碼上快樂

相關內容    簡體    繁體

openssh升級到8.8

本文轉載自   查看原文   2021-12-10 14:04   1800 

可能需要yum環境

第一步:更新openssl第一種方式
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz --no-check-certificate
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
tar -zxvf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l/
./config --prefix=/usr/local/openssl
make
make install
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v
openssl version

更新openssl第二種方式

下載源碼包,上傳到服務器解壓

cd openssl-1.1.0k
./config shared zlib
make && make install

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
find / -name openssl
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
echo "/usr/local/lib64/" >> /etc/ld.so.conf
ldconfig
openssl version -a

 

第二步:安裝openssh

yum install -y pam* zlib* openssl-devel
chmod 600 /etc/ssh/* #權限要改為600,否則會報警
wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz --no-check-certificate

cp /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
mv /etc/ssh /etc/ssh.bak
tar -zxvf openssh-8.8p1.tar.gz
cd openssh-8.8p1.tar.gz

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam
make && make install

# 修改啟動文件和pam
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak


#編輯/etc/pam.d/sshd文件,刪除原有,添加以下
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare


#編輯/etc/ssh/sshd_config,最下方添加PermitRootLogin yes PermitRootLogin yes

systemctl daemon-reload
systemctl restart sshd
systemctl status sshd


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Centos7升級到OpenSSH_8.8p1、OpenSSL 1.1.1l版本 升級OpenSSH版本(8.8版本) openssh升級到8.x版本 將Openssh升級到8.0版本 openssh 升級到8.2版本 (Linux 7) OpenSSH權限提升漏洞(CVE-2021-41617)修復 Centos 7升級Openssh 8.8 OpenSSH權限提升漏洞(CVE-2021-41617)-升級OpenSSH至最新8.8p1 CentOS7.9升級OpenSSH7.4到OpenSSL-8.8p1總結 ubuntu14中把openssh升級到7.5 Centos7.9 升級openssl(1.1.1m) 和openssh(8.8.sp1) 備忘(內容來源於互聯網)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM