升级sshd可以增加安全性,当然要做到绝对安全是不可能的.下文只是简单的升级了下sshd.
1.升级sshd前准备
yum -y install gcc* make openssl openssl-devel perl pam pam-devel
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
备份ssh
mv /etc/ssh/ /etc/ssh.bak
当然最好再装个dropbear,大家可以去看我这篇文章 centos安装dropbear代替openssh ,避免升级失败,连不上服务器就杯具了.
2.安装sshd
openssl version -a
tar zxf openssh-5.9p1.tar.gz && cd openssh-5.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-zlib --with-md5-passwords
make
rpm -e --nodeps openssh-server-4.3p2-41.el5
rpm -e --nodeps openssh-4.3p2-41.el5
make install
service sshd restart
这时候不要先忙断开ssh连接,重新开个ssh来试试可否连接,如果可以,这时候会出现证书错误,这是很正常.
重启sshd后会出现ssh-keygen: generating new host keys: ECDSA unknown key type错误提示.
touch /etc/ssh/ssh_host_ecdsa_key
touch /etc/ssh/ssh_host_ecdsa_key.pub
然后再重启sshd.
service sshd restart
好了,远程升级成功.
1.升级sshd前准备
![点击查看原图](https://i-blog.csdnimg.cn/blog_migrate/138e52129cb358dadf7c684bbbb62c5e.jpeg)
yum -y install gcc* make openssl openssl-devel perl pam pam-devel
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
备份ssh
mv /etc/ssh/ /etc/ssh.bak
当然最好再装个dropbear,大家可以去看我这篇文章 centos安装dropbear代替openssh ,避免升级失败,连不上服务器就杯具了.
2.安装sshd
openssl version -a
tar zxf openssh-5.9p1.tar.gz && cd openssh-5.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-zlib --with-md5-passwords
make
rpm -e --nodeps openssh-server-4.3p2-41.el5
rpm -e --nodeps openssh-4.3p2-41.el5
![点击查看原图](https://i-blog.csdnimg.cn/blog_migrate/f1ea612a76621d77c15137d842b98ea1.jpeg)
make install
service sshd restart
这时候不要先忙断开ssh连接,重新开个ssh来试试可否连接,如果可以,这时候会出现证书错误,这是很正常.
![点击查看原图](https://i-blog.csdnimg.cn/blog_migrate/0fc8ac5ad8eb57fec058c82ccc82c7f4.jpeg)
重启sshd后会出现ssh-keygen: generating new host keys: ECDSA unknown key type错误提示.
touch /etc/ssh/ssh_host_ecdsa_key
touch /etc/ssh/ssh_host_ecdsa_key.pub
![点击查看原图](https://i-blog.csdnimg.cn/blog_migrate/2e1e039de5e8b9832c5ef67093445429.jpeg)
然后再重启sshd.
service sshd restart
![点击查看原图](https://i-blog.csdnimg.cn/blog_migrate/c6b6726aea4659f633933f5f7669bdc4.jpeg)
好了,远程升级成功.