中科麒麟kylin V10系统上升级openssh方法
最近接到政务云上的linux(Kylin V10版)漏洞需要升级openssh,经测试,下面方法可用,大家有需要的收藏哦!
注意事项:升级过程中不要退出当前会话,否则会导致ssh远程不上
安装openssh
tar xf openssh-9.8p1.tar.gz
cd openssh-9.8p1
mv /etc/ssh /etc/ssh_bak
在编译openssh前创建目录:mkdir /usr/local/openssh
#配置编译和安装过程,“–prefix=” 配置安装目录,“–sysconfdir=” 配置文件路径,“–with-ssl-dir=” openssl的安装路径
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib --without-hardening
cat >> /etc/ssh/sshd_config <<EOF
HostKeyAlgorithms ssh-rsa,ssh-dss #(可去掉)
PubkeyAuthentication yes
PasswordAuthentication yes
UseDNS no
PermitRootLogin yes
EOF
mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /etc/pam.d/sshd /etc/pam.d/sshd_bak
mv /etc/sysconfig/sshd /etc/sysconfig/sshd_bak
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak
cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
for i in $(rpm -qa |grep openssh); do rpm -e $i --nodeps ; done
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
cp -arf /usr/local/openssh/bin/* /usr/bin/
cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp ./contrib/redhat/sshd.init /etc/init.d/sshd #需要进入到解压好的openssh软件包所在目录里面去
chmod +x /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /etc/pam.d/sshd_bak /etc/pam.d/sshd
systemctl daemon-reload
chkconfig --add sshd
chkconfig --level 2345 sshd on
systemctl restart sshd
systemctl status sshd
具体软件可到如下地址免费下载:
https://download.csdn.net/download/king01299/89751938