centos7 openssh 加固升级

下载最新版本的openssh文件

 

yum install -y openssl-devel pam-devel

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-ssl-dir=/usr/local/ssl --without-hardening

 

chmod 600 /etc/ssh/ssh_*key*

sed -i -e 's/GSSAPIAuthentication/#GSSAPIAuthentication/g' /etc/ssh/sshd_config
sed -i -e 's/GSSAPIAuthentication/#GSSAPIAuthentication/g' /etc/ssh/ssh_config
sed -i -e 's/GSSAPICleanupCredentials/#GSSAPICleanupCredentials/g' /etc/ssh/sshd_config
sed -i -e 's/UsePrivilegeSeparation/#UsePrivilegeSeparation/g' /etc/ssh/sshd_config
sed -i -e 's/#PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config

make && make install

service sshd restart

chkconfig sshd on

 ssh -V