openssh漏洞修复之升级openssh与openssl

下载Openssh和Openssl
wget ftp://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/
wget https://www.openssl.org/source/openssl-1.1.1h.tar.gz

安装Openssl
tar -zxf openssl-1.1.1h.tar.gz
cd openssl-1.1.1h
./config --prefix=/usr/local/openssl-1.1.1 -d shared
make install
echo "/usr/local/openssl-1.1.1/lib" >> /etc/ld.so.conf 
ldconfig

cp /usr/local/openssl-1.1.1/lib/libcrypto.so.1.1  /usr/lib64
cp /usr/local/openssl-1.1.1/lib/libssl.so.1.1  /usr/lib64/
cp /usr/local/openssl-1.1.1/bin/openssl  /usr/bin/
openssl  version

按照openssh
mv /etc/ssh/ /opt/
tar -xvf openssh-9.3p2.tar.gz
./configure --prefix=/usr/local/openssh-9.3p2 --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl-1.1.1/ --with-zlib
 make install

mv /usr/bin/ssh* /opt/
ll /opt/
ll /usr/bin/ssh 
mv /usr/bin/ssh  /opt/ssh-bak
cp /usr/local/openssh-9.3p2/bin/* /usr/bin/
mv /usr/sbin/sshd /opt/
cp /usr/local/openssh-9.3p2/sbin/sshd  /usr/sbin/


systemctl stop sshd
rm -rf /lib/systemd/system/sshd.service
systemctl daemon-reload
# openssh-8.4p1是你最开始tar解压的目录,而不是安装后的目录
[root@jcfx04 openssh-9.3p2]# cp contrib/redhat/sshd.init  /etc/init.d/sshd
/etc/init.d/sshd restart 或者 systemctl start sshd
systemctl enable sshd


[root@jcfx04 openssh-9.3p2]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.1.1h  22 Sep 2020
[root@jcfx04 openssh-9.3p2]# sshd -V
OpenSSH_9.3, OpenSSL 1.1.1h  22 Sep 2020

修改sshd_config

PermitRootLogin yes
#Port 22
cp /opt/ssh/sshd_config  /etc/ssh/
/etc/init.d/sshd restart
netstat -ntpl |grep 22