openssh upgrade pit encountered

 

Reprinted: https://segmentfault.com/a/1190000008890926?utm_source=tag-newest

openssh upgrade to latest version

Recently the company's system is a client side scan device scans vulnerabilities out several vulnerabilities openssh on, probably looked at openssh mainly because the current version is 5.3, the version of the low, thought that was a small problem, I the distribution is centos 6.x, yum latest openssh only 5.3, no way can only be to the official website to find a new rpm package, find the latest is 6.4, then upgraded via yum localinstall, did not expect the next day there are customers reflect openssh vulnerability, not to open 22 to a port. Ignorant force, no way, can only go to the official website to find the latest openssh release, the latest version is 7.5, the installation process encountered a series of pits, not one by one to tell, in order to help you avoid these pits, recorded only special reference.

ssh upgrade steps

installation

cd /root/
mkdir ssh_upgrade && cd ssh_upgrade

Upload install openssh package

rz 安装包

View the current version of openssh

ssh -V

Uninstall the existing openssh

yum remove openssh -y

Install gcc, openssl and zlib

yum install gcc openssl-devel zlib-devel
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install

Ssh service file copy

cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd

Modify the SSHD service files

vim /etc/init.d/sshd
修改以下内容
SSHD=/usr/sbin/sshd 为 SSHD=/usr/local/sbin/sshd
/usr/sbin/ssh-keygen -A 为 /usr/local/bin/ssh-keygen -A 
保存退出

Added system services

chkconfig --add sshd

Check whether the system starts to increase service changes the item

chkconfig --list |grep sshd

sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off 

Allow root users to remotely log in

cp sshd_config /etc/ssh/sshd_config
vim /etc/ssh/sshd_config 修改 PermitRootLogin yes,并去掉注释

Configuration allows remote login as root

This operation is very important! Very important! Very important! The important thing to say three times, because openssh installed by default sshd_config file is not performed, so even if the configuration in the sshd_config to allow root users to remotely log in, but do not add the phrase command, or will not take effect!

vim /etc/init.d/sshd
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
保存退出

Restart

service sshd start

 rpm -ef | grep pam
 1160  cd openssh-7.5p1/
 1161  ll
 1162  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-password --with-privsep-path=var/lib/sshd
 1163  make
 1164  make insatll
 1165  make instatll
 1166  make install
 1167  ll /etc/ssh/ssh_host_rsa_key
 1168  chmod 600 /etc/ssh/ssh_host_rsa_key
 1169  chmod 600 /etc/ssh/ssh_host_ecdsa_key
 1170  chmod 600 /etc/ssh/ssh_host_ed25519_key
 1171  make install
 1172  ssh -V
 1173  install -v -m755 contrib/ssh-copy-id/usr/bin
 1174  install -v -m755 contrib/ssh-copy-id /usr/bin
 1175  install -v-m755 contrib/ssh-copy-id /usr/bin
 1176  install-v-m755 contrib/ssh-copy-id /usr/bin
 1177  systemctl status ssh.service
 1178  systemctl status sshd.service
 1179  cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
 1180  chmod +x /etc/init.d/sshd/
 1181  chkconfig --add sshd
 1182  chkconfig sshd on
 1183  ./configure
 1184  make
 1185  make install
 1186  systemctl status sshd.service
 1187  sudo systemctl start sshd.service
 1188  rpm -qa | grep pam
 1189  cd ..
 1190  ll
 1191  rpm -ivh pam-devel-1.1.8-22.el7.x86_64.rpm --nodeps --force
 1192  history
 1193  ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
 1194  cd ..
 1195  cd package/openssh-7.5p1/
 1196  ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
 1197  ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --with-pam
 1198  make
 1199  make install
 1200  cp -p contrib/redhat/sshd.init/ /etc/init.d/sshd/
 1201  cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
 1202  chmod u+x /etc/init.d/sshd/
 1203  chkconfig --add sshd
 1204  cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd 
 1205  chkconfig --add sshd
 1206  systemctl status sshd.service
 1207  systemctl start sshd.service
 1208  cp /usr/local/openssh/bin/ssh /usr/bin/
 1209  systemctl start sshd.service
 1210  cd /usr/local/openssh/bin/
 1211  ls
 1212  cp ssh-keyscan /usr/bin/ssh-keygen
 1213  systemctl start sshd.service
 1214  vi /etc/init.d/sshd/
 1215  cd /etc/init.d/
 1216  ll
 1217  vi sshd/
 1218  ./sshd/
 1219  ./sshd
 1220  cd sshd/
 1221  ll
 1222  vi sshd.init 
 1223  systemctl start sshd.service
 1224  systemctl start sshd.service Then run
 1225  systemctl enable sshd.service
 1226  chkconfig --list
 1227  chkconfig --add sshd
 1228  chkconfig --list
 1229  rpm -qa | grep ssh
 1230  ssh -v
 1231  ssh -V
 1232  cd /home/package/
 1233  yum install ssh
 1234  cd /root/
 1235  ll
 1236  cat anaconda-ks.cfg 
 1237  cd /etc/init.d/sshd/
 1238  ll
 1239  chkconfig -add sshd
 1240  chkconfig --add sshd
 1241  vi /etc/ssh/sshd_config 
 1242  systemctl start sshd.service
 1243  cd /home/package/
 1244  cd openss
 1245  cd openssh-7.5p1/
 1246  ll
 1247  cd /etc/
 1248  ll
 1249  cd ssd
 1250  cd ssh
 1251  ll
 1252  cd ../ssh.bak/
 1253  ll
 1254  cd /home/package/openssh-7.5p1/
 1255  ll
 1256  cp contrib/redhat/sshd.pam /etc/pam.d/sshd
 1257  cp contrib/redhat/sshd.init /etc/init.d/sshd
 1258  chkconfig sshd on
 1259  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam with-zlib --with-md5-passwords
 1260  make 
 1261  ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
 1262  make 
 1263  make install
 1264  rpm -qa | grp ssh
 1265  rpm -qa | grep ssh
 1266  vi /etc/ssh/ssh_config 
 1267  cp contrib/redhat/sshd.pam /etc/pam.d/sshd 
 1268  cp contrib/redhat/sshd.init /etc/init.d/sshd
 1269  chkconfig sshd on
 1270  vim /etc/ssh/sshd_config 
 1271  ssh -V
 1272  systemctl start sshd.service
 1273  sshd -V
 1274  ssh -V
 1275  systemctl strat sshd.service
 1276  systemctl start sshd.service
 1277  rpm -qa | grep ssh
 1278  screen -ls
 1279  systemctl enable sshd.service
 1280  systemctl start SSHD.service
 1281  systemctl start sshd.service
 1282  rpm -qa | grep pam
 1283  whereis sshd
 1284  systemctl status sshd
 1285  cd /etc/rc.d/init.d/
 1286  ll
 1287  cd sshd/
 1288  ll
 1289  cp sshd.init ../
 1290  systemctl status sshd
 1291  systemctl start sshd
 1292  l
 1293  ll
 1294  cd ..
 1295  ll
 1296  vi sshd.init 
 1297  vi functions 
 1298  cd /etc/sysconfig/init
 1299  vi /etc/sysconfig/init
 1300  vi /etc/ssh/sshd_config
 1301  rpm -qa | grep SSHD
 1302  rpm -qa | grep SSH
 1303  rpm -qa | grep SS
 1304  rpm -qa | grep ssh
 1305  opensssl -V
 1306  openssl -V
 1307  openssl -v
 1308  openssh -v
 1309  ssh -v
 1310  ssh -V
 1311  ps -ef | grep sshd
 1312  whereis sshd
 1313  cd /etc/init.d/
 1314  ll
 1315  cd /etc/rc.d/
 1316  ll
 1317  cd init.d/
 1318  ll
 1319  cd /etc/init.d/
 1320  ll
 1321  cd ..
 1322  ll
 1323  cd ssh.bak/
 1324  ll
 1325  cd ..
 1326  ll
 1327  cd ssh
 1328  ll
 1329  vi /sbin/service sshd_config 
 1330  vi /sbin/service sshd
 1331  service sshd.service start
 1332  /sbin/service sshd.service start
 1333* /sbin/service  start
 1334  rpm -qa | grep openssh
 1335  cd /home/package/openssh-7.5p1/
 1336  ll
 1337  cp -p contrib/redhat/sshd.init /etc/init.d/sshd
 1338  cd /etc/init.d/
 1339  ll
 1340  rm sshd.init 
 1341  cd sshd/
 1342  ll
 1343  cd ..
 1344  ll
 1345  cd ..
 1346  l
 1347  ll
 1348  cd init.d/
 1349  ll
 1350  mv sshd/ sshd_bak
 1351  cd /home/package/openssh-7.5p1/
 1352  l
 1353  ll
 1354  cp -p contrib/redhat/sshd.init /etc/init.d/sshd
 1355  cd /etc/init.d/
 1356  ll
 1357  systemctl start sshd
 1358  ll
 1359  vi sshd
 1360  chkconfig --add sshd
 1361  cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
 1362  service sshd start
 1363  ps -ef | grep sshd
 1364  lsof
 1365  lsof -i:22
 1366  systemctl status sshd
 1367  systemctl stop sshd
 1368  systemctl start sshd
 1369  systemctl status sshd
 1370  systemctl enable sshd
 1371  chkconfig --list
 1372  systemctl status NetworkManager
 1373  systemctl status network
 1374  vi /etc/ssh/ssh_config 
 1375  systemctl restart sshd
 1376  vi /etc/ssh/ssh_config 
 1377  systemctl restart sshd
 1378  lsof -i:22
 1379  ssh 10.23.181.27
 1380  vi ~/.ssh/
 1381  vi ~/.ssh/known_hosts 
 1382  ssh 10.23.181.27
 1383  ssh [email protected]
 1384  vi /etc/ssh/ssh_config 
 1385  cd /root/
 1386  ll
 1387  cd .ssh/
 1388  ll
 1389  rm known_hosts 
 1390  ssh [email protected]
 1391  vim /etc/init.d/sshd
 1392  cat /usr/local/sbin/sshd
 1393  vim /etc/init.d/sshd
 1394  cd /etc/ssh/
 1395  ll
 1396  vi ssh_config 
 1397  vi sshd_config 
 1398  vi ssh_config 
 1399  vi sshd_config 
 1400  systemctl restart sshd
 1401  systemctl daemon-reload
 1402  systemctl restart sshd
 1403  vim /etc/init.d/sshd
 1404  cd /etc/ssh
 1405  ll
 1406  vi /etc/init.d/sshd
 1407  systemctl restart sshd
 1408  systemctl daemon-reload
 1409  systemctl restart sshd
 1410  history