升級OpenssL和Openssh
阿新 • • 發佈:2022-03-08
Openss*較低版本;隨時會帶來安全隱患;及時更新做好安全防護。
1. 下載Openssl軟體包
# wget https://ftp.openssl.org/source/openssl-1.1.1m.tar.gz
2. 提前安裝所需要的依賴包
# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel pam* zlib*
3. 備份原生系統的Openssl
# mv /usr/bin/openssl /usr/bin/openssl.bak
4. 解壓縮,編譯OpenssL,# tar xf openssl-1.1.1m.tar.gz
# cd ./openssl-1.1.1m
# ./config --prefix=/usr/local/openssl && make && make install
# ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
# ldconfig -v ##設定生效
# openssl version ##檢視版本是否生效 OpenSSL 1.1.1m 14 Dec 2021
1. 下載Openssh軟體包
# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
2. 備份原系統的ssh配置
# mv /etc/ssh /etc/ssh.20220308bak
3. 解壓、編譯、配置。
# tar xf openssh-8.6p1.tar.gz
# chown -R root.root openssh-8.6p1
# cd ./openssh-8.6p1
# vim version.h ##可以隱藏Openssh版本號 /* $OpenBSD: version.h,v 1.90 2021/04/16 03:42:00 djm Exp $ */ #define SSH_VERSION "Leave now" ##自定義 #define SSH_PORTABLE "! ! !" ##自定義 #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh/ -with-openssl-includes=/usr/include/openssl --with-ssl-dir=/usr/local/openssl/ --with-zlib --with-md5-passwords --with-pam
# make && make install
# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
# vim /etc/ssh/sshd_config
PermitRootLogin yes ##使能root遠端登入
PasswordAuthentication yes ##使能密碼驗證
# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd
# vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
# chmod +x /etc/init.d/sshd # chkconfig --add sshd # chkconfig sshd on # systemctl enable sshd # systemctl restart sshd # ssh -V ##檢視版本 Leave now! ! !, OpenSSL 1.1.1m 14 Dec 2021
TRANSLATE with x English TRANSLATE with EMBED THE SNIPPET BELOW IN YOUR SITE Enable collaborative features and customize widget: Bing Webmaster Portal Back