---------------------------------
一、为什么要升级
二、系统环境
三、卸载系统自带openssh-server
四、源码安装openssh
五、配置
---------------------------------
一、为什么要升级
最近收到某项目的安全评估报告,让升级最新的openssh,如下:
二、系统环境
@H_403_23@#cat/etc/redhat-release CentOSrelease6.4(Final) #uname-r 2.6.32-358.el6.x86_64三、卸载系统自带openssh-server
1.保留系统自带的openssl无需卸载,直接源码安装最新的openssh。
@H_403_23@#opensslversion-a OpenSSL1.0.0-fips29Mar2010 builton:ThuFeb2123:42:57UTC2013 platform:linux-x86_64 options:bn(64,64)md2(int)rc4(16x,int)des(idx,cisc,16,int)blowfish(idx) compiler:gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT-m64-DL_EN DIAN-DTERMIO-Wall-O2-g-pipe-Wall-Wp,-D_FORTIFY_SOURCE=2-fexceptions-fstack-protector--param=ssp-buffer-size=4-m64-mtune=generic-Wa,--noexecstack-DMD32_REG_T=int-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DWHIRLPOOL_ASMOPENSSLDIR:"/etc/pki/tls" engines:aesnidynamic2.卸载系统自带的openssh-server
@H_403_23@#servicesshdstop Stoppingsshd:[OK] #rpm-qa|grepopenss openssl-1.0.0-27.el6.x86_64 openssh-5.3p1-84.1.el6.x86_64 openssh-server-5.3p1-84.1.el6.x86_64 #rpm-eopenssh-server #rpm-eopenssh #mv/etc/ssh/etc/ssh.bak四、源码安装openssh
1.安装必要的依赖包
@H_403_23@#yuminstallgccmakeperlpampam-develzlibzlib-developenssl-devel2.源码编译安装
@H_403_23@#tarzxvfopenssh-7.2p2.tar.gz #cdopenssh-7.2p2 #./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords//不要更改--prefix目录 #make #makeinstall #ssh-V OpenSSH_7.2p2,OpenSSL1.0.0-fips29Mar2010五、配置
@H_403_23@#cpopenssh-7.2p2/contrib/redhat/sshd.init/etc/init.d/sshd//加入系统服务 #chkconfig--addsshd #servicesshdstart #netstat-tupln|grep22 tcp000.0.0.0:220.0.0.0:*LISTEN36385/sshd tcp00:::22:::*LISTEN36385/sshd #vi/etc/ssh/sshd_config//允许root远程登录 44PermitRootLoginyes//将prohibit-password替换为yesps:报错解决
@H_403_23@configure:error:***OpenSSLheadersmissing-pleaseinstallfirstorcheckconfig.log*** 原文链接:https://www.f2er.com/centos/381784.html