拉新网 - 挖掘漏洞 - 线报平台

小天天

Moderator

注册时间： 2019-09-29

帖子： 891

centos7升级到OpenSSH_8.5p1, OpenSSL 1.1.1j

openssl version -a
ssh -V
分别查看确认当期版本

准备最新软件：
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/ … 5p1.tar.gz
wget https://ftp.openssl.org/source/openssl-1.1.1j.tar.gz

更新最新环境
yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam* zlib*

1）openssl升级
tar zxvf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j/
./config shared zlib
make && make install

备份，替换老的openssl
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old

ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl

echo “/usr/local/lib64/” >> /etc/ld.so.conf
ldconfig

检查确认
openssl version -a

2）openssh升级

首先开启telnet服务用作应急

yum install xinetd.x86_64 telnet-server.x86_64
systemctl enable xinetd
systemctl start xinetd.service
systemctl start telnet.socket

cd openssh-8.5p1/
./configure   --prefix=/usr   --sysconfdir=/etc/ssh   --with-md5-passwords   --with-pam    --with-privsep-path=/var/lib/sshd  --with-ssl-dir=/usr/local/lib64   --without-hardening
make && make install

cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
cp ssh_config /etc/ssh/
cp sshd_config /etc/ssh
chmod +x /etc/init.d/sshd
systemctl enable sshd
/etc/init.d/sshd restart

ssh -V确认
重启登录确认