OpenSSH权限提升漏洞(CVE-2021-41617)修复 Centos 7升级Openssh 8.8

OpenSSH权限提升漏洞(CVE-2021-41617)修复

  • 1.准备工作
  • 2.安装必须的包
  • 3.下载OpenSsh 8.8p1
  • 4.OpenSsh 解压安装
  • 5.配置文件修改
  • 6.重启服务
  • 7.意外

Centos 7升级Openssh 8.8
在这里插入图片描述
在这里插入图片描述

1.准备工作

yum仓库怎么配置详见
https://blog.csdn.net/qq_29974229/article/details/103827369

2.安装必须的包

yum install -y gcc openssl-devel zlib-devel wget 

3.下载OpenSsh 8.8p1

mkdir /apps
cd /apps
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

4.OpenSsh 解压安装

tar xf openssh-8.8p1.tar.gz
cd /apps/openssh-8.8p1
./configure &&make -j 2 &&make install

5.配置文件修改

cp -r  /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
\cp /openssh-8.8p1/sshd_config /etc/ssh/sshd_config
sed -ri 's/^#(PermitRootLogin).*/\1 yes/g' /etc/ssh/sshd_config
sed -ri 's/^(Subsystem).*/\1 sftp \/usr\/libexec\/openssh\/sftp-server/g' /etc/ssh/sshd_config
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
echo 'OPTIONS="-f /etc/ssh/sshd_config"' >> /etc/sysconfig/sshd 
sed -ri 's/^(ExecStart=).*/\1\/usr\/local\/sbin\/sshd -D $OPTIONS/g' /usr/lib/systemd/system/sshd.service
sed -ri 's/^(Type=).*/\1simple/g'  /usr/lib/systemd/system/sshd.service

6.重启服务

systemctl daemon-reload
systemctl restart sshd
\cp /usr/bin/ssh{,.bak}
\cp /usr/local/bin/ssh /usr/bin/ssh

在这里插入图片描述

7.意外

感觉每次试验都会有点意外,这次意外是升级完用SecureCRT无法登陆.
报错信息如下:

 Key exchange failed. No compatible key exchange method. The server supports these methods: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
No compatible hostkey. The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 

解决方法也很简单.换Xshell7就可以了.原因是新的加密算法老版本的SecureCRT不支持

你可能感兴趣的:(Linux,centos,linux,运维)