OpenSSL, openssh version upgrade
Note: Be sure to first install yum-y installed gcc* make perlpam pam-devel zlib-devel openssl-devel These packages
Note: Install the OpenSSH version to reach more than 6.8, or at least a moderate vulnerability
1. The installation process is as follows:
650) this.width=650; "title=" Qq20151022123515.png "style=" Float:none "src=" http://s3.51cto.com/wyfs02/M00/74/C1/ Wkiom1yoz5fdpj4aaabpgpjk3-e745.jpg "alt=" Wkiom1yoz5fdpj4aaabpgpjk3-e745.jpg "/>
650) this.width=650; "title=" 1.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/74/BE/ Wkiol1yoz8ow4pkpaaidcnh4zik077.jpg "alt=" Wkiol1yoz8ow4pkpaaidcnh4zik077.jpg "/>
2. Let's install zlib
with Rpm-qa|grep zlib, you can display a generic machine system installation, the Zlib package is installed by default 650) this.width=650; "width=" 305 "height=" "title=" 2.png "style=" width:310px;height:51px;float:left; "src=" Http://s3.51cto.com/wyfs02/M02/74/BE/wKioL1YoaJPy9o_uAABNdnaqSuc760.jpg "alt=" Wkiol1yoajpy9o_ Uaabndnaqsuc760.jpg "/>
We recompile and install the zlib so that the new zlib overwrites the original zlib
TAR-ZXVF zlib-1.2.3.tar.gz
./configure
Make
Make install
3. Installing OpenSSL
See the OpenSSL, OpenSSH version of the original system first
650) this.width=650; "title=" 3.png "style=" float:left; "src=" http://s3.51cto.com/wyfs02/M02/74/BE/ Wkiol1yoairgvp-8aabeye9hpx0421.jpg "alt=" Wkiol1yoairgvp-8aabeye9hpx0421.jpg "/>
The version you see is version 5.3 and 1.0.1e.
Let's do the installation.
Note: The original OpenSSL version of the RPM package should not be deleted, if deleted. LIB64 Library will error, especially when running Yum, at the same time it is installed OpenSSL, but also to do a libssl, libcrypto do a soft link, the two files together with the soft link into the lib64 library.
3.1 Installing OpenSSL
Cd/usr/local/src
Tar zxvf openssl-1.0.2d.tar.gz
CD Openssl-1.0.2d
./config shared Zlib
Make
Make Test
Make install
Mv/usr/bin/openssl/usr/bin/openssl. OFF
Mv/usr/include/openssl/usr/include/openssl. OFF
Ln-s/usr/local/ssl/bin/openssl/usr/bin/openssl
Ln-s/usr/local/ssl/include/openssl/usr/include/openssl
3.2 Configuring the library file search path
#echo "/usr/local/ssl/lib" >>/etc/ld.so.conf
#ldconfig-V
3.3 View the version number of OpenSSL to verify that it is installed correctly
OpenSSL version-a
OpenSSL 1.0.2d 9 Jul 2015
OpenSSL upgrade succeeded
4. Upgrade OpenSSH
The remote link will not stop after service sshd stop# is stopped, it is recommended to install Telnet and telnet to the remote server for upgrade.
4.1 First Rpm-qa|grep OpenSSH
View the OpenSSH of the original system installation
Rpm-qa|grep OpenSSH
Openssh-clients-5.3p1-104.el6.x86_64
Openssh-server-5.3p1-104.el6.x86_64
Openssh-5.3p1-104.el6.x86_64
Then RPM-E
RPM-E openssh-clients-5.3p1-104.el6.x86_64 openssh-server-5.3p1-104.el6.x86_64 openssh-5.3p1-104.el6.x86_64-- Nodeps
4.2 Installing the new version of OpenSSH
Tar zxvf openssh-6.9p1.tar.gz
CD OPENSSH-6.9P1
./configure--prefix=/usr/local/ssh--sysconfdir=/etc/ssh--with-pam--with-zlib--with-ssl-dir=/usr/local/ssl-- With-md5-passwords--mandir=/usr/share/man
Make
Make install
cp/usr/local/ssh/bin/*/usr/bin/
cp/usr/local/ssh/sbin/*/usr/sbin/
4.3 Check the OpenSSH version number to verify the installation results
Ssh-v
OPENSSH_6.9P1, OpenSSL 1.0.2d 9 Jul 2015
4.4 Copy startup script, join boot start
Cp/usr/local/src/openssh-6.9p1/contrib/redhat/sshd.init/etc/init.d/sshd
Chkconfig--add sshd
Chkconfigsshd on
4.5 Test it first.
/usr/sbin/sshd-d
[Email protected] ~]#/usr/sbin/sshd-d
Debug1:sshd version openssh_6.9, OpenSSL 1.0.2d 9 Jul 2015
Debug1:private host key #0: Ssh-rsa Sha256:7cppmqzrp3jnzpwl8/jaczoexnsgpomjv/qwp4jngyk
Debug1:private host key #1: Ssh-dss Sha256:ytmfo6c1lpnsvggz/cqzehmjhmzlemgkarm9y+pctwq
Debug1:private host key #2: ecdsa-sha2-nistp256 sha256:kss9x368flxvhouyju3d2ubixhnglgpl0z3s2puj/w8
Debug1:private host key #3: ssh-ed25519 sha256:c62mz/b9wturydl3ur08a94jpubvcf6nrsnkedzusa0
4.6 start service
Service sshd Start
Note: Start the sshd with start or reload. Do not Restart,restart will be disconnected directly, and will not continue to start the sshd service, this time to enter the machine by other means, and then start the sshd service.
4.7 See if there are any in the listener ports
#netstat-TNLP | grep:22 [[email protected] ~]# netstat-tunlp|grep:22
TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 354/sshd
TCP 0 0::: $:::* LISTEN 354/sshd
4.8 Viewing the upgraded version
650) this.width=650; "title=" 4.png "src=" Http://s3.51cto.com/wyfs02/M00/74/C3/wKiom1YoeBWQCKNrAABDIVoIEu0919.jpg " alt= "Wkiom1yoebwqcknraabdivoieu0919.jpg"/>
4.9 try to log in via SSH from this computer
[[email protected] ~]# SSH [email protected]
The authenticity of host ' localhost ' (:: 1) ' can ' t be established.
ECDSA key fingerprint is sha256:kss9x368flxvhouyju3d2ubixhnglgpl0z3s2puj/w8.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' localhost ' (ECDSA) to the list of known hosts.
[email protected]' s password:
Permission denied, please try again.
[email protected]' s password:
Last Login:tue Oct-14:32:21 from 1.1.1.18
Login success. All activity would be monitored and reported
5.0 Upgrade Success!
This article is from the Server Software upgrade blog, so be sure to keep this source http://shamereedwine.blog.51cto.com/5476890/1705218
OpenSSL, OpenSSH upgrade