openssh 升级背景
由于第 ××× 司检测到服务 Openssh 有高危漏洞, 需要对 Openssh 进行升级
1. 编译安装
- tar -zxf openssh-7.4p1.tar.gz
- cd openssh-7.4p1
- ./configure --prefix=/usr/local/openssh7.4/ --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd
- make && make install
- ln -s /usr/local/openssh7.4//usr/local/openssh
2. 将原 sshd 启动文件重命名
mv /etc/init.d/sshd /etc/init.d/sshdold
3. 上传新的脚本管理文件
cp contrib/redhat/sshd.init /etc/init.d/sshd
sshd 文件内容修改成如下
- # config: /usr/local/openssh/etc/ssh/ssh_host_key
- # config: /usr/local/openssh/etc/ssh/ssh_host_key.pub
- # config: /usr/local/openssh/etc/ssh/ssh_random_seed
- # config: /usr/local/openssh/etc/ssh/sshd_config
- SSHD=/usr/local/openssh/sbin/sshd
- /usr/local/openssh/bin/ssh-keygen -A
- /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_key.pub
- /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_rsa_key.pub
- /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_dsa_key.pub
- /sbin/restorecon /usr/local/openssh/etc/ssh/ssh_host_ecdsa_key.pub
修改执行权限
chmod 755 /etc/init.d/sshd
4. 修改 PATH 变量
- .bash_profile
- PATH=$PATH:/usr/local/openssh/sbin/:/usr/local/openssh/sbin/
5. 修改配置文件
/usr/local/openssh/etc/sshd_config 中添加
PermitRootLogin yes
6. 重启程序
此步关键不能出错, 否则将失去对服务器的连接 (本身是通过 ssh 连接的)
/etc/init.d/sshdold stop; /etc/init.d/sshd start
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
7. 验证
- [root@server08 ~]# ps -ef|grep sshd
- root 24732 1 0 15:39 ?00:00:00 sshd: root@pts/1
- root 33242 1 0 15:58 ?00:00:00 sshd: root@pts/2
- root 33433 1 0 16:05 ?00:00:00 /usr/local/openssh/sbin/sshd
- root 33436 24734 0 16:05 pts/100:00:00 grep sshd
8. 将原系统自带的 openssh 包删除
来源: http://www.bubuko.com/infodetail-2614592.html