openssh版本升级修复漏洞
作者:邓聪聪
解决方案是升级高版本,下面是升级的步骤
1;安装telnet工具,因为升级过程中怕失败或者重启ssh失败。我们直接yun安装即可。
同时安装服务端和客户端命令: yum –y install telnet*
接下来,编辑配置文件vi /etc/xinetd.d/telnet
# default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no }
将disable的参数yes修改为no
然后重启telnet服务:service xinetd restart
2;测试通过telnet的方式输入账号密码正常登录
telnet localhost
输入用户名密码登陆成功,便测测成功了!
注意:如果无法telnet登陆的话: mv /etc/securetty /etc/securetty.bak
使用脚本升级ssh
#!/bin/sh mkdir openssh_update cd openssh_update oldversion=`ssh -V 2>&1` echo "开始执行 OpenSSH 版本升级脚本" echo -e "当前OpenSSH版本为: \033[31m $oldversion \033[0m" echo "下载OpenSSH 7.5p1源代码......" { wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz tar -zxf openssh-7.5p1.tar.gz } &>> install.log echo "备份原版OpenSSH......" { mv /etc/ssh/ ./ssh.bak } &>> install.log echo "安装编译所需依赖,耗时较长,请耐心等待......" { yum -y install gcc zlib-devel openssl-devel } &>> install.log echo "配置并编译OpenSSH......" { cd openssh-7.5p1/ ./configure --prefix=/usr --sysconfdir=/etc/ssh make } &>> install.log echo "卸载旧版OpenSSH......" { rpm -e --nodeps `rpm -qa | grep openssh` } &>> install.log echo "开始安装......" { make install chmod 0600 /etc/ssh/ssh_host_rsa_key chmod 0600 /etc/ssh/ssh_host_ecdsa_key chmod 0600 /etc/ssh/ssh_host_ed25519_key make install } &>> install.log newversion=`ssh -V 2>&1` echo "开始执行 OpenSSH 版本升级脚本" echo -e "安装完成,当前SSH版本为: \033[32m $newversion \033[0m" echo "配置权限及启动项......" { cp contrib/redhat/sshd.init /etc/init.d/sshd chkconfig --add sshd sed -i '/#PermitRootLogin prohibit-password/c'"PermitRootLogin yes" /etc/ssh/sshd_config } &>> install.log echo "重启SSH服务......" service sshd restart echo "升级完成"
3;通过其他机子telnet登录,启动ssh服务,至此ssh升级完成