CentOS6.4升级openssh

前端之家收集整理的这篇文章主要介绍了CentOS6.4升级openssh前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

---------------------------------

一、为什么要升级

二、系统环境

三、卸载系统自带openssh-server

四、源码安装openssh

五、配置

---------------------------------

一、为什么要升级

最近收到某项目的安全评估报告,让升级最新的openssh,如下:

wKioL1d0pwHz-n0eAAAcX_1TB9E197.png

二、系统环境

#cat/etc/redhat-release
CentOSrelease6.4(Final)
#uname-r
2.6.32-358.el6.x86_64

三、卸载系统自带openssh-server

1.保留系统自带的openssl无需卸载,直接源码安装最新的openssh。

#opensslversion-a
OpenSSL1.0.0-fips29Mar2010
builton:ThuFeb2123:42:57UTC2013
platform:linux-x86_64
options:bn(64,64)md2(int)rc4(16x,int)des(idx,cisc,16,int)blowfish(idx)
compiler:gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT-m64-DL_EN
DIAN-DTERMIO-Wall-O2-g-pipe-Wall-Wp,-D_FORTIFY_SOURCE=2-fexceptions-fstack-protector--param=ssp-buffer-size=4-m64-mtune=generic-Wa,--noexecstack-DMD32_REG_T=int-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DWHIRLPOOL_ASMOPENSSLDIR:"/etc/pki/tls"
engines:aesnidynamic

2.卸载系统自带的openssh-server

#servicesshdstop
Stoppingsshd:[OK]
#rpm-qa|grepopenss
openssl-1.0.0-27.el6.x86_64
openssh-5.3p1-84.1.el6.x86_64
openssh-server-5.3p1-84.1.el6.x86_64
#rpm-eopenssh-server
#rpm-eopenssh
#mv/etc/ssh/etc/ssh.bak

四、源码安装openssh

1.安装必要的依赖包

#yuminstallgccmakeperlpampam-develzlibzlib-developenssl-devel

2.源码编译安装

#tarzxvfopenssh-7.2p2.tar.gz
#cdopenssh-7.2p2
#./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords//不要更改--prefix目录
#make
#makeinstall
#ssh-V
OpenSSH_7.2p2,OpenSSL1.0.0-fips29Mar2010

五、配置

#cpopenssh-7.2p2/contrib/redhat/sshd.init/etc/init.d/sshd//加入系统服务
#chkconfig--addsshd
#servicesshdstart
#netstat-tupln|grep22
tcp000.0.0.0:220.0.0.0:*LISTEN36385/sshd
tcp00:::22:::*LISTEN36385/sshd
#vi/etc/ssh/sshd_config//允许root远程登录
44PermitRootLoginyes//将prohibit-password替换为yes

ps:报错解决

  1. 编译配置openssh时,如果出现以下错误,安装openssl-devel即可解决

configure:error:***OpenSSLheadersmissing-pleaseinstallfirstorcheckconfig.log***

猜你在找的CentOS相关文章