项目被扫出openssh有严重漏洞,因此要升级openssh到7.8以上版本
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
1,为了防止操作失败,线安装Telnet
yum -y install telnet*
systemctl enable telnet.socket
systemctl start telnet.socket
2,备份原来的SSH服务
mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
3,安装新版本OpenSSH
yum install -y openssl openssl-devel gcc gcc-c++ make zlib-devel
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.8p1.tar.gz
tar zxf openssh-7.8p1.tar.gz
cd openssh-7.8p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
4,卸载原有的openssh
yum remove openssh
5,修改配置文件
vim /usr/local/openssh/etc/sshd_config
PermitRootLogin yes
6,复制相应的系统目录
cp /root/openssh-7.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp /root/openssh-7.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
mkdir -p /etc/ssh
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
7,启动,并做开机自启
systemctl daemon-reload
systemctl start sshd
systemctl enable sshd
8,重新生成密钥
ssh-keygen -t rsa
9,验证版本
ssh -V
OpenSSH_7.8p1, OpenSSL 1.0.2k-fips 26 Jan 2017
10,验证ssh功能
[root@ node02 ~]# ssh root@10.0.0.12
The authenticity of host '10.0.0.12 (10.0.0.12)' can't be established.
ECDSA key fingerprint is SHA256:GtOAWcA5Vv/SoACtK5MaASWGADlfCIYlL74oVV8WSp0.
ECDSA key fingerprint is MD5:06:cb:50:fa:17:b7:5a:78:05:e5:d1:89:22:6e:5a:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.12' (ECDSA) to the list of known hosts.
root@10.0.0.12's password:
Last login: Thu Oct 27 13:50:55 2022 from 10.0.0.1
[root@ node01 ~]#
6987
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
