Linux

漏洞修复 openssh 升级

2021-11-11  本文已影响0人  su酥饼
tar包地址 https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

centos7.2 以上升级openssh会出现版本不兼容, 具体访问该连接
https://blog.csdn.net/m0_37814112/article/details/116528466
[root@localhost ~]# cd /usr/lib/systemd/system 
[root@localhost system]# mv sshd.service sshd.service.bak  
[root@localhost system]# systemctl daemon-reload 
# 重启前执行
1、sshd -t 检查下配置有没有问题
2、/var/log/message里sshd有没有继续报错

# 以上正常后重启
systemctl restart sshd
centos 7.2 以下版本升级openssh 8.5适用d
====================================================================================
###yum install gcc  openssl-devel zlib-devel -y
#查看ssh 服务端口
netstat -lntup|grep sshd
mkdir /openssh
rz 
tar -zxvf openssh-8.5p1.tar.gz
chown -R root:root ./openssh-8.5p1

mkdir /tmp/ssh
mv /etc/ssh/* /tmp/ssh/

cd openssh-8.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl
make && make install
###rpm -e --nodeps `rpm -qa | grep openssh`q
ssh -V
ll /etc/init.d/sshd
mv /etc/init.d/sshd /tmp/ssh/

cp contrib/redhat/sshd.init /etc/init.d/sshd

#Centos6 chkconfig --add sshd
#       chkconfig --list sshd
#Centos7 systemctl enable sshd
#       systemctl list-unit-files sshd
#service sshd start



#####cat /etc/ssh/sshd_config  |grep "#Port" |wc -l
#####sed -i '/#Port 22/s/#Port 22/Port 2222/g'  /etc/ssh/sshd_config
#####sed -i '/ssh             22\/tcp/s/ssh             22\/tcp/ssh             2222\/tcp/g'  /etc/services
#####sed -i '/ssh             22\/udp/s/ssh             22\/udp/ssh             2222\/udp/g'  /etc/services
#刚才查出的端口 替换成 2222
#sed -i 's/#Port 22/Port 2222/g'  /etc/ssh/sshd_config
#sed -i 's/ssh             22\/tcp/ssh             2222\/tcp/g'  /etc/services
#sed -i 's/ssh             22\/udp/ssh             2222\/udp/g'  /etc/services

sed -i '$a\Ciphers aes128-ctr,aes192-ctr,aes256-ctr' /etc/ssh/sshd_config
sed -i '$a\PermitRootLogin yes' /etc/ssh/sshd_config
sed -i '$a\UseDNS no'  /etc/ssh/sshd_config
sed -i '$a\KexAlgorithms +diffie-hellman-group1-sha1'  /etc/ssh/sshd_config
或 vim  /etc/ssh/sshd_config 在最后加上这四行
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
PermitRootLogin yes
UseDNS no
KexAlgorithms +diffie-hellman-group1-sha1
#
service sshd restart
ssh -V
#
缺少插件
yum install -y gcc gcc-c++
yum -y install zlib zlib-devel 
yum install -y openssl-devel
#
在登录平台 vim /root/.ssh/known_hosts
删除新升级的服务器信息
上一篇下一篇

猜你喜欢

热点阅读