redhat安装openssh和配置sftp锁定目录_Linux服务器维护_龙虎鹰师网安服务器维护基地--Powered by WWW.RONGSEN.COM.CN

redhat安装openssh和配置sftp锁定目录

作者:龙虎鹰师网安redhat教程网 来源:龙虎鹰师网安redhat教程网 浏览次数:0

本篇关键词:redhatopenssh
龙虎鹰师网安网讯:操作系统:
[root@station28 ~]# cat /etc/issue.net
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel 
 on an \m
[root@station28 ~]# uname -a
Linux station28.example.com 2.6.18-164.el5 #1

操作系统:
[root@station28 ~]# cat /etc/issue.net
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel on an \m
[root@station28 ~]# uname -a
Linux station28.example.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

在配置sftp时需要chroot特定的目录则openssh的版本需不低于5.1,我这下载的是openssh 6.1版本的源码包,需要进行编译,
则需要安装gcc,同时需要安装openssl-devel-0.9.8e-12.el5
openssh-6.1p1下载地址:或者进入官网下载
ftp://ftp.openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz
若不安装openssl-devel,则报如下错误:
[root@station28 openssh-6.1p1]#./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh  --with-zlib --with-ssl-dir=/usr/local/ssl--with-md5-passwords --mandir=/usr/share/man
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***

1、配置yum,安装gcc,openssl-devel-0.9.8e-12.el5,和telnet(当ssh不能用的时候,用于连接服务器
[root@station28 ~]# cat /etc/yum.repos.d/base.repo
[base]
baseurl=file:///mnt/Server
gpgcheck=0
[root@station28 ~]# yum -y install "gcc*"
[root@station28 ~]# yum -y install "openssl-devel-0.9.8e-12.el5"
[root@station28 openssh-6.1p1]# yum -y install "telnet-server*"

卸载openssh,观察openssh的各个包包含的内容:
[root@station28 ~]# cd /etc/ssh
[root@station28 ssh]# mkdir /root/1114_ssh_bak
[root@station28 ssh]# cp * /root/1114_ssh_bak/
[root@station28 ssh]# rpm -qa | grep openssh //目前系统安装的是4.3版本的
openssh-server-4.3p2-36.el5
openssh-askpass-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-clients-4.3p2-36.el5
[root@station28 ~]# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[root@station28 ssh]# rpm -ql openssh-server-4.3p2-36.el5 //查看安装包涉及的内容
/etc/pam.d/sshd
/etc/rc.d/init.d/sshd
/etc/ssh
/etc/ssh/sshd_config
/usr/libexec/openssh/sftp-server
/usr/sbin/.sshd.hmac
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd
/var/empty/sshd/etc
/var/empty/sshd/etc/localtime
[root@station28 ssh]# rpm -ql openssh-askpass-4.3p2-36.el5
/etc/profile.d/gnome-ssh-askpass.csh
/etc/profile.d/gnome-ssh-askpass.sh
/usr/libexec/openssh/gnome-ssh-askpass
/usr/libexec/openssh/ssh-askpass
[root@station28 ssh]# rpm -ql openssh-4.3p2-36.el5
/etc/ssh
/etc/ssh/moduli
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
.....
....
[root@station28 ssh]# rpm -ql openssh-clients-4.3p2-36.el5
/etc/ssh/ssh_config
/usr/bin/.ssh.hmac
/usr/bin/scp
/usr/bin/sftp
/usr/bin/slogin
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-copy-id
/usr/bin/ssh-keyscan
......
.....
[root@station28 ssh]# rpm -qa | grep openssh //全部卸载
openssh-server-4.3p2-36.el5
openssh-askpass-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-clients-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-server-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-askpass-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-4.3p2-36.el5 //存在依赖关系,需要先卸载openssh-clients-4.3p2-36.el5.x86_64
error: Failed dependencies:
        openssh = 4.3p2-36.el5 is needed by (installed) openssh-clients-4.3p2-36.el5.x86_64
[root@station28 ssh]# rpm -e openssh-clients-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-4.3p2-36.el5
[root@station28 ssh]# rpm -qa | grep openssh //全部卸载干净

[root@station28 ~]# pwd
/root
[root@station28 ~]# ls openssh-6.1p1.tar.gz
openssh-6.1p1.tar.gz
[root@station28 ~]# tar -zxpf openssh-6.1p1.tar.gz //解压openssh 6.1
[root@station28 ~]# cd openssh-6.1p1 //执行以下命令进行编译
[root@station28 openssh-6.1p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh  --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
[root@station28 openssh-6.1p1]# make
[root@station28 openssh-6.1p1]# make install //warn的报错忽略
[root@station28 openssh-6.1p1]# cd /usr/local/ssh/bin //刚用--frefix参数指定的路径/usr/local/ssh,将其bin下的拷贝到/usr/bin下
[root@station28 bin]# ls
scp  sftp  slogin  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan
[root@station28 bin]# cp * /usr/bin/
[root@station28 bin]# cd /usr/local/ssh/sbin
[root@station28 sbin]# ls
sshd
[root@station28 sbin]# cp sshd /usr/sbin/sshd //同理
[root@station28 sbin]# cd /root/openssh-6.1p1/contrib/redhat/ //将sshd.init拷贝到/etc/init.d/下,名字为sshd(ssh的daemon名称)
[root@station28 redhat]# ls
gnome-ssh-askpass.csh  gnome-ssh-askpass.sh  openssh.spec  sshd.init  sshd.init.old  sshd.pam  sshd.pam.old
[root@station28 redhat]# cp sshd.init /etc/init.d/sshd
[root@station28 redhat]# ls -l /etc/init.d/sshd
-rwxr-xr-x 1 root root 1768 Nov 14 23:21 /etc/init.d/sshd
[root@station28 redhat]# chkconfig --add sshd
[root@station28 redhat]# service sshd restart

    龙虎鹰师网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-19614-1.html
网站维护教程更新时间:2013-01-14 22:12:08  【打印此页】  【关闭
全站连接N点 | 龙虎鹰师网安 |  
专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。龙虎鹰师网安服务器维护基地招商进行中!请致电24小时热线: 13910257075 王先生
  开户名:王俊鹏 开户行:招商银行清华园支行:9555500101708872 建设银行清华园分行 6227000014970239251 

footer  footer  互联网安全  footer