OPEN SSH Upgrade Summary (for SUSE REDHAT Linux systems)

These days because of security vulnerability scanning, scanning to a large number of open SSH vulnerabilities, need security reinforcement, mainly upgrade version, before the upgrade to patching always do not care, but this middle encounter some small problems in a book, I hope that a little help, the following is the specific implementation method:

OPENSSH5.0 Version Upgrade 6.0 operating manual

A Pre-Upgrade preparation

1. First download the SSH installation of the required dependencies on the official web, generally three packages can be

Zlib-1.2.5.tar.gz

Openssl-1.0.1e.tar.gz

Openssh-6.6p1.tar.gz

2. Enable TELNET or VNC tool connection to avoid remote operation after SSH upgrade failed

The General Linux server is installed TELNET by default and can be viewed by command

Rpm-qa |grep Telnet

if installed, change configuration enabled Telnet

Vi/etc/xinetd.d/telnet
Disable = no
Service Xinetdrestart
/etc/securetty join
pts/0
PTS/1
PTS/2
pts/3
/etc/pam.d/login< Span style= "font-family: ' The song Body '; > file commented out:
#auth     [user_unknown=ignore success=okignore=ignore
#auth_err =die Default=bad]       pam_securetty.so
service enabled, testing on another machine , if none telnet service, please install telnet After the package is in the Ssh upgrade

Two SSH Program Upgrade

1.
backup startup scripts, and SSH Service master configuration directory

# Cp/etc/init.d/sshd/ssh5bak
# Cp/etc/ssh/ssh5bak
2.
Unzip the installation zlib

# tar -ZXF zlib-1.2.5.tar.gz//install zlib library First, otherwise it will be reported ZLIB.C error cannot be done

# CD zlib-1.2.5

#./configure--shared

# Make &&make Install

3. Unzip the installation of the OpenSSL package:

# TAR-ZXF Openssl-1.0.1.tar.gz

# CD openssl-1.0.1

#./config Share

# make

# Make Test

# make Install

# Mv/usr/bin/openssl/usr/bin/openssl. OFF

# Mv/usr/include/openssl/usr/include/openssl. OFF

// This step may prompt for no files, ignore them

# ln-s/usr/local/ssl/bin/openssl/usr/bin/openssl

# ln-s/usr/local/ssl/include/openssl/usr/include/openssl

// remove the OpenSSL from the original system and link the new files that you compiled.

4. Configure the library file search path

# echo "/usr/local/ssl/lib" >>/etc/ld.so.conf

#/sbin/ldconfig-v

# OpenSSL Version-a

three. Uninstall Legacy SSH Service
# RPM –qa|grep openssh// query System originally installed OPENSSH package, all uninstalled. Use the RPM –e command to uninstall, if an error occurs please add – the nodeps parameter is as follows
# Rpm-eopenssh-askpass--nodeps
Four. Install upgrade SSH

# tar-zxfopenssh-6.6p1.tar.gz

#./configure--prefix=/usr/--sysconfdir=/etc/ssh--with-zlib--with-ssl-dir=/usr/local/ssl--with-md5-passwords-- Mandir=/usr/share/man

# make

# Makeinstall

Five. start the service

Enter/USR/LOCAL/OPENSSH

# cp-pcontrib/redhat/sshd.init/etc/init.d/sshd (Redhat)

# CP –pcontrib/suse/rc.sshd/etc/init.d/sshd (SuSE)

// Other versions of the operating system specifically view the contrib directory and README.

# chmod+x/etc/init.d/sshd

# Chkconfig--add Sshd

# cpsshd_config/etc/ssh/sshd_config ( If prompted to overwrite, yes to enter)

# CP Sshd/usr/sbin/sshd

# CP –p ssh/usr/bin/ssh

#Service sshd start----

Start the SSH service

#ssh –V---- view current version

This article is from the "Small white" blog, please be sure to keep this source http://9402618.blog.51cto.com/9392618/1586606

OPEN SSH Upgrade Summary (for SUSE REDHAT Linux systems)