OpenSSH权限提升漏洞(CVE-2021-41617)修复
Centos 7升级Openssh 8.8
1.准备工作
yum仓库怎么配置详见
https://blog.csdn.net/qq_29974229/article/details/103827369
2.安装必须的包
yum install -y gcc openssl-devel zlib-devel wget
3.下载OpenSsh 8.8p1
mkdir /apps
cd /apps
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
4.OpenSsh 解压安装
tar xf openssh-8.8p1.tar.gz
cd /apps/openssh-8.8p1
./configure &&make -j 2 &&make install
5.配置文件修改
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
\cp /openssh-8.8p1/sshd_config /etc/ssh/sshd_config
sed -ri 's/^#(PermitRootLogin).*/\1 yes/g' /etc/ssh/sshd_config
sed -ri 's/^(Subsystem).*/\1 sftp \/usr\/libexec\/openssh\/sftp-server/g' /etc/ssh/sshd_config
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
echo 'OPTIONS="-f /etc/ssh/sshd_config"' >> /etc/sysconfig/sshd
sed -ri 's/^(ExecStart=).*/\1\/usr\/local\/sbin\/sshd -D $OPTIONS/g' /usr/lib/systemd/system/sshd.service
sed -ri 's/^(Type=).*/\1simple/g' /usr/lib/systemd/system/sshd.service
6.重启服务
systemctl daemon-reload
systemctl restart sshd
\cp /usr/bin/ssh{,.bak}
\cp /usr/local/bin/ssh /usr/bin/ssh
7.意外
感觉每次试验都会有点意外,这次意外是升级完用SecureCRT无法登陆.
报错信息如下:
Key exchange failed. No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
No compatible hostkey. The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
解决方法也很简单.换Xshell7就可以了.原因是新的加密算法老版本的SecureCRT不支持