centos7.9离线升级openssl和openssh9.2

前言

最近有几台服务器漏扫出了关于openssh的漏洞,升级完后顺便记录一下。

环境

CentOS Linux release 7.9.2009 (Core)

开始升级

准备工作

下载安装包:

zlib-1.2.13.tar.gz  http://www.zlib.net/fossils/zlib-1.2.13.tar.gz

openssl-1.1.1t.tar.gz  https://www.openssl.org/source/openssl-1.1.1t.tar.gz  

openssh-9.2p1.tar.gz  https://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/openssh-9.2p1.tar.gz

安装顺序:zlib、openssl、openssh

安装zlib

[root@localhost ~]# tar zxvf zlib-1.2.13.tar.gz
[root@localhost ~]# cd zlib-1.2.13
[root@localhost zlib-1.2.13]# ./configure --prefix=/usr/local/zlib
[root@localhost zlib-1.2.13]# make && make install

安装 openssl

[root@localhost ~]# tar zxvf openssl-1.1.1t.tar.gz
[root@localhost ~]# cd openssl-1.1.1t
[root@localhost openssl-1.1.1t]# ./config --prefix=/usr/local/ssl -d shared
[root@localhost openssl-1.1.1t]# make && make install
[root@localhost openssl-1.1.1t]# echo '/usr/local/ssl/lib' >> /etc/ld.so.conf

安装openssh

#先卸载原openssh,卸载后切记不要断开ssh连接
[root@localhost ~]# yum remove openssh
#安装
[root@localhost ~]# tar zxvf openssh-9.2p1.tar.gz
[root@localhost ~]# cd openssh-9.2p1
[root@localhost openssh-9.2p1]# ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
[root@localhost openssh-9.2p1]# make && make install

 配置openssh

#编辑sshd_config文件,在末尾追加三行数据
[root@localhost openssh-9.2p1]# vi /usr/local/openssh/etc/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
[root@localhost openssh-9.2p1]# cd contrib/redhat/
[root@localhost redhat]# cp sshd.init  /etc/init.d/sshd
[root@localhost redhat]# chkconfig --add sshd
[root@localhost redhat]# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config 
[root@localhost redhat]# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
[root@localhost redhat]# cp /usr/local/openssh/bin/ssh /usr/bin/ssh
[root@localhost redhat]# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
[root@localhost redhat]# cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
#启动服务
[root@localhost redhat]# systemctl start sshd.service
#设置开机启动
[root@localhost redhat]# chkconfig --add sshd
[root@localhost redhat]# chkconfig sshd on
#查看版本
[root@localhost redhat]# ssh -V
OpenSSH_9.2p1, OpenSSL 1.1.1t  7 Feb 2023

重启试一下,可以ssh连接,end。

posted @ 2023-03-14 17:31  xjournal  阅读(1610)  评论(0编辑  收藏  举报