centos7系列安全漏扫发现ssh漏洞升级
升级openssh
yum localinstall openssh-9.3p1-1.el7.x86_64.rpm openssh-clients-9.3p1-1.el7.x86_64.rpm openssh-server-9.3p1-1.el7.x86_64.rpm -y
安装包请到这里下载:
https://download.csdn.net/download/ericyee/87936307
验证openssh是否升级成功
#修改文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
#检查是否有配置错误
sshd -t
#/etc/pam.d/sshd配置丢失,从其他机器拷贝一份配置过来
#注释掉/etc/pam.d/password-auth /etc/pam.d/system-auth中uid >= 1000的行,否则root不能登陆
sed -i '/uid < 1000/s/^/#/' /etc/pam.d/password-auth
sed -i '/uid < 1000/s/^/#/' /etc/pam.d/system-auth
#修改/etc/ssh/sshd_config
sed -i '/^#PermitRootLogi