运维开发网

Openssh源码升级回退脚本

运维开发网 https://www.qedev.com 2021-02-26 12:07 出处:51CTO 作者:dreamhorse
openssh源码升级回退

通过https://blog.51cto.com/kk876435928/2419589 脚本升级Openssh的,想回退用rpm方式安装的脚本如下:

执行脚本前确保本地YUM源或者网络YUM源可用

#!/bin/bash
#
# Determine whether the root user
userid=`id -u`
if [ "$userid" -ne 0 ]; then
    echo "sorry,only root can execute the script. "
    exit
fi

if ! rpm -qa|grep which &> /dev/null; then
    echo "which is not installed" && exit
fi

# OS TYPE
#Distributor_ID=$(lsb_release -i)
# OS Version
Distributor_VE=$(lsb_release -a|grep Release|tr -cd '[0-9.]'|cut -d'.' -f1)

if [ -e $(which lsb_release) ]; then
    Distributor=`lsb_release -i|cut -c 17-`
fi
# Check if telnet service has started

netstat -tnlp | grep -w 23

RETVAL3=$?
if [ $RETVAL3 -eq 0 ]; then
    echo "telnet service is running------------[yes]"
else
    echo "telnet service is not running--------[no]"
    echo "Try to start the telnet service..........."
    if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then 
        systemctl start xinetd.service
        systemctl start telnet.socket       
    else
        sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet
        service xinetd restart
    fi

    netstat -tnlp | grep -w 23

    RETVAL4=$?
    if [ $RETVAL4 -ne 0 ]; then
        echo "telnet service is not running------------[no]"
        echo "unable to start the service automatically, please try manually"
        exit
    fi

fi
# Stop sshd service 
netstat -tnlp | grep -w 22
RETVAL5=$?
if [ $RETVAL5 -eq 0 ]; then
    service sshd stop
    echo "stop sshd service --------------[yes]"
fi

sed -i '/\/usr\/local\/ssl\/lib/d' /etc/ld.so.conf
ldconfig
mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
mv -f /etc/ssh/ssh*key /tmp
yum -y install openssh-server openssh-clients openssh openssh-askpass
if [ `rpm -qa|grep openssh|wc -l` -ne 4 ]; then
    echo "check if openssh-server openssh-clients openssh openssh-askpass had already installd.." && exit
else
    #echo "KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,[email protected]" >> /etc/ssh/sshd_config
    #echo "Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc" >> /etc/ssh/sshd_config
    #echo "MACs hmac-md5,hmac-sha1,[email protected],hmac-sha1-96,hmac-md5-96" >> /etc/ssh/sshd_config
    sed -i 's/^#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
    sed -i '/^PermitRootLogin/s/prohibit-password/no/' /etc/ssh/sshd_config
    sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
fi

# Start sshd service
service sshd start

# Disable telnet service
if netstat -tnlp | grep -w 22 &> /dev/null; then

    if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then 
        systemctl stop telnet.socket
        systemctl stop xinetd.service       
    else
        sed -i '/disable/s/no/yes/' /etc/xinetd.d/telnet
        service xinetd restart
    fi
fi

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号