Reprinted: https://segmentfault.com/a/1190000008890926?utm_source=tag-newest
openssh upgrade to latest version
Recently the company's system is a client side scan device scans vulnerabilities out several vulnerabilities openssh on, probably looked at openssh mainly because the current version is 5.3, the version of the low, thought that was a small problem, I the distribution is centos 6.x, yum latest openssh only 5.3, no way can only be to the official website to find a new rpm package, find the latest is 6.4, then upgraded via yum localinstall, did not expect the next day there are customers reflect openssh vulnerability, not to open 22 to a port. Ignorant force, no way, can only go to the official website to find the latest openssh release, the latest version is 7.5, the installation process encountered a series of pits, not one by one to tell, in order to help you avoid these pits, recorded only special reference.
ssh upgrade steps
installation
cd /root/
mkdir ssh_upgrade && cd ssh_upgrade
Upload install openssh package
rz 安装包
View the current version of openssh
ssh -V
Uninstall the existing openssh
yum remove openssh -y
Install gcc, openssl and zlib
yum install gcc openssl-devel zlib-devel
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install
Ssh service file copy
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
Modify the SSHD service files
vim /etc/init.d/sshd
修改以下内容
SSHD=/usr/sbin/sshd 为 SSHD=/usr/local/sbin/sshd
/usr/sbin/ssh-keygen -A 为 /usr/local/bin/ssh-keygen -A
保存退出
Added system services
chkconfig --add sshd
Check whether the system starts to increase service changes the item
chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Allow root users to remotely log in
cp sshd_config /etc/ssh/sshd_config
vim /etc/ssh/sshd_config 修改 PermitRootLogin yes,并去掉注释
Configuration allows remote login as root
This operation is very important! Very important! Very important! The important thing to say three times, because openssh installed by default sshd_config file is not performed, so even if the configuration in the sshd_config to allow root users to remotely log in, but do not add the phrase command, or will not take effect!
vim /etc/init.d/sshd
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
保存退出
Restart
service sshd start
rpm -ef | grep pam
1160 cd openssh-7.5p1/
1161 ll
1162 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-password --with-privsep-path=var/lib/sshd
1163 make
1164 make insatll
1165 make instatll
1166 make install
1167 ll /etc/ssh/ssh_host_rsa_key
1168 chmod 600 /etc/ssh/ssh_host_rsa_key
1169 chmod 600 /etc/ssh/ssh_host_ecdsa_key
1170 chmod 600 /etc/ssh/ssh_host_ed25519_key
1171 make install
1172 ssh -V
1173 install -v -m755 contrib/ssh-copy-id/usr/bin
1174 install -v -m755 contrib/ssh-copy-id /usr/bin
1175 install -v-m755 contrib/ssh-copy-id /usr/bin
1176 install-v-m755 contrib/ssh-copy-id /usr/bin
1177 systemctl status ssh.service
1178 systemctl status sshd.service
1179 cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
1180 chmod +x /etc/init.d/sshd/
1181 chkconfig --add sshd
1182 chkconfig sshd on
1183 ./configure
1184 make
1185 make install
1186 systemctl status sshd.service
1187 sudo systemctl start sshd.service
1188 rpm -qa | grep pam
1189 cd ..
1190 ll
1191 rpm -ivh pam-devel-1.1.8-22.el7.x86_64.rpm --nodeps --force
1192 history
1193 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
1194 cd ..
1195 cd package/openssh-7.5p1/
1196 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --wuth-pam
1197 ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-md5-password --mandir=/usr/share/man --with-pam
1198 make
1199 make install
1200 cp -p contrib/redhat/sshd.init/ /etc/init.d/sshd/
1201 cp -p contrib/redhat/sshd.init /etc/init.d/sshd/
1202 chmod u+x /etc/init.d/sshd/
1203 chkconfig --add sshd
1204 cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
1205 chkconfig --add sshd
1206 systemctl status sshd.service
1207 systemctl start sshd.service
1208 cp /usr/local/openssh/bin/ssh /usr/bin/
1209 systemctl start sshd.service
1210 cd /usr/local/openssh/bin/
1211 ls
1212 cp ssh-keyscan /usr/bin/ssh-keygen
1213 systemctl start sshd.service
1214 vi /etc/init.d/sshd/
1215 cd /etc/init.d/
1216 ll
1217 vi sshd/
1218 ./sshd/
1219 ./sshd
1220 cd sshd/
1221 ll
1222 vi sshd.init
1223 systemctl start sshd.service
1224 systemctl start sshd.service Then run
1225 systemctl enable sshd.service
1226 chkconfig --list
1227 chkconfig --add sshd
1228 chkconfig --list
1229 rpm -qa | grep ssh
1230 ssh -v
1231 ssh -V
1232 cd /home/package/
1233 yum install ssh
1234 cd /root/
1235 ll
1236 cat anaconda-ks.cfg
1237 cd /etc/init.d/sshd/
1238 ll
1239 chkconfig -add sshd
1240 chkconfig --add sshd
1241 vi /etc/ssh/sshd_config
1242 systemctl start sshd.service
1243 cd /home/package/
1244 cd openss
1245 cd openssh-7.5p1/
1246 ll
1247 cd /etc/
1248 ll
1249 cd ssd
1250 cd ssh
1251 ll
1252 cd ../ssh.bak/
1253 ll
1254 cd /home/package/openssh-7.5p1/
1255 ll
1256 cp contrib/redhat/sshd.pam /etc/pam.d/sshd
1257 cp contrib/redhat/sshd.init /etc/init.d/sshd
1258 chkconfig sshd on
1259 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam with-zlib --with-md5-passwords
1260 make
1261 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
1262 make
1263 make install
1264 rpm -qa | grp ssh
1265 rpm -qa | grep ssh
1266 vi /etc/ssh/ssh_config
1267 cp contrib/redhat/sshd.pam /etc/pam.d/sshd
1268 cp contrib/redhat/sshd.init /etc/init.d/sshd
1269 chkconfig sshd on
1270 vim /etc/ssh/sshd_config
1271 ssh -V
1272 systemctl start sshd.service
1273 sshd -V
1274 ssh -V
1275 systemctl strat sshd.service
1276 systemctl start sshd.service
1277 rpm -qa | grep ssh
1278 screen -ls
1279 systemctl enable sshd.service
1280 systemctl start SSHD.service
1281 systemctl start sshd.service
1282 rpm -qa | grep pam
1283 whereis sshd
1284 systemctl status sshd
1285 cd /etc/rc.d/init.d/
1286 ll
1287 cd sshd/
1288 ll
1289 cp sshd.init ../
1290 systemctl status sshd
1291 systemctl start sshd
1292 l
1293 ll
1294 cd ..
1295 ll
1296 vi sshd.init
1297 vi functions
1298 cd /etc/sysconfig/init
1299 vi /etc/sysconfig/init
1300 vi /etc/ssh/sshd_config
1301 rpm -qa | grep SSHD
1302 rpm -qa | grep SSH
1303 rpm -qa | grep SS
1304 rpm -qa | grep ssh
1305 opensssl -V
1306 openssl -V
1307 openssl -v
1308 openssh -v
1309 ssh -v
1310 ssh -V
1311 ps -ef | grep sshd
1312 whereis sshd
1313 cd /etc/init.d/
1314 ll
1315 cd /etc/rc.d/
1316 ll
1317 cd init.d/
1318 ll
1319 cd /etc/init.d/
1320 ll
1321 cd ..
1322 ll
1323 cd ssh.bak/
1324 ll
1325 cd ..
1326 ll
1327 cd ssh
1328 ll
1329 vi /sbin/service sshd_config
1330 vi /sbin/service sshd
1331 service sshd.service start
1332 /sbin/service sshd.service start
1333* /sbin/service start
1334 rpm -qa | grep openssh
1335 cd /home/package/openssh-7.5p1/
1336 ll
1337 cp -p contrib/redhat/sshd.init /etc/init.d/sshd
1338 cd /etc/init.d/
1339 ll
1340 rm sshd.init
1341 cd sshd/
1342 ll
1343 cd ..
1344 ll
1345 cd ..
1346 l
1347 ll
1348 cd init.d/
1349 ll
1350 mv sshd/ sshd_bak
1351 cd /home/package/openssh-7.5p1/
1352 l
1353 ll
1354 cp -p contrib/redhat/sshd.init /etc/init.d/sshd
1355 cd /etc/init.d/
1356 ll
1357 systemctl start sshd
1358 ll
1359 vi sshd
1360 chkconfig --add sshd
1361 cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
1362 service sshd start
1363 ps -ef | grep sshd
1364 lsof
1365 lsof -i:22
1366 systemctl status sshd
1367 systemctl stop sshd
1368 systemctl start sshd
1369 systemctl status sshd
1370 systemctl enable sshd
1371 chkconfig --list
1372 systemctl status NetworkManager
1373 systemctl status network
1374 vi /etc/ssh/ssh_config
1375 systemctl restart sshd
1376 vi /etc/ssh/ssh_config
1377 systemctl restart sshd
1378 lsof -i:22
1379 ssh 10.23.181.27
1380 vi ~/.ssh/
1381 vi ~/.ssh/known_hosts
1382 ssh 10.23.181.27
1383 ssh [email protected]
1384 vi /etc/ssh/ssh_config
1385 cd /root/
1386 ll
1387 cd .ssh/
1388 ll
1389 rm known_hosts
1390 ssh [email protected]
1391 vim /etc/init.d/sshd
1392 cat /usr/local/sbin/sshd
1393 vim /etc/init.d/sshd
1394 cd /etc/ssh/
1395 ll
1396 vi ssh_config
1397 vi sshd_config
1398 vi ssh_config
1399 vi sshd_config
1400 systemctl restart sshd
1401 systemctl daemon-reload
1402 systemctl restart sshd
1403 vim /etc/init.d/sshd
1404 cd /etc/ssh
1405 ll
1406 vi /etc/init.d/sshd
1407 systemctl restart sshd
1408 systemctl daemon-reload
1409 systemctl restart sshd
1410 history