openssh升级到7.4p1
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openssh升级到7.4p1相关的知识,希望对你有一定的参考价值。
openssh升级背景由于第×××司检测到服务Openssh有高危漏洞,需要对Openssh进行升级
1.编译安装
tar -zxf openssh-7.4p1.tar.gz
cd openssh-7.4p1
./configure --prefix=/usr/local/openssh7.4/ --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd
make && make install
ln -s /usr/local/openssh7.4/ /usr/local/openssh
2.将原sshd启动文件重命名mv /etc/init.d/sshd /etc/init.d/sshdold
3.上传新的脚本管理文件cp contrib/redhat/sshd.init /etc/init.d/sshd
sshd文件内容修改成如下
# config: /usr/local/openssh/etc/ssh/ssh_host_key
# config: /usr/local/openssh/etc/ssh/ssh_host_key.pub
# config: /usr/local/openssh/etc/ssh/ssh_random_seed
# config: /usr/local/openssh/etc/ssh/sshd_config
SSHD=/usr/local/openssh/sbin/sshd
/usr/local/openssh/bin/ssh-keygen -A
/sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_key.pub
/sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_rsa_key.pub
/sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_dsa_key.pub
/sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_ecdsa_key.pub
修改执行权限chmod 755 /etc/init.d/sshd
4.修改PATH变量
.bash_profilePATH=$PATH:/usr/local/openssh/sbin/:/usr/local/openssh/sbin/
5.修改配置文件
/usr/local/openssh/etc/sshd_config中添加PermitRootLogin yes
6.重启程序
此步关键不能出错,否则将失去对服务器的连接(本身是通过ssh连接的)
/etc/init.d/sshdold stop; /etc/init.d/sshd start
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
7.验证
[[email protected] ~]# ps -ef|grep sshd
root 24732 1 0 15:39 ?00:00:00 sshd: [email protected]/1
root 33242 1 0 15:58 ?00:00:00 sshd: [email protected]/2
root 33433 1 0 16:05 ?00:00:00 /usr/local/openssh/sbin/sshd
root 33436 24734 0 16:05 pts/100:00:00 grep sshd
8.将原系统自带的openssh包删除
以上是关于openssh升级到7.4p1的主要内容,如果未能解决你的问题,请参考以下文章
完美升级Opensshredhat 6.8 x64升级SSH到OpenSSH_7.4p1
RHEL5.4 openssh升级至OpenSSH_7.4p1版本-shell处理
centos7 升级openssh到openssh-8.0p1版本