通过https://blog.51cto.com/kk876435928/2419589 脚本升级Openssh的,想回退用rpm方式安装的脚本如下:
执行脚本前确保本地YUM源或者网络YUM源可用
#!/bin/bash
#
# Determine whether the root user
userid=`id -u`
if [ "$userid" -ne 0 ]; then
echo "sorry,only root can execute the script. "
exit
fi
if ! rpm -qa|grep which &> /dev/null; then
echo "which is not installed" && exit
fi
# OS TYPE
#Distributor_ID=$(lsb_release -i)
# OS Version
Distributor_VE=$(lsb_release -a|grep Release|tr -cd '[0-9.]'|cut -d'.' -f1)
if [ -e $(which lsb_release) ]; then
Distributor=`lsb_release -i|cut -c 17-`
fi
# Check if telnet service has started
netstat -tnlp | grep -w 23
RETVAL3=$?
if [ $RETVAL3 -eq 0 ]; then
echo "telnet service is running------------[yes]"
else
echo "telnet service is not running--------[no]"
echo "Try to start the telnet service..........."
if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then
systemctl start xinetd.service
systemctl start telnet.socket
else
sed -i '/disable/s/yes/no/' /etc/xinetd.d/telnet
service xinetd restart
fi
netstat -tnlp | grep -w 23
RETVAL4=$?
if [ $RETVAL4 -ne 0 ]; then
echo "telnet service is not running------------[no]"
echo "unable to start the service automatically, please try manually"
exit
fi
fi
# Stop sshd service
netstat -tnlp | grep -w 22
RETVAL5=$?
if [ $RETVAL5 -eq 0 ]; then
service sshd stop
echo "stop sshd service --------------[yes]"
fi
sed -i '/\/usr\/local\/ssl\/lib/d' /etc/ld.so.conf
ldconfig
mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
mv -f /etc/ssh/ssh*key /tmp
yum -y install openssh-server openssh-clients openssh openssh-askpass
if [ `rpm -qa|grep openssh|wc -l` -ne 4 ]; then
echo "check if openssh-server openssh-clients openssh openssh-askpass had already installd.." && exit
else
#echo "KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,[email protected]" >> /etc/ssh/sshd_config
#echo "Ciphers aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc" >> /etc/ssh/sshd_config
#echo "MACs hmac-md5,hmac-sha1,[email protected],hmac-sha1-96,hmac-md5-96" >> /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
sed -i '/^PermitRootLogin/s/prohibit-password/no/' /etc/ssh/sshd_config
sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
fi
# Start sshd service
service sshd start
# Disable telnet service
if netstat -tnlp | grep -w 22 &> /dev/null; then
if [[ "$Distributor_VE" -eq 7 ]] && [[ "$Distributor" =~ "RedHat" || "$Distributor" =~ "CentOS" ]]; then
systemctl stop telnet.socket
systemctl stop xinetd.service
else
sed -i '/disable/s/no/yes/' /etc/xinetd.d/telnet
service xinetd restart
fi
fi