centos6.5 Installing the Openssh7.2p2 method

Recently there are some Linux operating systems installed older SSH, there is a version of the vulnerability, a little research, install the latest version of OpenSSH, can be smooth upgrade.

SSH log on to the server you want to install, view the current version
[Email protected] ~]# ssh-v
OPENSSH_5.3P1, OpenSSL 1.0.1e-fips 2013
Create the/tools directory in/directory, upload the installation files through the FTP tool to this directory (files can be downloaded to the official website)
Mkdir/tools
[Email protected] tools]# LS-LTRH
Total 9.2M
-rw-r--r--. 1 root root 1.5M June 09:14 openssh-7.2p2.tar.gz
-rw-r--r--. 1 root root 5.1M June 09:14 openssl-1.0.2h.tar.gz
-rw-r--r--. 1 root root 2.7M June 09:14 zlib-1.2.8.tar.gz
-----------------------------------------Configuring Yum---------------------------------------------------------

Insert the System installation CD and configure the Yum source. (You can also upload ISO to server, then Mount–o loop <iso file path >/mnt)
[Email protected] ~]# mount/dev/cdrom1/mnt/
Mount:block Device/dev/sr0 is write-protected, mounting read-only
[Email protected] ~]# cd/etc/yum.repos.d/
[[email protected] yum.repos.d]# ls
Centos-base.repo Centos-debuginfo.repo Centos-media.repo Centos-vault.repo
[Email protected] yum.repos.d]# RM-RF *
[email protected] yum.repos.d]# Touch Local.repo
[Email protected] yum.repos.d]# VI Local.repo
[email protected] yum.repos.d]# cat Local.repo
[Local]
Name=centos
Gpgcheck=0
Enable=1
Baseurl=file:///mnt
[email protected] yum.repos.d]# Yum Makecache
Loaded Plugins:fastestmirror, Refresh-packagekit, security
Local | 4.0 KB 00:00 ...
Local/group_gz | KB 00:00 ...
local/filelists_db | 5.8 MB 00:00 ...
local/primary_db | 4.4 MB 00:00 ...
local/other_db | 2.7 MB 00:00 ...
Metadata Cache Created
-------------------Install the Telnet server before upgrading to prevent SSH reboots from logging in------------------
Installing the Telnet service with Yum
Yum Install Telnet-server

Go to/etc/xinetd.d, modify the Telnet file Disable=no (the original value is YES)
[[email protected] xinetd.d]# cat Telnet
# Default:on
# description:the Telnet Server serves Telnet sessions; It uses \
# unencrypted Username/password pairs for authentication.
Service Telnet
{
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/sbin/in.telnetd
Log_on_failure + = USERID
Disable = no
}
Configuration allows the root user to log on remotely and then restart the service
[Email protected] xinetd.d]# echo ' pts/0 ' >>/etc/securetty
[Email protected] xinetd.d]# echo ' PTS/1 ' >>/etc/securetty
[Email protected] xinetd.d]# service xinetd restart
stopping xinetd: [FAILED]
Starting xinetd: [OK]
-----------------------log on to the system using Telnet---------------------------------------------------------------------

Use the Telnet login system with the root account to perform the Modify OpenSSH operation

-----------------------Remove OpenSSH-----------------------------------------------------------------using Yum

Yum Remove OpenSSH

------------------------Installing the zlib-----------------------------------------------------------------------------------
Cd/tools

TAR-XVF zlib-1.2.8.tar.gz

CD zlib-1.2.8

./configure--prefix=/usr/local/zlib && make && make install
-------------------------Installing OpenSSL----------------------------------------------------------------------------
TAR-XVF openssl-1.0.2h.tar.gz

CD OPENSSL-1.0.2H

./config--prefix=/usr/local/openssl

Make depend

Make

Make install

-----------------------Installing the OpenSSH-----------------------------------------------------------------------------
TAR-XVF openssh-7.2p2.tar.gz

CD OPENSSH-7.2P2

./configure--prefix=/usr/local/openssh--sysconfdir=/etc/ssh--with-ssl-dir=/usr/local/openssl--with-zlib=/usr/ Local/zlib--with-md5-passwords--without-hardening && make && make install

-------------------------Copy the sshd service file-----------------------------------------------------------------
CP Contrib/redhat/sshd.init/etc/init.d/sshd
chmod +x/etc/init.d/sshd

--------------------------Modifying the sshd service file----------------------------------------------------------------

Modifying an sshd file

Vi/etc/init.d/sshd

Modify the following content
Sshd=/usr/sbin/sshd to Sshd=/usr/local/openssh/sbin/sshd
/usr/bin/ssh-keygen-a to/usr/local/openssh/bin/ssh-keygen-a
Save exit
Join the system service
[Email protected] openssh-7.2p2]# chkconfig--add sshd
To see if the system startup service is adding changes
[Email protected] openssh-7.2p2]# chkconfig--list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Restart the sshd service.
Service sshd Start
---------------------------Modifying/etc/ Profile------------------------------------------------------------------------
Edit the/etc/profile file and add the following line at the end
Export path= $PATH:/usr/local/openssh/bin
Then exit log out, log back in, take effect, and then execute ssh-v to view the OpenSSH version of the installation
[Email protected] ~]# ssh-v
OPENSSH_7.2P2, OpenSSL 1.0.2h 3 May 2016
By default, root users are not allowed to log on remotely after upgrading to a new version
Remove the Telnet service after the upgrade is complete

This article is from the "It~ Migrant Workers" blog, please be sure to keep this source http://429268437.blog.51cto.com/4870929/1793781

centos6.5 Installing the Openssh7.2p2 method