升级OpenssL和Openssh

Openss*较低版本;随时会带来安全隐患;及时更新做好安全防护。 1 下载Openssl软件包 wget https: ftp openssl org

Openss*较低版本;随时会带来安全隐患;及时更新做好安全防护。

 

1. 下载Openssl软件包

# wget https://ftp.openssl.org/source/openssl-1.1.1m.tar.gz

 

2. 提前安装所需要的依赖包

# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel pam* zlib*

 

3. 备份原生系统的Openssl
# mv /usr/bin/openssl /usr/bin/openssl.bak
 
4. 解压缩,编译OpenssL,
# tar xf openssl-1.1.1m.tar.gz

# cd ./openssl-1.1.1m

# ./config --prefix=/usr/local/openssl && make && make install

# ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl

# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf

# ldconfig -v ##设置生效

# openssl version ##查看版本是否生效 OpenSSL 1.1.1m 14 Dec 2021

 

1. 下载Openssh软件包
# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
 
2. 备份原系统的ssh配置
# mv /etc/ssh /etc/ssh.20220308bak

 

3. 解压、编译、配置。

# tar xf openssh-8.6p1.tar.gz

# chown -R root.root openssh-8.6p1

# cd ./openssh-8.6p1
#   vim version.h               ##可以隐藏Openssh版本号
/* $OpenBSD: version.h,v 1.90 2021/04/16 03:42:00 djm Exp $ */

#define SSH_VERSION     "Leave now"                         ##自定义

#define SSH_PORTABLE    "! ! !"                                  ##自定义
#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE 
# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh/ -with-openssl-includes=/usr/include/openssl --with-ssl-dir=/usr/local/openssl/ --with-zlib --with-md5-passwords --with-pam
# make && make install
# cp -a contrib/redhat/sshd.init  /etc/init.d/sshd
#  vim /etc/ssh/sshd_config
PermitRootLogin yes       ##使能root远程登录
PasswordAuthentication yes   ##使能密码验证
UsePam yes ##开启认证模块

 

#  cp -a contrib/redhat/sshd.pam   /etc/pam.d/sshd
#  vim /etc/pam.d/sshd 

#%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth

  

#  chmod +x /etc/init.d/sshd
#  chkconfig --add sshd
#  chkconfig sshd   on
# mv /usr/lib/systemd/system/sshd.service /tmp   ##升级版本后的sshd归sysv管理;systemd管理不了,(我是这么理解的);如果不移走;会出现sshd在无限重启。记得看日志。 # systemctl enable sshd                  ## 命令输人后,会反馈一下情况;对照理解。就需要将原先归systemd管理的sshd服务;交给sysv来管理。

   sshd.service is not a native service, redirecting to /sbin/chkconfig.
   Executing /sbin/chkconfig sshd on
   Note: Forwarding request to 'systemctl enable sshd.socket'.
   Created symlink from /etc/systemd/system/sockets.target.wants/sshd.socket to /usr/lib/systemd/system/sshd.socket.

#  systemctl restart sshd

# ssh -V                                               ##查看版本,
Leave now! ! !, OpenSSL 1.1.1m  14 Dec 2021

  

感谢以下这几位的文章:

https://developpaper.com/upgrade-centos7-openssh-to-the-latest-version/

https://programmer.group/ssh-upgrade-version-8.2p1.html

https://blog.csdn.net/tladagio/article/details/117083270

 

 

 

  • 添加到短语集
     
    • 没有此单词集:英语(美国) → 中文(简体)...
       
    • 创建新的单词集...
  • 拷贝