漏洞:https://www.cvedetails.com/cve/CVE-2021-36368/
1.安裝依賴軟件包
yum install wget gcc -y
yum install -y zlib-devel openssl-devel
yum install pam-devel libselinux-devel zlib-devel openssl-devel -y
2.用wget直接下載或自行下載安裝包OpenSSH8.6上傳至服務器,此次使用wget下載
其他版本下載可以訪問https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
3.刪除低版本OpenSSH的的rpm包
rpm -e --nodeps `rpm -qa | grep openssh`
4.安裝openssh
(1)解壓,並進入目錄
tar -zxvf openssh-8.9p1.tar.gz
cd openssh-8.9p1
(2)執行配置命令
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
(3)編譯、安裝
make
make install
(4)授權
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
(5)復制配置文件並設置允許root用戶遠程登錄
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod u+x /etc/init.d/sshd
vim /etc/ssh/sshd_config
5.修改#PermitRootLogin prohibit-password項,去掉注釋#並把prohibit-password改為yes,修改后即為PermitRootLogin yes
6.去掉注釋#PasswordAuthentication yes變為PasswordAuthentication yes
7.添加添加自啟服務ssh到開機啟動項
chkconfig --add sshd
chkconfig sshd on
8.重啟服務
systemctl restart sshd
9.查看下安裝結果
ssh -V
版本結果為:
10.檢查可用性
ssh user@hostname
