Openssh漏洞之centos6.10完美升级

Linux openssh8.0p1升级步骤

准备好gcc编译库、pam-devel工具库从镜像文件rhel-server-6.8-x86_64-dvd.iso中获取rpm安装包；
mpfr-2.4.1-6.el6.x86_64.rpm
libmpcdec-1.2.6-6.1.el6.x86_64.rpm
kernel-headers-2.6.32-642.el6.x86_64.rpm
glibc-headers-2.12-1.192.el6.x86_64.rpm
glibc-devel-2.12-1.192.el6.x86_64.rpm
cpp-4.4.7-17.el6.x86_64.rpm
gcc-4.4.7-17.el6.x86_64.rpm
pam-devel-1.1.1-22.el6.x86_64.rpm
yum install -y mpfr libmpcdec kernel-headers glibc-headers glibc-devel cpp gcc pam-devel

备份 /etc/ssh 目录
mv /etc/ssh /etc/ssh_bak

1、安装zlib
tar -xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib-1.2.11
make && make install

2、安装openssl

tar -xzvf openssl-1.1.0k.tar.gz

./config --prefix=/usr/local/openssl-1.1.0k

make && make install

echo "/usr/local/openssl-1.1.0k/lib" >> /etc/ld.so.conf
ldconfig

3、安装openssh

tar -xzvf openssh-8.0p1.tar.gz
cd openssh-8.0p1/
./configure --prefix=/usr/local/openssh-8.0p1 --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl-1.1.0k --with-zlib=/usr/local/zlib-1.2.11 --with-md5-passwords
make && make install

4、配置openssh重启脚本及变量

cd openssh-8.0p1/

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

vi /etc/init.d/sshd
SSHD=/usr/local/openssh-8.0p1/sbin/sshd //25 SSHD=/usr/sbin/sshd
/usr/local/openssh-8.0p1/bin/ssh-keygen -A //41 /usr/bin/ssh-keygen -A

chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd

vi /etc/ssh/sshd_config //增加下一行
PermitRootLogin yes

vi /etc/profile 设置PATH变量
export PATH=/usr/local/openssh-8.0p1/sbin:/usr/local/openssh-8.0p1/bin:$PATH
source /etc/profile

service sshd restart