提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
前言
互联网环境centos7 无法使用yum 请访问下面链接
centos7 yum无法使用,无法升级系统安装插件-CSDN博客
提示:以下是本篇文章正文内容,下面案例可供参考
一、安装基础组件
yum install gcc gcc-c++ openssl-devel autoconf automake zlib zlib-devel pcre-devel pam-devel rpm-build pam-devel telnet -y
二、安装步骤
1.卸载系统老版本openssh,备份配置文件
rpm -e --nodeps $(rpm -qa | grep openssh)
cp -r /etc/ssh/ /tmp/ssh #这个是备份
rm /etc/ssh/* -rf
2.安装openssh-9.8p1 ,openssl必须是1.1.1以上版本
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -zxvf openssh-9.8p1.tar.gz
cd openssh-9.8p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-ssl-engine
make
make install
验证ssh
ssh -V
3.安装openssh相关插件
yum install openssh-server
出现 y / n 都选 y 等待安装完毕
三、解决升级后无法用ssh远程登录
1、修改配置文件
vim /etc/ssh/sshd_config
在配置文件中新增下面配置
PermitRootLogin yes #允许root帐号远程登录
PasswordAuthentication yes #开启密码认证方式
UsePAM yes #开启UsePAM登录
2、新增PAM控制文件
vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
3.重启ssh服务
service sshd restart
转载:CVE-2023-38408漏洞修复 - 升级openssl和openssh_cve-2022-43183 攻击代码-CSDN博客