openssh升級到7.4p1
阿新 • • 發佈:2018-05-23
opensshopenssh升級背景
由於第×××司檢測到服務Openssh有高危漏洞,需要對Openssh進行升級
由於第×××司檢測到服務Openssh有高危漏洞,需要對Openssh進行升級
1.編譯安裝
tar -zxf openssh-7.4p1.tar.gz
cd openssh-7.4p1
./configure --prefix=/usr/local/openssh7.4/ --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd
make && make install
ln -s /usr/local/openssh7.4/ /usr/local/openssh2.將原sshd啟動文件重命名
mv /etc/init.d/sshd /etc/init.d/sshdold
3.上傳新的腳本管理文件cp contrib/redhat/sshd.init /etc/init.d/sshd
sshd文件內容修改成如下
# config: /usr/local/openssh/etc/ssh/ssh_host_key # config: /usr/local/openssh/etc/ssh/ssh_host_key.pub
# config: /usr/local/openssh/etc/ssh/ssh_random_seed
# config: /usr/local/openssh/etc/ssh/sshd_configSSHD=/usr/local/openssh/sbin/sshd /usr/local/openssh/bin/ssh-keygen -A /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_rsa_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_dsa_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_ecdsa_key.pub
修改執行權限chmod 755 /etc/init.d/sshd
4.修改PATH變量
.bash_profilePATH=$PATH:/usr/local/openssh/sbin/:/usr/local/openssh/sbin/
5.修改配置文件
/usr/local/openssh/etc/sshd_config中添加PermitRootLogin yes
6.重啟程序
此步關鍵不能出錯,否則將失去對服務器的連接(本身是通過ssh連接的)
/etc/init.d/sshdold stop; /etc/init.d/sshd start Stopping sshd: [ OK ] Starting sshd: [ OK ]
7.驗證
[root@server08 ~]# ps -ef|grep sshd
root 24732 1 0 15:39 ?00:00:00 sshd: root@pts/1
root 33242 1 0 15:58 ?00:00:00 sshd: root@pts/2
root 33433 1 0 16:05 ?00:00:00 /usr/local/openssh/sbin/sshd
root 33436 24734 0 16:05 pts/100:00:00 grep sshd8.將原系統自帶的openssh包刪除
openssh升級到7.4p1