centos升级openssl、openssh-9.3

最新推荐文章于 2024-10-01 08:57:25 发布

_最爱吃兽奶

最新推荐文章于 2024-10-01 08:57:25 发布

阅读量187

点赞数

分类专栏：运维 openssh openssl 文章标签： centos linux 运维

本文链接：https://blog.csdn.net/weixin_44848382/article/details/134292530

版权

运维同时被 3 个专栏收录

27 篇文章 0 订阅

订阅专栏

openssh

2 篇文章 0 订阅

订阅专栏

openssl

2 篇文章 0 订阅

订阅专栏

由于漏洞，升级openssl-1.1.1u与openssh-9.3

centos7.8升级openssl、openssh
下载软件包
wget https://www.openssl.org/source/openssl-1.1.1u.tar.gz
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-9.3.tar.gz
升级openssl
tar zxf openssl-1.1.1u.tar.gz 
cd openssl-1.1.1u/
./config   --prefix=/usr/local/ssl-1.1.1u
make && make install
备份旧版openssl
mv /usr/bin/openssl   /usr/bin/openssl-1.0.2t
mv /usr/include/openssl/  /usr/include/openssl-1.0.2t
ln -s /usr/local/ssl-1.1.1u/lib/*  /usr/local/lib64/
echo "/usr/local/lib64" >> /etc/ld.so.conf
ldconfig -v
ln -s /usr/local/ssl-1.1.1u/bin/openssl   /usr/bin/openssl
查看版本
openssl version

##########################################################################

升级openssh 
tar zxf openssh-9.3p1.tar.gz
需要先安装pam
以下pam包为centos7版本
wget https://mirrors.aliyun.com/centos/7/os/x86_64/Packages/pam-devel-1.1.8-23.el7.x86_64.rpm?spm=a2c6h.25603864.0.0.50ae2137vy33NS
wget https://mirrors.aliyun.com/centos/7/os/x86_64/Packages/pam-1.1.8-23.el7.x86_64.rpm?spm=a2c6h.25603864.0.0.50ae2137vy33NS
rpm -ivh pam-devel-1.1.8-23.el7.x86_64.rpm
rpm -ivh pam-1.1.8-23.el7.x86_64.rpm
centos6可以直接编译安装pam
wget https://github.com/linux-pam/linux-pam/releases/download/v1.3.1/Linux-PAM-1.3.1.tar.xz
tar xf Linux-PAM-1.3.1.tar.xz
 cd Linux-PAM-1.3.1
./configure
make && make install
以下步骤通用
cd openssh-9.3p1/
备份配置文件
cp -r /etc/ssh  /etc/ssh.old
rm -f /etc/ssh/*
编译安装
./configure   --prefix=/usr/ --sysconfdir=/etc/ssh  --with-zlib --with-md5-passwords --with-pam --with-ssl-dir=/usr/local/ssl-1.1.1u
make && make install
恢复源配置文件
rm -f /etc/ssh/*
cp /etc/ssh.old/*  /etc/ssh/
查看版本
ssh -V
重启服务
systemctl restart  sshd