OpenSSH命令注入漏洞(CVE-2020-15778)

OpenSSH命令注入漏洞(CVE-2020-15778)

https://www.aliyundrive.com/s/ooK9w8BMRND
提取码: 20bz

cd rpm
rpm -Uvh *.rpm --nodeps --force

解压安装包

tar -xvf openssl-1.1.1l.tar.gz
tar -xvf openssh-8.8p1.tar.gz

cd ../openssl-1.1.1l
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v

cd ../openssh-8.8p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install

echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh

mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

mv /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub

mv /usr/bin/openssl /usr/bin/openssl_bak
cp /usr/local/ssl/bin/openssl /usr/bin/openssl

mv /usr/include/openssl /usr/include/openssl_bak
ln -s /usr/local/ssl/include/openssl /usr/include/openssl

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig

cd /root/upload/openssh-8.8p1/
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add  sshd
systemctl enable sshd

mv /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bak
mv /usr/lib/systemd/system/sshd.socket  /usr/lib/systemd/system/sshd.socket_bak

chkconfig sshd on
/etc/init.d/sshd restart

查看版本
ssh -V