CENTOS6 Upgrade OpenSSH 7.6,openssl 1.0.1n

Source: Internet
Author: User
Tags install openssl openssl version

Background

Company to do security scan, sweep out OpenSSH, OpenSSL loopholes, need to do upgrade. Direct Yum Update has no effect, so we have to manually compile the upgrade.

Pre-upgrade

ssh -VOpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

After upgrade

ssh -VOpenSSH_7.6p1, OpenSSL 1.0.2n  7 Dec 2017
Preparatory work
    1. Preparing the OpenSSH, OpenSSL installation package

      Openssh-7.6p1.tar.gz
      Openssl-1.0.2n.tar.gz

    2. Install dependent packages

OpenSSL relies on

To install OpenSSL, you'll need:

  • Make
  • Perl 5
  • An ANSI C compiler
  • A development environment in form of development libraries and C
    Header files
  • A supported Unix operating system

OpenSSH dependency

You'll need working installations of Zlib and Libcrypto (LIBRESSL/OPENSSL)
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions has problems):
http://www.gzip.org/zlib/
Libcrypto (Libressl or OpenSSL >= 0.9.8f < 1.1.0)
Libressl http://www.libressl.org/; Or
OpenSSL http://www.openssl.org/

yum install gcc make perl pam-devel zlib-devel -y
    1. Turn on Telnet
      Prevent upgrade failure, unable to connect to server

      yum install xinetd telnet-server -ysed -i ‘/disable/ s/yes/no/‘ /etc/xinetd.d/telnet/etc/init.d/xinetd start
    2. Add a regular user
      The default does not support root direct login After upgrade, you need to log in with a normal user, and then su switch to root
      useradd xx -G  wheelpasswd xx
OpenSSL upgrade
tar zxvf openssl-1.0.2n.tar.gzcd openssl-1.0.2n./config --prefix=/usr/local/openssl shared zlib && make && make installmv /usr/bin/openssl /usr/bin/openssl.bak  mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl  ln -s /usr/local/openssl/include/openssl /usr/include/openssl  echo "/usr/local/openssl/lib" >>/etc/ld.so.conf  ldconfig -v
View version
 openssl version -aOpenSSL 1.0.2n  7 Dec 2017built on: reproducible build, date unspecifiedplatform: linux-x86_64options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASMOPENSSLDIR: "/usr/local/openssl/ssl"
OpenSSH upgrade
Tar zxvf openssh-7.6p1.tar.gzcd openssh-7.6p1./configure--prefix=/usr--sysconfdir=/etc/ssh--with-md5-passwords-- With-pam--with-ssl-dir=/usr/local/openssl/&& makerpm-e ' rpm-qa|grep openssh '--nodepsmake install &&                     Install-v-m755 contrib/ssh-copy-id/usr/bin &&install-v-m644 Contrib/ssh-copy-id.1 /usr/share/man/man1 &&install-v-m755-d/usr/share/doc/openssh-7.6p1 &&install-v-M  644 INSTALL LICENCE Overview readme*/usr/share/doc/openssh-7.6p1echo "Permitrootlogin No" >> /etc/ssh/sshd_configecho "Challengeresponseauthentication No" >>/ETC/SSH/SSHD_CONFIGCP contrib/redhat/ Sshd.pam/etc/pam.d/sed ' [email protected]/[email protected]/[email protected] '/etc/pam.d/login >/etc/pam.d/sshd && chmod 644/etc/pam.d/sshd && echo "Usepam yes" >>/ETC/SSH/SSHD_CONFIGCP con Trib/redhat/sshd.init/etc/init.d/sshdchmod +x/etc/iNit.d/sshd chkconfig--add sshdchkconfig sshd on/etc/init.d/sshd start 
View version
ssh -VOpenSSH_7.6p1, OpenSSL 1.0.2n  7 Dec 2017

CENTOS6 Upgrade OpenSSH 7.6,openssl 1.0.1n

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.