.0p1.tar.gz

#! /bin/bash
# update ssh 7.4 to 8.0
set -e 
src_path='/tmp/src'
zlib_version='zlib-1.2.11'
openssh_version='openssh-8.0p1'
openssl_version='openssl-1.0.2r'
old_ssh_version=`ssh -V 2>&1`
if [[ ! $old_ssh_version =~ '7.4' ]]
then 
    echo 'this ssh version is not 7.4'
	exit 1
fi
#judge os version 
judgeos(){
  os_version=`cat /etc/redhat-release |awk '{print $4}'`
  if [[ ! $os_version =~ '7' ]]
  then
      echo 'this os_version is $os_version'
	  exit 1
  fi
 }
 
 #install telnet 
 install_telnet(){
     yum install xinetd telnet-server -y
	 echo -e 'pts/0npts/1npts/2npts/3'>>/etc/securetty
	 systemctl enable xinetd
	 systemctl enable telnet.socket
	 systemctl start telnet.socket
	 systemctl start xinetd
 
 }
judgeos
install_telnet 

if [ ! -d $src_path ]
then
	mkdir -p $src_path
	echo "now please upload $zlib_version.tar.gz  $openssh_version.tar.gz $openssl_version.tar.gz to $src_path"
	exit 1
else 
	if [[ ! -f $src_path/$zlib_version.tar.gz || ! -f $src_path/$openssh_version.tar.gz || ! -f $src_path/$openssl_version.tar.gz ]]
	then
		echo "please upload $zlib_version.tar.gz  $openssh_version.tar.gz $openssl_version.tar.gz to $src_path"
		exit 1
	fi

fi

yum -y install gcc make perl zlib zlib-devel pam pam-devel
cd $src_path

#zlib
tar -zxvf $zlib_version.tar.gz
cd $zlib_version
./configure --prefix=/usr/local/zlib
make && make install
ls /usr/local/zlib   #此处包含include、lib、share
echo "/usr/local/zlib/lib">/etc/ld.so.conf.d/zlib.conf
ldconfig -v

#openssl
cd $src_path
tar -xzvf $openssl_version.tar.gz 
cd $openssl_version
./config shared zlib
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl_bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib">/etc/ld.so.conf.d/ssl.conf
ldconfig -v
openssl version

#openssh
cd $src_path
tar -zxvf $openssh_version.tar.gz
cd $openssh_version
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --mandir=/usr/share/man --with-zlib=/usr/local/zlib
make && make install
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
/usr/local/openssh/bin/ssh -V
cp contrib/redhat/sshd.init /etc/init.d/sshd
mv /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
chmod u+x /etc/init.d/sshd && chkconfig --add sshd && cp sshd_config /etc/ssh/sshd_config

sed -i "s#/usr/libexec/sftp-server#/usr/local/openssh/libexec/sftp-server#g" /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv  /usr/bin/ssh-keygen  /usr/bin/ssh-keygen_bak
mv  /usr/bin/ssh  /usr/bin/ssh_bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd && cp /usr/local/openssh/bin/ssh /usr/bin/
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g'  /etc/ssh/sshd_config 
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g'  /etc/ssh/sshd_config 
mv  /usr/lib/systemd/system/sshd.service  /


service sshd restart
systemctl is-active sshd
netstat -an |grep LISTEN|grep :22