客户找了第三方公司检测网站漏洞, 安全报告显示OpenSSH版本过低
当前版本openssh7.4, 需要升级到8.1, 在网上找了好多资料, 下面的操作方法可用
只摘录了命令部分, 亲测可用, 实际服务器系统可能有差异
请注意 升级openssh之后可能对线上的ulimit -n 造成影响,小伙伴们要注意。
cd /opt ssh -V openssl version yum update openssh -y #yum install xinetd telnet-server -y yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel yum install -y pam* zlib* wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz wget -c https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz tar xfz openssh-8.1p1.tar.gz tar xfz openssl-1.0.2r.tar.gz mv /usr/bin/openssl /usr/bin/openssl_bak mv /usr/include/openssl /usr/include/openssl_bak cd /opt/openssl-1.0.2r ./config shared && make && make install echo $? ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl ln -s /usr/local/ssl/include/openssl /usr/include/openssl echo "/usr/local/ssl/lib" >> /etc/ld.so.conf /sbin/ldconfig openssl version cd /opt/openssh-8.1p1 chown -R root.root /opt/openssh-8.1p1 cp -r /etc/ssh /tmp/ rm -rf /etc/ssh ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install echo $? cat > /etc/ssh/sshd_config <<EOF PermitRootLogin yes AuthorizedKeysFile .ssh/authorized_keys UseDNS no Subsystem sftp /usr/libexec/sftp-server EOF grep "^PermitRootLogin" /etc/ssh/sshd_config cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$' cp -a contrib/redhat/sshd.init /etc/init.d/sshd cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam chmod +x /etc/init.d/sshd chkconfig --add sshd systemctl enable sshd mv /usr/lib/systemd/system/sshd.service /opt/ mv /usr/lib/systemd/system/sshd.socket /opt/ chkconfig sshd on service sshd restart openssl version ssh -V
转自https://blog.csdn.net/xujiamin0022016/article/details/102656119
还没有评论,来说两句吧...