OpenSSH 安全漏洞（CVE-2023-51385）修复、openss9.7p1

升级openssh-9.7p1

###安装openssl

[root@centos7]# cd /usr/local/src
[root@centos7]# wget https://www.openssl.org/source/old/3.0/openssl-3.0.12.tar.gz
[root@centos7]# tar xvf openssl-3.0.12.tar.gz
[root@centos7]# yum -y install perl-IPC-Cmd
[root@centos7 openssl-3.0.12]# ./config --prefix=/usr/local/openssl3
[root@centos7 bin]# cd /usr/local/openssl3/bin
[root@centos7 openssl3]# echo "/usr/local/openssl3/lib64" >/etc/ld.so.conf.d/openssl3.conf
[root@centos7 openssl3]# mv /etc/ld.so.conf.d/openssl-x86_64.conf /root
[root@centos7 openssl3]# ldconfig 
[root@centos7 openssl3]# mv /usr/bin/openssl /usr/bin/openssl1.bak
[root@centos7 bin]# ln -s /usr/local/openssl3/bin/openssl /usr/bin/openssl

### 安装openssh9.7p1

[root@centos7 openssh-9.7p1]# systemctl stop sshd
[root@centos7 src]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
[root@centos7 src]# tar xvf openssh-9.7p1.tar.gz 
[root@centos7 src]# cd openssh-9.7p1
[root@centos7 openssh-9.7p1]# ./configure --prefix=/usr/local/openssh7 --with-ssl-dir=/usr/local/openssl3
[root@centos7 openssh-9.7p1]# make 
[root@centos7 openssh-9.7p1]# make install
[root@centos7 openssh-9.7p1]# mv /etc/init.d/sshd /root
[root@centos7 openssh-9.7p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[root@centos7 openssh-9.7p1]# mv /usr/bin/ssh /usr/bin/ssh6
[root@centos7 openssh-9.7p1]# mv /usr/sbin/sshd /usr/sbin/sshd6
[root@centos7 openssh-9.7p1]# cd /usr/local/openssh7
[root@centos7 openssh7]# cp bin/ssh /usr/bin/
[root@centos7 openssh7]# cp sbin/sshd /usr/sbin/
[root@centos7 etc]# echo "PermitRootLogin yes" >>/usr/local/openssh7/etc/sshd_config
[root@centos7 openssh7]# systemctl start sshd
[root@centos7 openssh7]# systemctl enable sshd