[Linux] openssl、openssh升级问题记录

环境:RHEL8, 装有openssh和openssl的rpm包,因为扫描有漏洞RHEL官方尚未出修复版本,所以到各自官方网站下载tar.gz升级

升级过程参考

[1]CentOS7下升级OpenSSL和OpenSSH https://cloud.tencent.com/developer/article/1632995

OpenSSH和OpenSSL升级之路(可升级openssh-8.6p1,应对CVE-2021-28041漏洞)https://blog.csdn.net/fkrszydsl/article/details/110647020

RedHat上安装openssl https://blog.csdn.net/woaiclh13/article/details/112562238
linux上安装openssl的步骤 https://www.cnblogs.com/cx-code/p/10419580.html

一些需要注意的地方、报错及解决

升级openssl

参考[1]中,添加库函数,更新库函数后,一些系统命令就没法用了

rpm: symbol lookup error: /lib64/librpmio.so.8: undefined symbol: EVP_md2, version OPENSSL_1_1_0

解决:新增行前加一行 /usr/lib64

参考 --> 修改/etc/ld.so.conf导致SSH无法连接 https://blog.csdn.net/chuitang9764/article/details/100818058

关于动态库配置(更多了解) --> 动态库路径配置- /etc/ld.so.conf文件 https://blog.csdn.net/inuyashaw/article/details/54346434

升级openssh

(1)把telnet打开,防止升级过程断连登不上环境

本来以为开着Console万无一失,等ssh断了想从Console登录,用root不让登,别的用户输了密码后也不让登

(2)编译前环境配置 ./configure --prefix=... 的两个报错

configure: error: Your OpenSSL headers do not match your
        library. Check config.log for details.
        If you are sure your installation is consistent, you can disable the check
        by running "./configure --without-openssl-header-check".
        Also see contrib/findssl.sh for help identifying header/library mismatches.

需要安装 openssl-devel,如果原环境没有装,建议先用openssl的tar.gz升级openssl

configure: error: PAM headers not found

需要安装 pam-devel

你可能感兴趣的:(Linux,linux,安全,运维)