OpenSSH权限提升漏洞(CVE-2021-41617)-升级OpenSSH至最新8.8p1

在升级Openssh之后,确保还可以通过其它方式远程登录到服务器上,比如Telnet或阿里云控制台。
1. 当前系统版本信息
# /usr/bin/ssh -V
OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020

# openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020

# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: AlibabaCloud
Description: Alibaba Cloud Linux release 3 (Soaring Falcon)
Release: 3
Codename: SoaringFalcon

2. Update system(生产环境慎重执行该命令,否则升级后有可能导致应用系统出现兼容性问题)
# yum update

3. 安装开发环境及依赖包
# yum groupinstall "Development Tools"
# yum install pam-devel libselinux-devel zlib-devel openssl-devel

4. 备份原ssh配置文件(直接重命名/etc/ssh目录,否则在安装新版本Openssh时,无法替换配置文件)
mv /etc/ssh /opt/ssh_bak

5. 下载并安装最新版本的Openssh
# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
# tar -zxvf openssh-8.8p1.tar.gz

6. 编译并安装openssh-8.8p1
# ./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
# make
# make install

7. PermitRootLogin 修改配置文件的下列参数,允许root帐号远程登录到服务器上。
# vi /etc/ssh/sshd_config 
PermitRootLogin Yes

8. restart SSH and check the version of OpenSSH
# systemctl restart sshd
# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1g FIPS 21 Apr 2020

 

posted on 2021-12-16 13:34  遠離塵世の方舟  阅读(2337)  评论(0编辑  收藏  举报

导航