长宁网站设计,广州专业的网站建设公司,专业的网站建设哪家好,wordpress注册修改近日,漏洞肆虐,需要升级新版本,才能解决漏洞。故有此文:
0 查看当前版本
[root@host-testsvc openssh-9.0p1]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 20171、在data下新建一个独立目录openssh目录,用来存放软件
[root@host-testsvc data]# mkdir openssh… 近日,漏洞肆虐,需要升级新版本,才能解决漏洞。故有此文:
0 查看当前版本
[root@host-testsvc openssh-9.0p1]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 20171、在data下新建一个独立目录openssh目录,用来存放软件
[root@host-testsvc data]# mkdir openssh2、安装依赖
[root@host-testsvc data]# yum install -y wget gcc pam-devel libselinux-devel zlib-devel openssl-devel如果有时候没有联网的话,可以本地安装依赖: 去国内阿里镜像里找到对应的rpm包下载上传到服务器即可:阿里镜像https://developer.aliyun.com/packageSearch
[root@host-testsvc openssh]# rpm -qa pam-1.1.8-23.el7.x86_64
[root@host-testsvc openssh]# rpm -qa pam-devel
[root@host-testsvc openssh]# ls
pam-1.1.8-23.el7.x86_64.rpm pam-devel-1.1.8-23.el7.x86_64.rpm
[root@host-testsvc openssh]# rpm -ivh pam-1.1.8-23.el7.x86_64.rpm
准备中... ################################# [100%]软件包 pam-1.1.8-23.el7.x86_64 已经安装
[root@host-testsvc openssh]# rpm -ivh pam-devel-1.1.8-23.el7.x86_64.rpm
准备中... ################################# [100%]
正在升级/安装...1:pam-devel-1.1.8-23.el7 ################################# [100%]
[root@host-testsvc openssh]# rpm -qa pam-devel
pam-devel-1.1.8-23.el7.x86_64
[root@host-testsvc openssh]# rpm -qa pam
pam-1.1.8-23.el7.x86_64最后再检查一下依赖:
rpm -qa wget gcc pam-devel libselinux-devel zlib-devel openssl-devel[root@host-testsvc openssh]# rpm -qa wget gcc pam-devel libselinux-devel zlib-devel openssl-devel
libselinux-devel-2.5-15.el7.x86_64
openssl-devel-1.0.2k-25.el7_9.x86_64
wget-1.14-18.el7_6.1.x86_64
pam-devel-1.1.8-23.el7.x86_64
zlib-devel-1.2.7-20.el7_9.x86_64
gcc-4.8.5-44.el7.x86_643、下载 openssh 9
去openssh官网下载:pub-OpenBSD-OpenSSH-portable安装包下载_开源镜像站-阿里云
[root@host-testsvc data]# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
[root@host-testsvc openssh]# ls
openssh-9.0p1.tar.gz4、解压
[root@host-testsvc openssh]# tar -zxvf openssh-9.0p1.tar.gz
openssh-9.0p1
openssh-9.0p1/.depend
openssh-9.0p1/.github
openssh-9.0p1/.github/ci-status.md
openssh-9.0p1/.github/configs
openssh-9.0p1/.github/configure.sh
openssh-9.0p1/.github/run_test.sh
openssh-9.0p1/.github/setup_ci.sh
openssh-9.0p1/.github/workflows
openssh-9.0p1/.github/workflows/c-cpp.yml
openssh-9.0p1/.github/workflows/selfhosted.yml
openssh-9.0p1/.github/workflows/upstream.yml
openssh-9.0p1/.gitignore
……中间省略一堆
openssh-9.0p1/ChangeLog
openssh-9.0p1/moduli.0
openssh-9.0p1/scp.0
openssh-9.0p1/ssh-add.0
openssh-9.0p1/ssh-agent.0
openssh-9.0p1/ssh-keygen.0
openssh-9.0p1/ssh-keyscan.0
openssh-9.0p1/ssh.0
openssh-9.0p1/sshd.0
openssh-9.0p1/sftp-server.0
openssh-9.0p1/sftp.0
openssh-9.0p1/ssh-keysign.0
openssh-9.0p1/ssh-pkcs11-helper.0
openssh-9.0p1/ssh-sk-helper.0
openssh-9.0p1/sshd_config.0
openssh-9.0p1/ssh_config.0
openssh-9.0p1/aclocal.m4
openssh-9.0p1/configure
openssh-9.0p1/config.h.in5、备份原来的配置文件:
[root@host-testsvc openssh]# cp /etc/ssh/sshd_config sshd_config.backup
[root@host-testsvc openssh]# cp /etc/pam.d/sshd sshd.backup
[root@host-testsvc openssh]# ls
openssh-9.0p1 openssh-9.0p1.tar.gz pam-1.1.8-23.el7.x86_64.rpm pam-devel-1.1.8-23.el7.x86_64.rpm sshd.backup sshd_config.backup6、卸载原来的openssh
[root@host-testsvc openssh]# rpm -e --nodeps `rpm -qa | grep openssh`
警告:/etc/ssh/sshd_config 已另存为 /etc/ssh/sshd_config.rpmsave
[root@host-testsvc openssh]# rpm -qa openssh
[root@host-testsvc openssh]# 7、编译配置 openssh-9.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardeningOpenSSH as been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc/ssh Askpass program: /usr/libexec/ssh-askpass Manual pages: /usr/share/man/manX PID file: /var/run Privilege separationchrootpath: /var/empty sshd default userPATH:/usr/bin:/bin:/usr/sbin:/sbin Manpage format: doc PAM support:yes OSF SIA support: no KerberosV support: no SELinux support: no libedit support: no libldns support: no Solaris process contract support: no Solaris project support: no Solaris privilege support: no IP addressin$DISPLAYhack: no Translate v4inv6 hack:yes BSD Auth support: no Random number sou
