服务器漏洞扫描发现,公司linux存在OPENSSH严重漏洞,so,准备升级到最新的openssh7.5p1
下载openssh7.5p1,并上传到/usr/src目录
yum install gcc pam-devel zlib-devel
备份移除ssh目录 mv /etc/ssh /etc/ssh.old
卸载旧的ssh
rpm -qa | grep openssh ##查看安装的ssh并卸载 openssh-clients-5.3p1-104.el6.x86_64 openssh-server-5.3p1-104.el6.x86_64 openssh-5.3p1-104.el6.x86_64 openssh-askpass-5.3p1-104.el6.x86_64 # rpm -e --nodeps openssh-5.3p1-104.el6.x86_64 # rpm -e --nodeps openssh-server-5.3p1-104.el6.x86_64 # rpm -e --nodeps openssh-clients-5.3p1-104.el6.x86_64 # rpm -e --nodeps openssh-askpass-5.3p1-104.el6.x86_64
5. 安装前环境变量配置
# install -v -m 700 -d /var/lib/sshd # chown -v root:sys /var/lib/sshd
6.解压openssh_7.5p1源码并编译安装
# tar -zxvf openssh-7.5p1.tar.gz # cd openssh-7.5p1 # ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd #如果报错configure: error: *** OpenSSL headers missing # yum install openssl-devel make make install |
7.openssh安装后环境配置
# 在openssh编译目录执行如下命令 # install -v -m755 contrib/ssh-copy-id /usr/bin # install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 # install -v -m755 -d /usr/share/doc/openssh-7.5p1 # install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.5p1 # ssh -V #验证是否升级成 |
8.启用OpenSSH服务
# 在openssh编译目录执行如下 # echo 'X11Forwarding yes' >> /etc/ssh/sshd_config # echo "PermitRootLogin yes" >> /etc/ssh/sshd_config #允许root用户通过ssh登录 # cp -p contrib/redhat/sshd.init /etc/init.d/sshd # chmod +x /etc/init.d/sshd # chkconfig --add sshd # chkconfig sshd on # chkconfig --list sshd # service sshd restart # 默认root用户是无法登陆的,可以设置SELINUX # setenforce 0 |
原链接
http://hnr520.blog.51cto.com/4484939/1923012
