OpenSSH and OpenSSL vulnerability escalation method online Many, the simplest way is to directly update the system of SSH and OpenSSL,
Upgrading OpenSSH is also possible, but OpenSSL has a loophole, which is equivalent to useless. So two to upgrade, upgrade order must be
is to upgrade OpenSSL first and then upgrade OpenSSH. Must not be reversed, otherwise the need to recompile once openssh.
In addition, the risk of upgrading OpenSSL is too high, it is recommended to open at least two connection terminals, and the best guarantee of your network is good.
Otherwise, when the upgrade is broken, you will be very tragic run the computer room to play.
Before the upgrade must and research and development to confirm whether there are other programs to use the system OpenSSL, such as the Apache Mod_ssl module, if Apache is using the old version of OpenSSL, then you should upgrade OpenSSL before you should re-compile Apache , recompile with the new version of OpenSSL and replace the program. Otherwise, after you upgrade OpenSSL, Apache will not be able to use, then cry no place to cry.
Here are the steps to upgrade the system's OpenSSL and OpenSSH directly,
for reference only [please be sure to experiment on the test machine, production environment please operate carefully
#Openssl升级: #升级不可中断, open at least two more terminal windows before upgrading. #安装依赖包:yum instal pam-devel 1. View the version of OpenSSL before upgrade, kernel version, operating system version: # opensslversionopenssl 1.0.0-fips 29 mar 2010# uname -r2.6.32-358.el6.x86_64# cat /etc/ issuered hat enterprise linux server release 6.4 (Santiago) 2. upload unzip and install package UPDATE_OPENSS.TAR.GZ:# TAR -ZXVF UPDATE_OPENSS.TAR.GZ#CD update_openss#tar -zxvf openssl-1.0.1o.tar.gz#cd openssl-1.0.1o 3. software configuration, compilation, installation:# ./config --prefix=/usr --shared# make# make install 4. Check the version number of OpenSSL to verify the version of OpenSSL:# openssl versionopenssl 1.0.1o 12 jun 2015
OpenSSH Upgrade: 1. Enter the UPDATE_OPENSS directory: #cd update_openss 2. Unzip the installation package: #tar-ZXVF openssh-6.8p1.tar.gz#cd openssh-6.8p1 3. Configure, compile, install:./configure--prefix=/usr--sysconfdir=/etc/ssh--without-zlib-version-check--with-pam-- With-md5-passwords--with-kerberos5=/usrmakemake Install restart SSH Service: Service sshd restart 1. Verify the version of OpenSSH [[email protected] ~]# SSH-VOPENSSH_6.8P1, OpenSSL 1.0.1o June 2015
This article is from the "I am small white" blog, please be sure to keep this source http://878045653.blog.51cto.com/2693110/1681522
OpenSSH and OpenSSL upgrades