- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
redhat安装openssh和配置sftp锁定目录
作者:黑客防线网安redhat教程网 来源:黑客防线网安redhat教程网 浏览次数:0 |
黑客防线网安网讯:操作系统:
[root@station28 ~]# cat /etc/issue.net
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel
on an \m
[root@station28 ~]# uname -a
Linux station28.example.com 2.6.18-164.el5 #1
[root@station28 ~]# cat /etc/issue.net
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel
on an \m
[root@station28 ~]# uname -a
Linux station28.example.com 2.6.18-164.el5 #1
操作系统:
[root@station28 ~]# cat /etc/issue.net
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Kernel
on an \m
[root@station28 ~]# uname -a
Linux station28.example.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
在配置sftp时,需要chroot特定的目录,则openssh的版本需不低于5.1,我这下载的是openssh 6.1版本的源码包,需要进行编译,
则需要安装gcc,同时需要安装openssl-devel-0.9.8e-12.el5
openssh-6.1p1下载地址:或者进入官网下载
ftp://ftp.openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz
若不安装openssl-devel,则报如下错误:
[root@station28 openssh-6.1p1]#./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl--with-md5-passwords --mandir=/usr/share/man
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***
1、配置yum,安装gcc,openssl-devel-0.9.8e-12.el5,和telnet(当ssh不能用的时候,用于连接服务器)
[root@station28 ~]# cat /etc/yum.repos.d/base.repo
[base]
baseurl=file:///mnt/Server
gpgcheck=0
[root@station28 ~]# yum -y install "gcc*"
[root@station28 ~]# yum -y install "openssl-devel-0.9.8e-12.el5"
[root@station28 openssh-6.1p1]# yum -y install "telnet-server*"
卸载openssh,观察openssh的各个包包含的内容:
[root@station28 ~]# cd /etc/ssh
[root@station28 ssh]# mkdir /root/1114_ssh_bak
[root@station28 ssh]# cp * /root/1114_ssh_bak/
[root@station28 ssh]# rpm -qa | grep openssh //目前系统安装的是4.3版本的
openssh-server-4.3p2-36.el5
openssh-askpass-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-clients-4.3p2-36.el5
[root@station28 ~]# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[root@station28 ssh]# rpm -ql openssh-server-4.3p2-36.el5 //查看安装包涉及的内容
/etc/pam.d/sshd
/etc/rc.d/init.d/sshd
/etc/ssh
/etc/ssh/sshd_config
/usr/libexec/openssh/sftp-server
/usr/sbin/.sshd.hmac
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd
/var/empty/sshd/etc
/var/empty/sshd/etc/localtime
[root@station28 ssh]# rpm -ql openssh-askpass-4.3p2-36.el5
/etc/profile.d/gnome-ssh-askpass.csh
/etc/profile.d/gnome-ssh-askpass.sh
/usr/libexec/openssh/gnome-ssh-askpass
/usr/libexec/openssh/ssh-askpass
[root@station28 ssh]# rpm -ql openssh-4.3p2-36.el5
/etc/ssh
/etc/ssh/moduli
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
.....
....
[root@station28 ssh]# rpm -ql openssh-clients-4.3p2-36.el5
/etc/ssh/ssh_config
/usr/bin/.ssh.hmac
/usr/bin/scp
/usr/bin/sftp
/usr/bin/slogin
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-copy-id
/usr/bin/ssh-keyscan
......
.....
[root@station28 ssh]# rpm -qa | grep openssh //全部卸载
openssh-server-4.3p2-36.el5
openssh-askpass-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-clients-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-server-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-askpass-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-4.3p2-36.el5 //存在依赖关系,需要先卸载openssh-clients-4.3p2-36.el5.x86_64
error: Failed dependencies:
openssh = 4.3p2-36.el5 is needed by (installed) openssh-clients-4.3p2-36.el5.x86_64
[root@station28 ssh]# rpm -e openssh-clients-4.3p2-36.el5
[root@station28 ssh]# rpm -e openssh-4.3p2-36.el5
[root@station28 ssh]# rpm -qa | grep openssh //全部卸载干净
[root@station28 ~]# pwd
/root
[root@station28 ~]# ls openssh-6.1p1.tar.gz
openssh-6.1p1.tar.gz
[root@station28 ~]# tar -zxpf openssh-6.1p1.tar.gz //解压openssh 6.1
[root@station28 ~]# cd openssh-6.1p1 //执行以下命令进行编译
[root@station28 openssh-6.1p1]# ./configure --prefix=/usr/local/ssh --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
[root@station28 openssh-6.1p1]# make
[root@station28 openssh-6.1p1]# make install //warn的报错忽略
[root@station28 openssh-6.1p1]# cd /usr/local/ssh/bin //刚用--frefix参数指定的路径/usr/local/ssh,将其bin下的拷贝到/usr/bin下
[root@station28 bin]# ls
scp sftp slogin ssh ssh-add ssh-agent ssh-keygen ssh-keyscan
[root@station28 bin]# cp * /usr/bin/
[root@station28 bin]# cd /usr/local/ssh/sbin
[root@station28 sbin]# ls
sshd
[root@station28 sbin]# cp sshd /usr/sbin/sshd //同理
[root@station28 sbin]# cd /root/openssh-6.1p1/contrib/redhat/ //将sshd.init拷贝到/etc/init.d/下,名字为sshd(ssh的daemon名称)
[root@station28 redhat]# ls
gnome-ssh-askpass.csh gnome-ssh-askpass.sh openssh.spec sshd.init sshd.init.old sshd.pam sshd.pam.old
[root@station28 redhat]# cp sshd.init /etc/init.d/sshd
[root@station28 redhat]# ls -l /etc/init.d/sshd
-rwxr-xr-x 1 root root 1768 Nov 14 23:21 /etc/init.d/sshd
[root@station28 redhat]# chkconfig --add sshd
[root@station28 redhat]# service sshd restart
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-19614-1.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |