Centos7.9升级、打包openssh-server9.3p2,生产测试可行

最新推荐文章于 2024-08-04 16:26:14 发布
最新推荐文章于 2024-08-04 16:26:14 发布
阅读量1.6k 收藏 1
点赞数
文章标签: linux 服务器 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/DevonL/article/details/132424215
版权

一、背景说明

Centos7.9 默认安装的openssh 版本为7.4p1,经绿盟扫描,存在高危漏洞,需要升级到最新。官网只提供编译安装包,为了方便升级,先通过编译安装包,制作rpm包,并进行升级openssh 9.3p2 for Centos7.9版本,及升级指引。

  1. 升级Make
[root@220-191 ~]# cd /usr/local/src
下载make-4.3
[root@220-191 src]# wget https://mirrors.aliyun.com/gnu/make/make-4.3.tar.gz
#解压#
[root@220-191 src]# tar xf make-4.3.tar.gz
[root@220-191 src]# cd make-4.3/
#创建编译目录#
[root@220-191 make-4.3]# mkdir build

[root@220-191 make-4.3]# cd build
#检测编译环境和构建配置文件#
[root@220-191 build]# ../configure --prefix=/usr/local/make
#编译安装#
[root@220-191 build]# make && make install
#创建命令软连接#
[root@106-197 build]# ln -sf /usr/local/make/bin/make /usr/bin/make
#查看make版本#
[root@106-197 build]# make -v

GNU Make 4.3

Built for x86_64-pc-linux-gnu

Copyright (C) 1988-2020 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.
  1. 升级 gcc到9.3.0
[root@220-191 ~]# cd /usr/local/src
#安装依赖#
[root@220-191 src]# yum install -y gcc-c++ glibc-devel mpfr-devel libmpc-devel gmp-devel glibc-devel.i686 bzip2
#下载gcc-9.30#
[root@220-191 src]# wget https://ftp.gnu.org/gnu/gcc/gcc-9.3.0/gcc-9.3.0.tar.gz --no-check-certificate
[root@220-191 src]# tar -xf gcc-9.3.0.tar.gz
[root@220-191 src]# cd gcc-9.3.0
[root@220-191 gcc-9.3.0]# ./contrib/download_prerequisites
gmp-6.1.0.tar.bz2: OK
mpfr-3.1.4.tar.bz2: OK
mpc-1.0.3.tar.gz: OK
isl-0.18.tar.bz2: OK
All prerequisites downloaded successfully.
#以上缺哪个包需要手动yum安装#
[root@220-191 gcc-9.3.0]# mkdir build
[root@220-191 gcc-9.3.0]# cd build
[root@220-191 build]# ../configure --enable-checking=release --enable-language=c,c++ --disable-multilib --prefix=/usr/

[root@220-191 build]# make -j4

[root@220-191 build]# make install

[root@220-191 build]# gcc -v
  1. 升级GLIBC到2.31
#查看当前GLIBC版本#
[root@220-191 ~]# strings /lib64/libc.so.6 | grep -E "^GLIBC" | sort -V | uniq
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
[root@220-191 ~]# cd /usr/local/src
[root@220-191 src]# 
#下载Glibc-2.31#
[root@220-191 src]# wget https://mirrors.aliyun.com/gnu/glibc/glibc-2.31.tar.gz
[root@220-191 src]# tar xf glibc-2.31.tar.gz
[root@220-191 src]# cd glibc-2.31/
[root@220-191 glibc-2.31]# yum install binutils texinfo bison -y
[root@220-191 glibc-2.31]# mkdir build
[root@220-191 glibc-2.31]# cd build
[root@220-191 build]# ../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin --disable-sanity-checks --disable-werror
[root@220-191 build]# make -j4
[root@220-191 build]# make install

PS:以下报错可忽略:

/usr/bin/ld: cannot find -lnss_test2

collect2: error: ld returned 1 exit status

Execution of gcc -B/usr/bin/ failed!

The script has found some problems with your installation!

Please read the FAQ and the README file and check the following:

- Did you change the gcc specs file (necessary after upgrading from

 Linux libc5)?

- Are there any symbolic links of the form libXXX.so to old libraries?

 Links like libm.so -> libm.so.5 (where libm.so.5 is an old library) are wrong,

 libm.so should point to the newly installed glibc file - and there should be

 only one such link (check e.g. /lib and /usr/lib)

You should restart this script from your build directory after you've

fixed all problems!

Btw. the script doesn't work if you're installing GNU libc not as your

primary library!

make[1]: *** [Makefile:120: install] Error 1

make[1]: Leaving directory '/usr/local/src/glibc/glibc-2.31'

make: *** [Makefile:12: install] Error 2

 
# 解决新启动远程终端时报一个WARNING

make localedata/install-locales
  1. 制作openssh9.3p2 rpm包
#安装依赖#
[root@220-191 ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
#安装imake#
[root@220-191 ~]# yum install -y imake
#创建编译目录#
[root@220-191 ~]# mkdir -p /root/rpmbuild
[root@220-191 ~]# cd /root/rpmbuild
[root@220-191 rpmbuild]# mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@220-191 rpmbuild]# 
[root@220-191 ~]# cd /root/rpmbuild/SOURCES/
#下载openssh9.3p2和x11-ssh-askpass-1.2.4.1.tar.gz#
[root@220-191 SOURCES]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
--2023-08-06 20:12:24-- http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
Resolving [ftp.openbsd.org](ftp://ftp.openbsd.org) ([ftp.openbsd.org](ftp://ftp.openbsd.org))... 199.185.178.81
Connecting to [ftp.openbsd.org](ftp://ftp.openbsd.org) ([ftp.openbsd.org)|199.185.178.81|:80](ftp://ftp.openbsd.org)|199.185.178.81|:80)... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1835850 (1.8M) [text/plain]
Saving to: ‘openssh-9.3p2.tar.gz’
100%[=====================================================================================================>] 1,835,850  550KB/s  in 3.3s 
2023-08-06 20:12:28 (550 KB/s) - ‘openssh-9.3p2.tar.gz’ saved [1835850/1835850]

[root@220-191 SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
Location: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:59-- https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1223 (1.2K) [text/html]
Saving to: ‘x11-ssh-askpass-1.2.4.1.tar.gz’
100%[=====================================================================================================>] 1,223    --.-K/s  in 0s   
2023-08-06 20:14:00 (81.0 MB/s) - ‘x11-ssh-askpass-1.2.4.1.tar.gz’ saved [1223/1223]
[root@220-191 SOURCES]# 
#修改openssh.spec配置
[root@220-191 SOURCES]# cd /root/rpmbuild/SOURCES/
[root@220-191 SOURCES]# tar -zxf openssh-9.3p2.tar.gz 
##编辑编译配置文件
[root@220-191 SOURCES]# cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@220-191 SOURCES]# cd /root/rpmbuild/SPECS/
[root@220-191 SPECS]# ls -l
total 32
-rw-r--r--. 1 root root 30082 Aug 6 20:19 openssh.spec
[root@220-191 SPECS]# sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec
[root@220-191 SPECS]# sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec
[root@220-191 SPECS]# cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpass
[root@220-191 SPECS]# cat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpass
#修改openssl-devel的报错#
[root@220-191 SPECS]# sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec
#修改PreReq的报错#
[root@220-191 SPECS]# sed -i '/PreReq:/s/^/#/' openssh.spec
#解决Obsoletes报错#
[root@220-191 SPECS]# sed -i '/Obsoletes:/s/^/#/' openssh.spec

#解决rpmbuild报错#
*** ERROR: No build ID note found in /root/rpmbuild/BUILDROOT/openssh-9.3p2-
在openssh.spec最后加入:
[root@220-191 SPECS]# vim openssh.spec

%define __debug_install_post \
%{_rpmconfigdir}/find-debuginfo.sh %{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}"\
%{nil} 

#编译源码包,制作成rpm包#
[root@220-191 SPECS]# cd /root/rpmbuild/SPECS/
[root@220-191 SPECS]# rpmbuild -ba openssh.spec
...

Processing files: openssh-server-9.3p2-1.el7.x86_64

Provides: config(openssh-server) = 9.3p2-1.el7 openssh-server = 9.3p2-1.el7 openssh-server(x86-64) = 9.3p2-1.el7

Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/bash libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.16)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.6)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit) libcrypto.so.10(OPENSSL_1.0.2)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
Processing files: openssh-debuginfo-9.3p2-1.el7.x86_64
Provides: openssh-debuginfo = 9.3p2-1.el7 openssh-debuginfo(x86-64) = 9.3p2-1.el7
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
Wrote: /root/rpmbuild/SRPMS/openssh-9.3p2-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.FtwsQ7
\+ umask 022
\+ cd /root/rpmbuild/BUILD
\+ cd openssh-9.3p2
\+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
\+ exit 0
[root@220-191 SPECS]# 

2.5 查看生成的rpm包,并打包

\##编译完成后的软件在,debug的包不用下载安装 

[root@220-191 SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/

total 4.9M

-rw-r--r--. 1 root root 634K Aug 6 20:27 openssh-9.3p2-1.el7.x86_64.rpm

-rw-r--r--. 1 root root 627K Aug 6 20:27 openssh-clients-9.3p2-1.el7.x86_64.rpm

-rw-r--r--. 1 root root 462K Aug 6 20:27 openssh-server-9.3p2-1.el7.x86_64.rpm

-rw-r--r--. 1 root root 3.2M Aug 6 20:27 openssh-debuginfo-9.3p2-1.el7.x86_64.rpm

[root@220-191 SPECS]# 

\##对rpm进行打包

[root@220-191 x86_64]# tar -zcvf /root/openssh-9.3p2_rpm_for_centos7.9.tar.gz *.rpm

openssh-9.3p2-1.el7.x86_64.rpm

openssh-clients-9.3p2-1.el7.x86_64.rpm

openssh-debuginfo-9.3p2-1.el7.x86_64.rpm

openssh-server-9.3p2-1.el7.x86_64.rpm

 

三、centos7.9 从openssh7.4p1升级到openssh9.3p2

\##升级之前查看版本

[root@220-191 x86_64]# rpm -qa|grep openssh

openssh-clients-7.4p1-21.el7.x86_64

openssh-7.4p1-21.el7.x86_64

openssh-server-7.4p1-21.el7.x86_64

[root@220-191 x86_64]# 

[root@220-191 x86_64]# ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

[root@220-191 x86_64]# 

 

 

\##升级前备份 /etc/pam.d/sshd

 

cp -r /etc/ssh /etc/ssh.bak

cp -r /etc/pam.d /etc/pam.d.bak

cp /etc/pam.d/sshd /root/sshd

 

 

验证openssh是否升级成功

 

\##升级openssh

 

yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y

 

 

[root@220-191 x86_64]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y

Loaded plugins: fastestmirror

Examining openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64

Marking openssh-9.3p2-1.el7.x86_64.rpm as an update to openssh-7.4p1-21.el7.x86_64

Examining openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64

Marking openssh-clients-9.3p2-1.el7.x86_64.rpm as an update to openssh-clients-7.4p1-21.el7.x86_64

Examining openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64

Marking openssh-server-9.3p2-1.el7.x86_64.rpm as an update to openssh-server-7.4p1-21.el7.x86_64

Resolving Dependencies

There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).

--> Running transaction check

---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated

---> Package openssh.x86_64 0:9.3p2-1.el7 will be an update

---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated

---> Package openssh-clients.x86_64 0:9.3p2-1.el7 will be an update

---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated

---> Package openssh-server.x86_64 0:9.3p2-1.el7 will be an update

--> Finished Dependency Resolution

 

Dependencies Resolved

 

===============================================================================================================================================

 Package             Arch          Version           Repository                      Size

===============================================================================================================================================

Updating:

 openssh             x86_64         9.3p2-1.el7         /openssh-9.3p2-1.el7.x86_64             2.9 M

 openssh-clients         x86_64         9.3p2-1.el7         /openssh-clients-9.3p2-1.el7.x86_64         2.4 M

 openssh-server         x86_64         9.3p2-1.el7         /openssh-server-9.3p2-1.el7.x86_64         1.1 M

 

Transaction Summary

===============================================================================================================================================

Upgrade 3 Packages

 

Total size: 6.4 M

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

 Updating  : openssh-9.3p2-1.el7.x86_64                                                 1/6 

 Updating  : openssh-server-9.3p2-1.el7.x86_64                                              2/6 

 Updating  : openssh-clients-9.3p2-1.el7.x86_64                                             3/6 

 Cleanup  : openssh-clients-7.4p1-21.el7.x86_64                                             4/6 

 Cleanup  : openssh-server-7.4p1-21.el7.x86_64                                             5/6 

 Cleanup  : openssh-7.4p1-21.el7.x86_64                                                 6/6 

 Verifying : openssh-server-9.3p2-1.el7.x86_64                                              1/6 

 Verifying : openssh-9.3p2-1.el7.x86_64                                                 2/6 

 Verifying : openssh-clients-9.3p2-1.el7.x86_64                                             3/6 

 Verifying : openssh-clients-7.4p1-21.el7.x86_64                                             4/6 

 Verifying : openssh-7.4p1-21.el7.x86_64                                                 5/6 

 Verifying : openssh-server-7.4p1-21.el7.x86_64                                             6/6 

 

Updated:

 openssh.x86_64 0:9.3p2-1.el7       openssh-clients.x86_64 0:9.3p2-1.el7       openssh-server.x86_64 0:9.3p2-1.el7       

 

Complete!

[root@220-191 x86_64]# 

[root@220-191 x86_64]# ssh -V

OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017

[root@220-191 x86_64]#

 

##重启sshd出现报错

[root@220-191 x86_64]# systemctl restart sshd

Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

[root@220-191 x86_64]# systemctl status sshd.service

● sshd.service - SYSV: OpenSSH server daemon

  Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

  Active: failed (Result: exit-code) since Sun 2023-08-06 20:39:07 CST; 7s ago

   Docs: man:systemd-sysv-generator(8)

 Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)

 Process: 32668 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)

 Main PID: 1029 (code=exited, status=0/SUCCESS)

 

Aug 06 20:39:07 220-191 sshd[32668]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Aug 06 20:39:07 220-191 sshd[32668]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.

Aug 06 20:39:07 220-191 sshd[32668]: It is required that your private key files are NOT accessible by others.

Aug 06 20:39:07 220-191 sshd[32668]: This private key will be ignored.

Aug 06 20:39:07 220-191 sshd[32668]: sshd: no hostkeys available -- exiting.

Aug 06 20:39:07 220-191 sshd[32668]: [FAILED]

Aug 06 20:39:07 220-191 systemd[1]: sshd.service: control process exited, code=exited status=1

Aug 06 20:39:07 220-191 systemd[1]: Failed to start SYSV: OpenSSH server daemon.

Aug 06 20:39:07 220-191 systemd[1]: Unit sshd.service entered failed state.

Aug 06 20:39:07 220-191 systemd[1]: sshd.service failed.

[root@220-191 x86_64]# 

 

 

\##修改文件权限

[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key

[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_ecdsa_key

[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_ed25519_key

 

 

\##再次重启sshd,正常

[root@220-191 x86_64]# systemctl restart sshd

[root@220-191 x86_64]# systemctl status sshd.service

● sshd.service - SYSV: OpenSSH server daemon

  Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

  Active: active (running) since Sun 2023-08-06 20:40:10 CST; 3s ago

   Docs: man:systemd-sysv-generator(8)

 Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)

 Process: 32689 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)

 Main PID: 32697 (sshd)

  CGroup: /system.slice/sshd.service

​      └─32697 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups

 

Aug 06 20:40:10 220-191 systemd[1]: Starting SYSV: OpenSSH server daemon...

Aug 06 20:40:10 220-191 sshd[32689]: /sbin/restorecon: lstat(/etc/ssh/ssh_host_dsa_key.pub) failed: No such file or directory

Aug 06 20:40:10 220-191 sshd[32697]: Server listening on 0.0.0.0 port 22.

Aug 06 20:40:10 220-191 sshd[32697]: Server listening on :: port 22.

Aug 06 20:40:10 220-191 sshd[32689]: Starting sshd:[ OK ]

Aug 06 20:40:10 220-191 systemd[1]: Started SYSV: OpenSSH server daemon.

[root@220-191 x86_64]#

四、Centos7.9 openssh 9.3p1升级到openssh 9.3p2

[root@ucsp-rancher-03 openssh9.3p2]# ssh -V

OpenSSH_9.3p1, OpenSSL 1.0.2k-fips 26 Jan 2017

[root@ucsp-rancher-03 openssh9.3p2]# 

[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/ssh /etc/ssh.bak

cp -r /etc/pam.d /etc/pam.d.bak

[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/pam.d /etc/pam.d.bak

cp /etc/pam.d/sshd /root/sshd

[root@ucsp-rancher-03 openssh9.3p2]# cp /etc/pam.d/sshd /root/sshd

[root@ucsp-rancher-03 openssh9.3p2]# 

 rpm -Uvh --nodeps *

完毕!

[root@ucsp-rancher-03 openssh9.3p2]# ssh -V

OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017

echo PermitRootLogin yes >> /etc/ssh/sshd_config

[root@ucsp-rancher-03 openssh9.3p2]# systemctl restart sshd

[root@ucsp-rancher-03 openssh9.3p2]# 

 

chmod 600 /etc/ssh/ssh_host_ed25519_key

chmod 600 /etc/ssh/ssh_host_ecdsa_key

chmod 600 /etc/ssh/ssh_host_rsa_key

systemctl restart sshd
DevonL77
关注
Centos7升级OpenSSH版本至9.3p2
08-03
Centos7升级OpenSSH版本至9.3p2
OpenSSH升级openssh-9.3p2程序包
01-15
本文将深入探讨升级OpenSSHopenssh-9.3p2的过程以及涉及到的相关组件。 首先,我们来看看压缩包中包含的文件: 1. `perl-5.38.0.tar.gz`: Perl是一种强大的脚本语言,常用于系统管理、网络编程等。在OpenSSH升级...
CentOS升级OpenSSH_9.3p2(RPM升级+源码升级
qq_42778160的博客
04-28 3106
升级OpenSSH是一个危险系数比较高的操作,一旦出现意外情况,会导致无法ssh登录设备。一定要确保除ssh外 要有其他登录方式能够连接到设备。我这里升级ssh是因为漏扫 扫出来很多openssh相关漏洞,一共73台设备,分为CentOS-8.2、CentOS-7.9。其中7.9系统又包含x86_64架构和ARM(aarch64)架构的系统,环境比较复杂。升级OpenSSH这里有两种方法,一是构建SSH RPM包升级,另一种就是源码编译升级
linux centos7.9升级openssh9.8过程
最新发布
ly4983的专栏
08-04 1041
因漏洞扫描扫描出openssh相关的高危漏洞,处理新发布的CVE-2024-6387关于openssh的漏洞,需要升级openssh到9.8版本。
openssh升级9.3p2
xingxing12323的博客
11-13 602
github上有就是总是连接不上存百度网盘了。
Centos升级Openssh版本至openssh-9.3p2
weixin_42763067的博客
06-01 767
默认情况下,系统是不允许root用户telnet远程登录的。所有版本安装包下载地址:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/别紧张,这是对key文件的警告信息,提示目前的key文件权限为640,权限太高,修改为600即可。为防止升级Openssh失败导致无法连接ssh,所以先安装Telnet服务备用。执行成功后,先卸载旧版本的openssh,然后安装新版本。本次使用升级openssh-9.3p2版本。安装完成后会提示这个。
CentOS 7 x86_64 制作openssh 9.3p2 rpm包修复安全漏洞 —— 筑梦之路
筑梦之路
07-24 2595
CVE-2023-38408是一个远程代码执行漏洞,位于 ssh-agent 的转发功能内,特别是涉及提供PKCS#11相关服务的情况下。在某些条件下,可以操纵ssh-agent对PKCS#11的支持,以便通过转发的代理套接字来促进远程代码执行。利用的先决条件包括受害者系统上存在特定库以及需要将代理转发到攻击者控制的系统。
openssh 9.3p2 centos7.9 rpm升级
08-06
OpenSSH 9.3p2在CentOS 7.9上的安全升级指南》 OpenSSH,作为Linux系统中广泛使用的安全外壳协议实现,对于远程访问和管理起着至关重要的作用。然而,随着时间的推移,旧版本的OpenSSH可能会出现安全漏洞,威胁到...
openssh 9.3P2-centos7.9-RPM安装包及安装说明
08-24
openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm
openssh-9.3p2 rpm安装包
08-11
本文将详细介绍如何在CentOS系统上通过RPM包升级到最新版本的OpenSSH 9.3p2。 首先,我们要了解OpenSSH是什么。OpenSSH是一个开源软件套件,用于实现安全的网络服务,包括SSH(Secure Shell)协议,用于加密网络...
centos制作openssh 9.3p2 rpm包
planck
07-26 2486
操作系统:CentOS Linux release 7.4.1708 (Core) #测试发现rpm包要在什么系统安装需要就需要在什么系统上制作。源码文件:openssh-9.3p2.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz。执行命令,这时候会打开一个spec的vim文件,我们使用vim的另存为将它保存下来(shift+: w文件名)待制作完成,生成的rpm包在目录/root/rpmbuild/RPMS/x86_64/或者提取已有包的spec文件。
openssh9.3p2-rpm包.zip
07-31
openssh9.3p2-rpm包.zip
openssh-9.3p2-centos7-x86-64-rpm.zip
07-24
适用于centos 7 x86_64 操作系统 适用于redhat 7 系列操作系统 二进制rpm包 openssh 9.3p2 版本 修复安全漏洞 CVE-2023-38408,当前2023年7月24日最新openssh版本
openssh9.3p2-el7.x64 rpm安装包
07-27
openssh9.3p2-el7.x64 rpm安装包
centos7更新openssh7.9
12-07
centos7最新的openssh的安装 执行命令 yum -y --disablerepo=\* localinstall *.rpm /bin/cp -f /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config sed -i "s/.*PermitRootLogin.*/PermitRootLogin yes/" /etc/ssh/sshd_config chmod 600 -R /etc/ssh/ systemctl restart sshd
LinuxOpenSSH_9.3p1 升级OpenSSH_9.3p2(亲测无问题,建议收藏)
liu_chen_yang的博客
10-01 6110
注意事项: 下载 openssh9.3p2 的安装包: 或者是使用我提供的离线包:openssh7.4p1 升级openssh9.3p2 所需的离线包 网盘下载: 链接:https://pan.baidu.com/s/1W426VDGwchE9ndKGV-eyxw?pwd=f2um 提取码:f2um 解压并编译安装OpenSSH9.3p2 授权 复制配置文件 给sshd授予权限 启用sshd,生成服务配置文件,并重启服务 验证升级是否成功
CentOS7.9 OpenSSH升级
liangpangpangyo的博客
07-24 767
centOS7.9 OpenSSH 升级
Centos7.9 升级OpenSSH 9.0
u011183419的博客
05-10 5243
文章目录前言一、准备工作二、安装telnet远程支持1.关掉防火墙。2.安装telnet2.准备OpenSSH与OpenSSL文件3.升级正式开始总结 前言 最近,客户的机房进行等级保护,对我们的服务器进行漏洞扫描,原来openssh7.4版本被扫出存在高风险,必须升级打补丁,根据出具的报告,需要将openssh升级至8.4以上版本。 由于客户机房采用的是VPN+保垒机方式,更加恶心的是,VPN上了之后会被屏避掉所以外部网络,所以只有文件升级。其中由于不小心删除了openssl-libs相关的包,导致ss
Centos7.9升级OpenSSH版本
qq_24973007的博客
06-25 771
升级前先多开几个ssh窗口或者打开telnet,因为升级ssh可能会导致ssh无法登录。
CentOS7.9离线安装TigerVNC-Server详细步骤
"本文档提供了一种在CentOS 7.9系统上离线安装TigerVNC Server的方法,特别适合没有网络连接的环境。TigerVNC Server是一款高效的远程桌面软件,允许用户通过VNC协议访问和控制图形界面。" 在CentOS 7.9上离线安装...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

DevonL77

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值