转载:https://segmentfault.com/a/1190000008890926?utm_source=tag-newest
openssh upgrade to latest version
最近公司的系统被客户那边的一套扫描漏洞的设备扫出了关于 openssh 的几个漏洞,大概看了一下主要是因为 openssh 当前版本为 5.3,版本低了,本来觉得是个小问题,我自己的 distribution 是 centos 6.x, yum 最新的 openssh 也只是 5.3,没办法只能到 rpm 官网找新的包,找到最新的是 6.4,然后通过 yum localinstall 升级了,没想到第二天客户反映还存在 openssh 漏洞,要一个没有才能对外开放 22 端口。 懵逼,没办法,只能去openssh 官网找最新的 release,最新版本是 7.5,安装过程中遇到了一系列的坑,就不一一述说了,为了帮助大家避免这些坑,特记录下来仅供参考。
ssh 升级步骤
安装
cd /root/
mkdir ssh_upgrade && cd ssh_upgrade
上传openssh安装包
rz 安装包
查看当前openssh版本
ssh -V
卸载原有openssh
yum remove openssh -y
安装 gcc、openssl和zlib
yum install gcc openssl-devel zlib-devel
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install
拷贝ssh服务文件
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
修改SSHD服务文件
vim /etc/init.d/sshd
修改以下内容
SSHD=/usr/sbin/sshd 为 SSHD=/usr/local/sbin/sshd
/usr/sbin/ssh-keygen -A 为 /usr/local/bin/ssh-keygen -A
保存退出
加入系统服务
chkconfig --add sshd
查看系统启动服务是否增加改项
chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
允许root用户远程登录
cp sshd_config /etc/ssh/sshd_config
vim /etc/ssh/sshd_config 修改 PermitRootLogin yes,并去掉注释
配置允许root用户远程登录
这一操作很重要!很重要!很重要!重要的事情说三遍,因为openssh安装好默认是不执行sshd_config文件的,所以即使在sshd_config中配置允许root用户远程登录,但是不加上这句命令,还是不会生效!
vim /etc/init.d/sshd
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
保存退出
重启
service sshd start
rpm -ef | grep pam
1160 cd openssh-7.5p1/
1161 ll
1162 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-password --with-privsep-path=var/lib/sshd
1163 make
1164 make insatll
1165 make instatll
1166 make install
1167 ll /etc/ssh/ssh_host_rsa_key
1168 chmod 600 /etc/ssh/ssh_host_rsa_key
1169 chmod 600 /etc/ssh/ssh_host_ecdsa_key
1170 chmod 600 /etc/ssh/ssh_host_ed25519_key
1171 make install
1172 ssh -V
1173 install -v -m755 contrib/ssh-copy-id/usr/bin
1174 install -v -m755 contrib/ssh-copy-id /usr/bin
1175 install -v-m755 contrib/ssh-copy-id /usr/bin
1176 install-v-m755 contrib/ssh-copy-id /usr/bin
1177 systemctl status ssh.service
1178 systemctl status sshd.service
1179 cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
1180 chmod +x /etc/init.d/sshd/
1181 chkconfig --add sshd
1182 chkconfig sshd on
1183 ./configure
1184 make
1185 make install
1186 systemctl status sshd.service
1187 sudo systemctl start sshd.service
1188 rpm -qa | grep pam
1189 cd ..
1190 ll
1191 rpm -ivh pam-devel-1.1.8-22.el7.x86_64.rpm --nodeps --force
1192 history
1193 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
1194 cd ..
1195 cd package/openssh-7.5p1/
1196 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
1197 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --with-pam
1198 make
1199 make install
1200 cp -p contrib/redhat/sshd.init/ /etc/init.d/sshd/
1201 cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
1202 chmod u+x /etc/init.d/sshd/
1203 chkconfig --add sshd
1204 cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
1205 chkconfig --add sshd
1206 systemctl status sshd.service
1207 systemctl start sshd.service
1208 cp /usr/local/openssh/bin/ssh /usr/bin/
1209 systemctl start sshd.service
1210 cd /usr/local/openssh/bin/
1211 ls
1212 cp ssh-keyscan /usr/bin/ssh-keygen
1213 systemctl start sshd.service
1214 vi /etc/init.d/sshd/
1215 cd /etc/init.d/
1216 ll
1217 vi sshd/
1218 ./sshd/
1219 ./sshd
1220 cd sshd/
1221 ll
1222 vi sshd.init
1223 systemctl start sshd.service
1224 systemctl start sshd.service Then run
1225 systemctl enable sshd.service
1226 chkconfig --list
1227 chkconfig --add sshd
1228 chkconfig --list
1229 rpm -qa | grep ssh
1230 ssh -v
1231 ssh -V
1232 cd /home/package/
1233 yum install ssh
1234 cd /root/
1235 ll
1236 cat anaconda-ks.cfg
1237 cd /etc/init.d/sshd/
1238 ll
1239 chkconfig -add sshd
1240 chkconfig --add sshd
1241 vi /etc/ssh/sshd_config
1242 systemctl start sshd.service
1243 cd /home/package/
1244 cd openss
1245 cd openssh-7.5p1/
1246 ll
1247 cd /etc/
1248 ll
1249 cd ssd
1250 cd ssh
1251 ll
1252 cd ../ssh.bak/
1253 ll
1254 cd /home/package/openssh-7.5p1/
1255 ll
1256 cp contrib/redhat/sshd.pam /etc/pam.d/sshd
1257 cp contrib/redhat/sshd.init /etc/init.d/sshd
1258 chkconfig sshd on
1259 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam with-zlib --with-md5-passwords
1260 make
1261 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
1262 make
1263 make install
1264 rpm -qa | grp ssh
1265 rpm -qa | grep ssh
1266 vi /etc/ssh/ssh_config
1267 cp contrib/redhat/sshd.pam /etc/pam.d/sshd
1268 cp contrib/redhat/sshd.init /etc/init.d/sshd
1269 chkconfig sshd on
1270 vim /etc/ssh/sshd_config
1271 ssh -V
1272 systemctl start sshd.service
1273 sshd -V
1274 ssh -V
1275 systemctl strat sshd.service
1276 systemctl start sshd.service
1277 rpm -qa | grep ssh
1278 screen -ls
1279 systemctl enable sshd.service
1280 systemctl start SSHD.service
1281 systemctl start sshd.service
1282 rpm -qa | grep pam
1283 whereis sshd
1284 systemctl status sshd
1285 cd /etc/rc.d/init.d/
1286 ll
1287 cd sshd/
1288 ll
1289 cp sshd.init ../
1290 systemctl status sshd
1291 systemctl start sshd
1292 l
1293 ll
1294 cd ..
1295 ll
1296 vi sshd.init
1297 vi functions
1298 cd /etc/sysconfig/init
1299 vi /etc/sysconfig/init
1300 vi /etc/ssh/sshd_config
1301 rpm -qa | grep SSHD
1302 rpm -qa | grep SSH
1303 rpm -qa | grep SS
1304 rpm -qa | grep ssh
1305 opensssl -V
1306 openssl -V
1307 openssl -v
1308 openssh -v
1309 ssh -v
1310 ssh -V
1311 ps -ef | grep sshd
1312 whereis sshd
1313 cd /etc/init.d/
1314 ll
1315 cd /etc/rc.d/
1316 ll
1317 cd init.d/
1318 ll
1319 cd /etc/init.d/
1320 ll
1321 cd ..
1322 ll
1323 cd ssh.bak/
1324 ll
1325 cd ..
1326 ll
1327 cd ssh
1328 ll
1329 vi /sbin/service sshd_config
1330 vi /sbin/service sshd
1331 service sshd.service start
1332 /sbin/service sshd.service start
1333* /sbin/service start
1334 rpm -qa | grep openssh
1335 cd /home/package/openssh-7.5p1/
1336 ll
1337 cp -p contrib/redhat/sshd.init /etc/init.d/sshd
1338 cd /etc/init.d/
1339 ll
1340 rm sshd.init
1341 cd sshd/
1342 ll
1343 cd ..
1344 ll
1345 cd ..
1346 l
1347 ll
1348 cd init.d/
1349 ll
1350 mv sshd/ sshd_bak
1351 cd /home/package/openssh-7.5p1/
1352 l
1353 ll
1354 cp -p contrib/redhat/sshd.init /etc/init.d/sshd
1355 cd /etc/init.d/
1356 ll
1357 systemctl start sshd
1358 ll
1359 vi sshd
1360 chkconfig --add sshd
1361 cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
1362 service sshd start
1363 ps -ef | grep sshd
1364 lsof
1365 lsof -i:22
1366 systemctl status sshd
1367 systemctl stop sshd
1368 systemctl start sshd
1369 systemctl status sshd
1370 systemctl enable sshd
1371 chkconfig --list
1372 systemctl status NetworkManager
1373 systemctl status network
1374 vi /etc/ssh/ssh_config
1375 systemctl restart sshd
1376 vi /etc/ssh/ssh_config
1377 systemctl restart sshd
1378 lsof -i:22
1379 ssh 10.23.181.27
1380 vi ~/.ssh/
1381 vi ~/.ssh/known_hosts
1382 ssh 10.23.181.27
1383 ssh [email protected]
1384 vi /etc/ssh/ssh_config
1385 cd /root/
1386 ll
1387 cd .ssh/
1388 ll
1389 rm known_hosts
1390 ssh [email protected]
1391 vim /etc/init.d/sshd
1392 cat /usr/local/sbin/sshd
1393 vim /etc/init.d/sshd
1394 cd /etc/ssh/
1395 ll
1396 vi ssh_config
1397 vi sshd_config
1398 vi ssh_config
1399 vi sshd_config
1400 systemctl restart sshd
1401 systemctl daemon-reload
1402 systemctl restart sshd
1403 vim /etc/init.d/sshd
1404 cd /etc/ssh
1405 ll
1406 vi /etc/init.d/sshd
1407 systemctl restart sshd
1408 systemctl daemon-reload
1409 systemctl restart sshd
1410 history