CentOS下安装OpenSSH 5.8的三种方法【未测试】

最新推荐文章于 2024-04-30 15:39:15 发布
最新推荐文章于 2024-04-30 15:39:15 发布
阅读量1.1k 收藏 1
点赞数
分类专栏: 服务器管理 web开发 系统维护与优化 CentOS 文章标签: CentOS ssh openssl 管理

CentOS下安装OpenSSH 5.8的三种方法

Category : 工作学习 / Tags : centos, linux, openssh / Date : 2011.05.19 / 5,296 views /

  CentOS 5.X自带的OpenSSH版本很低,还是4.3P2的。不支持SFTP Chroot功能。下面总结了三种升级到新版本的方法:

  为了升级安全,可先启用telnet服务,默认系统是没有启用这个服务的。

  启用Telnet远程管理

? View Code BASH 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

vi /etc/xinetd.d/krb5-telnet
 
# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
#              but can also use Kerberos 5 authentication.
service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/kerberos/sbin/telnetd
        log_on_failure  += USERID
        disable         = no
}

  修改disable为no,默认为yes,即禁用telnet服务。修改为no,即表示启用telnet服务。

  重启xinetd,开启Telnet服务

? View Code BASH 
1
2
3
4

service xinetd restart
 
停止 xinetd:                                              [确定]
启动 xinetd:                                              [确定]

  检查Telnet是否正常启动

? View Code BASH 
1
2
3

netstat -tnlp | grep :23
 
tcp        0      0 0.0.0.0:23                  0.0.0.0:*                   LISTEN      20938/xinetd

  注意:为了安全,Telnet是不能以root直接登陆的。以普通用户登录后再su切换root。SSH升级成功后,记得关闭telnet服务。

  方法一:源码包编译安装

? View Code BASH 
1
2
3
4
5
6

wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
tar xvf openssh-5.8p2.tar.gz
cd openssh-5.8p2
./configure --prefix=/usr --sysconfdir=/etc/ssh
make
make install

  上面的方法会覆盖原版本的文件,make install覆盖/etc/ssh下配置文件时可能会报错。这时删掉/etc/ssh下的原配置文件,再make install一次就可以了

  建议安装还是换个路径比较好,特别是线上服务器。下面给出的是官方给出的几种方案,根据自己情况调整吧!

? View Code BASH 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

To install OpenSSH with default options:
 
./configure
make
make install
 
This will install the OpenSSH binaries in /usr/local/bin, configuration files
in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
installation prefix, use the --prefix option to configure:
 
./configure --prefix=/opt
make
make install
 
Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
specific paths, for example:
 
./configure --prefix=/opt --sysconfdir=/etc/ssh
make
make install
 
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.

  方法二:编译RPM包安装

  用上面下载的源码包来自己编译生成RPM包。这个方法相对比较麻烦,因为有不少和X相依的库需要安装。

  安装相依包,我的系统上就只差这些。如果你的编译时报错,请根据报错装上其它相依包。

? View Code BASH 
1
2

yum -y install  libX11-devel libXt-devel  gtk2-devel
wget  http://ftp.riken.jp/Linux/momonga/6/Everything/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz

  x11-ssh-askpass is a lightweight passphrase dialog for OpenSSH or other open variants of SSH. In particular, x11-ssh-askpass is useful with the Unix port of OpenSSH by Damien Miller and others, and Damien includes it in his RPM packages of OpenSSH.

  x11-ssh-askpass uses only the stock X11 libraries (libX11, libXt) for its user interface. This reduces its dependencies on external libraries (such as GNOME or Perl/Tk).

? View Code BASH 
1
2
3
4
5

tar xvf openssh-5.8p2.tar.gz
cp openssh-5.8p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
cp openssh-5.8p2.tar.gz /usr/src/redhat/SOURCES/
cp x11-ssh-askpass-1.2.4.1.tar.gz /usr/src/redhat/SOURCES/
rpmbuild -bb /usr/src/redhat/SPECS/openssh.spec

  编译成功后生成的OpenSSH安装包

? View Code BASH 
1
2
3
4

cd /usr/src/redhat/RPMS/`uname -i`
ls -l
 
openssh-5.8p2-1.i386.rpm  openssh-askpass-5.8p2-1.i386.rpm  openssh-askpass-gnome-5.8p2-1.i386.rpm  openssh-clients-5.8p2-1.i386.rpm  openssh-debuginfo-5.8p2-1.i386.rpm  openssh-server-5.8p2-1.i386.rpm

  安装RPM包,升级OpenSSH到5.8p2

? View Code BASH 
1

rpm -Uvh openssh*rpm

  验证SSH的新版本

? View Code BASH 
1
2
3

ssh -v
 
OpenSSH_5.8p2, OpenSSL 0.9.8b 04 May 2006

  方法三:通过rpmfind.net直接下载编译好的rmp包是最简单的方法。

? View Code BASH 
1
2
3
4
5
6

OpenSSH 5.8p2 32位
 
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-server-5.8p2-1.fc16.1.i686.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/source/SRPMS/openssh-5.8p2-1.fc16.1.src.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-askpass-5.8p2-1.fc16.1.i686.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/i386/os/Packages/openssh-clients-5.8p2-1.fc16.1.i686.rpm
? View Code BASH 
1
2
3
4
5
6

OpenSSH 5.8p2 64位
 
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-server-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-askpass-5.8p2-1.fc16.1.x86_64.rpm
wget ftp://rpmfind.net/linux/fedora/development/rawhide/x86_64/os/Packages/openssh-clients-5.8p2-1.fc16.1.x86_64.rpm

  安装RPM包,升级OpenSSH到5.8p2

? View Code BASH 
1

rpm -Uvh openssh*rpm

  验证SSH的新版本

? View Code BASH 
1
2
3

ssh -v
 
OpenSSH_5.8p2, OpenSSL 0.9.8b 04 May 2006
太阳神LoveU
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Centos5.8的SSH配置
rudy gao
04-26 1438
一、环境配置   1、服务端:CentOS release 5.8  IP:192.168.1.111   2、客服端:CentOS release 5.8  IP:192.168.1.110   二、配置SSH无密码登录需要3步:  1、生成公钥和私钥  2、导入公钥到认证文件,更改权限  3、测试
openssh-5.8p2.tar.gz
07-01
untrusted comment: signature from openbsd 5.5 base secret key RWRGy8gxk9N930mZSNhSVZg9DPFLNT0qQcEGhQeQ55awDf4RfJqPXB6lz71jQatqYzr3XkzyUyckpP4nSCE+XmoICZEPwVhjhA8= OpenBSD 5.5 errata 2, Apr 8, 2014: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which, if exploited, can result in a leak of memory contents. After patching, private keys and certificates exposed to services running this code (for example web/mail server SSL certificates) should be replaced and old certificates revoked. Only SSL/TLS services are affected. Software that uses libcrypto alone is not affected. In particular, ssh/sshd are not affected and there is no need to regenerate SSH host keys that have not otherwise been exposed. Apply patch using: signify -Vep /etc/signify/openbsd-55-base.pub -x 002_openssl.patch.sig \ -m - | (cd /usr/src && patch -p0) Then build and install libssl cd /usr/src/lib/libssl/ssl make obj make make install Also recompile any statically-linked binaries depending on it - in the base OS, this is just ftp(1): cd /usr/src/usr.bin/ftp make obj make clean make make install Then restart services which depend on SSL. Index: lib/libssl/src/ssl/d1_both.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/d1_both.c,v retrieving revision 1.2 diff -u -p -r1.2 d1_both.c --- lib/libssl/src/ssl/d1_both.c 27 Feb 2014 21:04:57 -0000 1.2 +++ lib/libssl/src/ssl/d1_both.c 8 Apr 2014 00:22:22 -0000 @@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0;
CentOS源码安装OpenSSH+OpenSSL
最新发布
qq_42778160的博客
04-30 1110
安装或升级SSH和SSL有一定的危险系数,要保证设备除SSH要有其他连接方式。出现问题时要有救急通道。
CentOS 5.8升级OpenSSH,OpenSSL到最新版
weixin_34184158的博客
11-06 720
2019独角兽企业重金招聘Python工程师标准>>> ...
centos安装openssh
ice_mocha的博客
01-06 679
1.查看是否已安装SSH rpm -qa | grep ssh 2.安装SSH yum install openssh-server 3.启动SSH服务 service sshd start 4.其他命令 查看22端口是否启动 netstat -antp | grep sshd 开机启动 chkconfig ssh on 配置docker root密码 passwd root ...
CentOS 5安装openssh
The Big Data Way
10-13 215
卸载现有的openssh   rpm -qa | grep openssh #列出要删除的rpm包 rpm -e x.rpm # 卸载   安装 官方网站:www.openssh.com   wget http://openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz tar -zxf openssh-5...
centos 7 源码安装openssh方法
01-09
环境:centos 7.1.1503 最小化安装 依赖包下载: yum -y install lrzsz zlib-devel perl gcc pam-devel 1、安装openssl ,选用最新发布的版本:openssl-1.1.1g.tar.gz 1)openssl下载地址:...
CentOS7.2离线安装openssh8.6p1软件包-步骤及依赖.rar
06-03
以下是一个详细的步骤指南,教你如何在CentOS7.2上离线安装OpenSSH 8.6p1。 首先,你需要获取OpenSSH 8.6p1的源码包。这通常可以通过访问OpenSSH官方网站或通过其他有网络连接的机器下载得到。文件名可能是`openssh...
CentOS6.5离线安装openssh8.6p1软件包-步骤及依赖.rar
06-03
本文将详细讲解如何在CentOS 6.5系统上离线安装openssh 8.6p1软件包,这通常适用于没有互联网连接或者网络环境受限的服务器。在CentOS 6.5上进行这样的升级对于提高SSH的安全性至关重要,因为老版本的SSH可能存在...
centos7 升级openssh9.6
01-18
CentOS 7预装的OpenSSH版本可能相对较旧,为了获得最新的安全更新和特性,升级到OpenSSH 9.6是必要的。下面我们将详细探讨如何在CentOS 7系统上进行这个过程。 首先,确保你的系统是最新的,通过运行以下命令来更新...
RHEL5.8升级openssh版本
YSOLA4的专栏
08-05 1075
经过同事验证,RHEL5.8自带的openssh版本是4.3, 能升级到的较高版本为7.6. 本文基于内网,如政府网络条件进行的升级.能访问互联网进行yum的就不需要自行创建源等操作了. 创建源 1、创建文件夹 mkdir -p /media/RHEL5 2、挂载ISO镜像 mount -t iso9660 -o loop /App/Software/RHEL5.10.iso ...
centos之SSH安装
06-06
centos之SSH安装centos之SSH安装centos之SSH安装centos之SSH安装
openssh9.0升级(CentOS7)安装步骤
qq_53923859的博客
10-27 1495
openssh的历史版本下载网址:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssl的历史版本下载网址:https://www.openssl.org/source/old/zlib的历史版本下载网址:https://www.zlib.net/fossils/如果正常,就重启服务器再查看一下,确认sshd服务能否正常开机启动。在编译之前要确保安装了GCC编译器。如果没显示,使用yum进行安装。查看sshd服务状态。
CentOS安装 SSH(OpenSSH
tianmaxinkong123的博客
12-23 682
CentOS安装 SSH(OpenSSH)服务通常很简单。
centos7安装openssh
Y00010010的博客
04-28 5688
centos7安装openssh
centos7 安装SSH
热门推荐
wang704987562的博客
05-25 7万+
1.安装OpenSSH服务(CentOS系统默认安装openssh) yum install openssh-server -y 2.配置OpenSSH服务(默认的配置已可以正常工作)OpenSSH的主配置文件:/etc/ssh/sshd_config常见的配置选项:Port=22 设置SSH的端口号是22(默认端口号为22)Protocol 2 启用SSH版本2协议ListenAddress
Centos7 编译安装Openssh
syx4410177的博客
03-18 2266
Centos7 编译安装Openssh安装Telnet服务安装服务修改配置启动服务关闭服务安装前准备安装服务安装zlib安装openssl安装openssh问题SSH远程服务器时报错 /bin/bash : Permission denied 安装Telnet服务 预防安装openssh失败导致无法远程连接服务,事先安装telnet服务以备用。 安装服务 # yum install xinetd telnet-server 修改配置 现在很多centos7版本安装telnet-server以及xinetd
CentOS5/6/7/8 OpenSSH升级(源码编译安装)
刘元林的博客
03-16 6262
安装依赖 yum -y install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel zlib是必须的,同时没有libcrypto编译安装OpenSSH是被允许的,但是其所使用的加密算法会被严格限制。 libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto is supported but severely restricts th..
centos9 升级 openssh版本到 9,2024年最新讲的太透彻了
04-17 1340
【代码】centos9 升级 openssh版本到 9,2024年最新讲的太透彻了。
centos7安装mysql5.8
07-27
要在CentOS 7上安装MySQL 5.8,您可以按照以下步骤进行操作: 1. 更新系统: ``` sudo yum update ``` 2. 添加MySQL的Yum存储库。创建一个新的文件 `/etc/yum.repos.d/mysql-community.repo` 并将以下内容添加...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值