aix升级openssh_AIX6.1上源码编译升级openssh6.6p1

最近因为绿盟扫描到AIX5.3 AIX6.1系统有openssh高危漏洞，OPENSSH6.4之前的都报高危漏洞，IBM官网上也只有最新的openssh6.0安装文件供下载，没办法只有自己试验的用源码来安装升级，期间各种报错，搞了差不多一周的时间，才顺利的安装的把openssh版本升上去了。以下是安装步骤

1，修改/etc/profile文件

cp -p /etc/profile /etc/profile_bak

/etc/profile文件添加

export LIBPATH=/opt/freeware/lib

export PATH=$PATH:/usr/local/bin:/usr/local/sbin

source /etc/profile

2，安装openssl1.0.1g

openssl-1.0.1g-1.aix6.1.ppc.rpm

openssl-devel-1.0.1g-1.aix6.1.ppc.rpm

root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-1.0.1g-1.aix6.1.ppc.rpm

warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmorig

openssl                     ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-devel-1.0.1g-1.aix6.1.ppc.rpm

openssl-devel               ##################################################

接下来需要安装zlib，由于没有安装GCC，需要首先安装GCC

2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip

gcc-4.8.1-2.aix6.1.ppc.rpm

首先将2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip解压出来

root@SHDNSDB02:/home/weihu>jar -xvf 2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip

inflated: libmpc-0.9-1.aix5.3.ppc.rpm

inflated: zlib-1.2.5-6.aix6.1.ppc.rpm

inflated: info-5.0-2.aix6.1.ppc.rpm

inflated: gettext-0.17-8.aix6.1.ppc.rpm

inflated: libiconv-1.14-1.aix6.1.ppc.rpm

inflated: gmp-5.1.3-1.aix6.1.ppc.rpm

inflated: mpfr-3.1.2-1.aix6.1.ppc.rpm

inflated: gcc-4.8.1-2.aix6.1.ppc.rpm

inflated: gcc-cpp-4.8.1-2.aix6.1.ppc.rpm

inflated: libgcc-4.8.1-2.aix6.1.ppc.rpm

inflated: bash-4.2-9.aix6.1.ppc.rpm

root@SHDNSDB02:/home/weihu>rpm -Uvh libgcc-4.8.1-2.aix6.1.ppc.rpm

libgcc                      ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh gmp-5.1.3-1.aix6.1.ppc.rpm

gmp                         ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh gettext-0.17-8.aix6.1.ppc.rpm --nodeps

/

gettext                     ##################################################

add libintl.so.1 (32bits) shared member to /opt/freeware/lib/libintl.a

add libintl.so.1 (64bits) shared member to  /opt/freeware/lib/libintl.a

/

root@SHDNSDB02:/home/weihu>rpm -Uvh libiconv-1.14-1.aix6.1.ppc.rpm

libiconv                    ##################################################

add shr4.o shared members from /usr/lib/libiconv.a to  /opt/freeware/lib/libiconv.a

add shr.o shared members from /usr/lib/libiconv.a to  /opt/freeware/lib/libiconv.a

add shr4_64.o shared members from /usr/lib/libiconv.a to  /opt/freeware/lib/libiconv.a

/

root@SHDNSDB02:/home/weihu>rpm -Uvh mpfr-3.1.2-1.aix6.1.ppc.rpm

mpfr                        ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh zlib-1.2.5-6.aix6.1.ppc.rpm

zlib                        ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh info-5.0-2.aix6.1.ppc.rpm

warning: /opt/freeware/info/dir created as /opt/freeware/info/dir.rpmnew

info                        ##################################################

Please check that /etc/info-dir does exist.

You might have to rename it from /etc/info-dir.rpmsave to /etc/info-dir.

root@SHDNSDB02:/home/weihu>rpm -Uvh libmpc-0.9-1.aix5.3.ppc.rpm

libmpc                      ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh bash-4.2-9.aix6.1.ppc.rpm

bash                        ##################################################

## Binary "bash" is avaible on 32bit and 64bit ##

The default used is 64bit

Please change symbolic link

from "bash" into /bin directory

To do that tape:

# rm -f /bin/bash

# ln -sf /opt/freeware/bin/bash_32 /bin/bash

root@SHDNSDB02:/home/weihu>mv /bin/bash /bin/bash_bak

root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_

bash_32  bash_64

root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_32 /bin/bash

root@SHDNSDB02:/home/weihu>rpm -Uvh gcc-cpp-4.8.1-2.aix6.1.ppc.rpm gcc-4.8.1-2.aix6.1.ppc.rpm

gcc-cpp                     ##################################################

gcc                         ##################################################

root@SHDNSDB02:/home/weihu>type gcc

gcc is /usr/bin/gcc

到此GCC已经安装好。

接下来编译zlib,我用的zlib版本是zlib-1.2.5.tar.bz2，解压并编译它

(*注意这里一定要安装，否则会报错：configure: error: *** zlib.h missing - please install first or check config.log ****)

root@SHDNSDB02:/home/weihu>bzip2 -d zlib-1.2.5.tar.bz2

root@SHDNSDB02:/home/weihu>tar -xvf zlib-1.2.5.tar

root@SHDNSDB02:/home/weihu>cd zlib-1.2.5

root@SHDNSDB02:/home/weihu>./configure

root@SHDNSDB02:/home/weihu>make

root@SHDNSDB02:/home/weihu>make install

编译openssh,并将openssh源码包打包成

root@SHDNSDB02:/home/weihu>gzip -d openssh-6.6p1.tar.gz

root@SHDNSDB02:/home/weihu>tar xvf openssh-6.6p1.tar

root@SHDNSDB02:/home/weihu>cd openssh-6.6p1

root@SHDNSDB02:/home/weihu>./configure

root@SHDNSDB02:/home/weihu/openssh-6.6p1>contrib/aix/buildbff.sh (*这条命令生成BFF格式可安装文件，如果脚本最后没有生成openssh-6.6p1.bff文件，你需要检查LIB_ PATH是否设置好，并且source /etc/profile让设置立即生效，同时需要make clean清空上次configure的文件，然后再次./configure并执行buildbff.sh文件*)

root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh

openssh-6.6p1.bff  openssh.xml        opensshd.init

openssh-exec():    openssh.xml.in     opensshd.init.in

root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh-6.6p1.bff

-rw-r--r--    1 root     system      4966400 Oct 16 16:17 openssh-6.6p1.bff

在当前目录下安装openssh-6.6p1.bff文件

root@SHDNSDB02:/home/weihu/openssh-6.6p1>inutoc .

(*注意运行上面的命令出现此错误sh: 0403-057 Syntax error at line 1 : `(' is not expected.，只需要删除当前目录下的openssh-exec(): 文件即可正常运行*)

root@SHDNSDB02:/home/weihu/openssh-6.6p1>installp -acgNQqX -d . -f .toc

到此OPENSSH安装成功

这个时候看ssh版本还是以前的

root@SHDNSDB02:/>type sshd

sshd is /usr/sbin/sshd

关闭sshd

root@SHDNSDB02:/>stopsrc -s sshd

备份老版本sshd，建立软链接到新版本

root@SHDNSDB02:/>mv /usr/sbin/sshd /usr/sbin/sshd_bak

root@SHDNSDB02:/>ln -s /usr/local/sbin/sshd /usr/sbin/sshd

启动ssh

root@SHDNSDB02:/>/usr/sbin/sshd

Could not load host key: /usr/local/etc/ssh_host_rsa_key

Could not load host key: /usr/local/etc/ssh_host_dsa_key

Could not load host key: /usr/local/etc/ssh_host_ecdsa_key

Could not load host key: /usr/local/etc/ssh_host_ed25519_key

建立KEY文件

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ecdsa -f /usr/local/etc/ssh_host_ecdsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ed25519 -f /usr/local/etc/ssh_host_ed25519_key

重新开启ssh服务

root@SHDNSDB02:/>/usr/sbin/sshd

至此ssh服务启动完成，可以正常远程连接

查看以下ssh服务进程和OPENSSH的版本

root@SHDNSDB02:/>ps -ef|grep sshd

weihu 44957866  5767496   0 14:38:48      -  0:00 /usr/sbin/sftp-server -m /etc/ssh/sshd_config

weihu 45481992 48365574   0 13:55:31      -  0:00 sshd: weihu@pts/3

weihu 46661832  7340288   0 13:09:51      -  0:00 sshd: weihu@pts/1

root 48365574        1   0 13:55:18      -  0:00 sshd: weihu [priv]

root  3998086        1   0 16:47:30      -  0:00 sshd: weihu [priv]

root  4063686  6357374   0 16:59:02  pts/0  0:00 grep sshd

weihu  4194786  3998086   0 16:47:52      -  0:00 sshd: weihu@pts/0

weihu  5767496  6750580   0 14:38:48      -  0:01 sshd: weihu@notty

root  6750580        1   0 14:38:47      -  0:00 sshd: weihu [priv]

root  7340288        1   0 13:09:44      -  0:00 sshd: weihu [priv]

root  7406052        1   0 16:58:54      -  0:00 /usr/sbin/sshd

root@SHDNSDB02:/>sshd -v

unknown option -- v

OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014

usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]

[-E log_file] [-f config_file] [-g login_grace_time]

[-h host_key_file] [-k key_gen_time] [-o option] [-p port]

[-u len]

做到这一步openssh的版本就算是升上去了，但是有一个问题还未解决

root@SHDNSDB02:/>stopsrc -s sshd

root@SHDNSDB02:/>startsrc -s sshd

上面的命令无法对ssh进程产生重启和关闭的作用，而且当我重启系统后，ssh是不会自启动的，还好开启了telnet，这个问题暂时还未解决，希望看到此文的网络大牛们给指导指导。

上文所需要的全部安装包，我已经上传，有需要的可以下载，下载地址如下：

http://down.51cto.com/data/1884215