ssh -V
lsb_release -a
注:另一个远程登录工具,ssh升级失败仍能登录服务器
yum install telnet telnet-server xinetd -y
vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
# socket_type : stream->tcp,datagrum=>udp
# wait : no 同时允许两个人登录,yes为只同时允许一个人,要等待
# disable : 不允许root登录
useradd teluser
passwd teluser
vi /etc/securetty
#增加
pts/0
pts/1
pts/2
Edit /etc/pam.d/login and /etc/pam.d/remote
注释以下语句
auth required pam_securetty.so
# 启动telnet
systemctl start telnet.socket
# 自启telnet
systemctl enable telnet.socket
# 启动xinetd
service xinetd start
# 自启xinetd
systemctl enable xinetd.service
# 其他相关
# 查看列表
systemctl list-unit-files
注: 如果未安装iptables则跳过
iptables -L -n --line-numbers
vi /etc/sysconfig/iptables
添加下述规则
-A INPUT -p tcp -m state --state NEW --dport 23 -j ACCEPT
service iptables restart
非独立守护进程,绑定在xinetd守护服务程序,默认明文传输
超级守护进程,可以代理那些不常用的非独立守护进程监听在相应的端口
yum -y install gcc pam pam-devel zlib zlib-devel
zlib是提供数据压缩用的函式库
PAM机制是一个非常成熟的安全认证机制,可以为Linux多种应用提供安全,可靠的认证服务
mv /etc/ssh /etc/ssh_bak
mv /etc/pam.d/sshd /etc/pam.d/sshd_bak
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak
# -e 删除包
# --nodeps 不删除依赖
# -qa 查询所有安装的包
rpm -e --nodeps `rpm -qa | grep openssh`
# 下载源码
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
# 解压
tar xzf openssh-7.5p1.tar.gz
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords
make
make install
cp contrib/redhat/sshd.init /etc/init.d/sshd
mv /etc/pam.d/sshd_bak /etc/pam.d/sshd
如果未备份则新建文件
vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
chkconfig --add sshd
vi /etc/ssh/sshd_config
# 允许root登录
PermitRootLogin yes
# 使用pam
UsePAM yes
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
service sshd restart
yum remove telnet telnet-server xinetd -y