OpenSSL, OpenSSH upgrade

OpenSSL, openssh version upgrade

Note: Be sure to first install yum-y installed gcc* make perlpam pam-devel zlib-devel openssl-devel These packages

Note: Install the OpenSSH version to reach more than 6.8, or at least a moderate vulnerability

1. The installation process is as follows:

650) this.width=650; "title=" Qq20151022123515.png "style=" Float:none "src=" http://s3.51cto.com/wyfs02/M00/74/C1/ Wkiom1yoz5fdpj4aaabpgpjk3-e745.jpg "alt=" Wkiom1yoz5fdpj4aaabpgpjk3-e745.jpg "/>

650) this.width=650; "title=" 1.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/74/BE/ Wkiol1yoz8ow4pkpaaidcnh4zik077.jpg "alt=" Wkiol1yoz8ow4pkpaaidcnh4zik077.jpg "/>

2. Let's install zlib

with Rpm-qa|grep zlib, you can display a generic machine system installation, the Zlib package is installed by default 650) this.width=650; "width=" 305 "height=" "title=" 2.png "style=" width:310px;height:51px;float:left; "src=" Http://s3.51cto.com/wyfs02/M02/74/BE/wKioL1YoaJPy9o_uAABNdnaqSuc760.jpg "alt=" Wkiol1yoajpy9o_ Uaabndnaqsuc760.jpg "/>

We recompile and install the zlib so that the new zlib overwrites the original zlib

TAR-ZXVF zlib-1.2.3.tar.gz
./configure
Make
Make install

3. Installing OpenSSL

See the OpenSSL, OpenSSH version of the original system first

650) this.width=650; "title=" 3.png "style=" float:left; "src=" http://s3.51cto.com/wyfs02/M02/74/BE/ Wkiol1yoairgvp-8aabeye9hpx0421.jpg "alt=" Wkiol1yoairgvp-8aabeye9hpx0421.jpg "/>

The version you see is version 5.3 and 1.0.1e.

Let's do the installation.

Note: The original OpenSSL version of the RPM package should not be deleted, if deleted. LIB64 Library will error, especially when running Yum, at the same time it is installed OpenSSL, but also to do a libssl, libcrypto do a soft link, the two files together with the soft link into the lib64 library.

3.1 Installing OpenSSL

Cd/usr/local/src
Tar zxvf openssl-1.0.2d.tar.gz
CD Openssl-1.0.2d
./config shared Zlib
Make
Make Test
Make install

Mv/usr/bin/openssl/usr/bin/openssl. OFF
Mv/usr/include/openssl/usr/include/openssl. OFF
Ln-s/usr/local/ssl/bin/openssl/usr/bin/openssl
Ln-s/usr/local/ssl/include/openssl/usr/include/openssl

3.2 Configuring the library file search path

#echo "/usr/local/ssl/lib" >>/etc/ld.so.conf
#ldconfig-V

3.3 View the version number of OpenSSL to verify that it is installed correctly

OpenSSL version-a
OpenSSL 1.0.2d 9 Jul 2015
OpenSSL upgrade succeeded

4. Upgrade OpenSSH

The remote link will not stop after service sshd stop# is stopped, it is recommended to install Telnet and telnet to the remote server for upgrade.

4.1 First Rpm-qa|grep OpenSSH

View the OpenSSH of the original system installation

Rpm-qa|grep OpenSSH
Openssh-clients-5.3p1-104.el6.x86_64
Openssh-server-5.3p1-104.el6.x86_64
Openssh-5.3p1-104.el6.x86_64

Then RPM-E

RPM-E openssh-clients-5.3p1-104.el6.x86_64 openssh-server-5.3p1-104.el6.x86_64 openssh-5.3p1-104.el6.x86_64-- Nodeps

4.2 Installing the new version of OpenSSH

Tar zxvf openssh-6.9p1.tar.gz
CD OPENSSH-6.9P1
./configure--prefix=/usr/local/ssh--sysconfdir=/etc/ssh--with-pam--with-zlib--with-ssl-dir=/usr/local/ssl-- With-md5-passwords--mandir=/usr/share/man

Make
Make install

cp/usr/local/ssh/bin/*/usr/bin/
cp/usr/local/ssh/sbin/*/usr/sbin/

4.3 Check the OpenSSH version number to verify the installation results

Ssh-v
OPENSSH_6.9P1, OpenSSL 1.0.2d 9 Jul 2015

4.4 Copy startup script, join boot start

Cp/usr/local/src/openssh-6.9p1/contrib/redhat/sshd.init/etc/init.d/sshd

Chkconfig--add sshd

Chkconfigsshd on

4.5 Test it first.

/usr/sbin/sshd-d

[Email protected] ~]#/usr/sbin/sshd-d
Debug1:sshd version openssh_6.9, OpenSSL 1.0.2d 9 Jul 2015
Debug1:private host key #0: Ssh-rsa Sha256:7cppmqzrp3jnzpwl8/jaczoexnsgpomjv/qwp4jngyk
Debug1:private host key #1: Ssh-dss Sha256:ytmfo6c1lpnsvggz/cqzehmjhmzlemgkarm9y+pctwq
Debug1:private host key #2: ecdsa-sha2-nistp256 sha256:kss9x368flxvhouyju3d2ubixhnglgpl0z3s2puj/w8
Debug1:private host key #3: ssh-ed25519 sha256:c62mz/b9wturydl3ur08a94jpubvcf6nrsnkedzusa0

4.6 start service

Service sshd Start

Note: Start the sshd with start or reload. Do not Restart,restart will be disconnected directly, and will not continue to start the sshd service, this time to enter the machine by other means, and then start the sshd service.

4.7 See if there are any in the listener ports

#netstat-TNLP | grep:22 [[email protected] ~]# netstat-tunlp|grep:22
TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 354/sshd
TCP 0 0::: $:::* LISTEN 354/sshd

4.8 Viewing the upgraded version

650) this.width=650; "title=" 4.png "src=" Http://s3.51cto.com/wyfs02/M00/74/C3/wKiom1YoeBWQCKNrAABDIVoIEu0919.jpg " alt= "Wkiom1yoebwqcknraabdivoieu0919.jpg"/>

4.9 try to log in via SSH from this computer

[[email protected] ~]# SSH [email protected]
The authenticity of host ' localhost ' (:: 1) ' can ' t be established.
ECDSA key fingerprint is sha256:kss9x368flxvhouyju3d2ubixhnglgpl0z3s2puj/w8.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' localhost ' (ECDSA) to the list of known hosts.
[email protected]' s password:
Permission denied, please try again.
[email protected]' s password:
Last Login:tue Oct-14:32:21 from 1.1.1.18
Login success. All activity would be monitored and reported

5.0 Upgrade Success!

This article is from the Server Software upgrade blog, so be sure to keep this source http://shamereedwine.blog.51cto.com/5476890/1705218

OpenSSL, OpenSSH upgrade