Upgrade OpenSSH version 5.0 to version 6.0 (For SUSE RedHat Linux)

Upgrade OpenSSH version 5.0 to version 6.0 (For SUSE RedHat Linux)

In the past few days, due to security vulnerability scanning, a large number of OpenSSH vulnerabilities are scanned, and security reinforcement is required, mainly because of the upgraded version. In the past, we did not care about patching, but this time we encountered some minor problems and sorted them into a book, I hope this will be helpful to you. The following are the specific implementation methods:

For SUSE RedHat Linux systems

OpenSSH version 5.0 upgrade 6.0 Operation Manual

I. Preparations before Upgrade

1. First download the required dependency package for SSH installation on the official website. Generally, three packages are enough.

Zlib-1.2.5.tar.gz

Openssl-1.0.1e.tar.gz

Openssh-6.6p1.tar.gz

 

2. Enable TELNET or connect to the VNC tool to prevent remote operations after the SSH upgrade fails.

Generally, TELNET is installed on a linux server by default.

Rpm-qa | grep telnet

If it has been installed, change the configuration to enable TELNET

Vi/etc/xinetd. d/telnet
Disable = no
Service xinetdrestart
Add/etc/securetty
Pts/0
Pts/1
Pts/2
Pts/3
Comment out the/etc/pam. d/login file:
# Auth [user_unknown = ignore success = okignore = ignore
# Auth_err = die default = bad] pam_securetty.so if there are comments, ignore them if none exist.
Now the telnet service is enabled and tested on another machine. If the TELNET service is not available, install the TELNET package and perform an SSH upgrade.

 

Ii. ssh program upgrade

1.
Backup the startup script and the master configuration directory of the ssh service

# Cp/etc/init. d/sshd/ssh5bak
# Cp/etc/ssh/ssh5bak
2.
Decompress and install zlib

# Tar-zxf zlib-1.2.5.tar.gz // first install the zlib library, otherwise the zlib. c error will be reported and cannot be performed

# Cd zlib-1.2.5

#./Configure -- shared

# Make & make install

3. decompress and install the openssl package:

# Tar-zxf openssl-1.0.1.tar.gz

# Cd openssl-1.0.1

#./Config share

# Make

# Make test

# Make install

# Mv/usr/bin/openssl. OFF

# Mv/usr/include/openssl. OFF

// This step may prompt that no file exists. Ignore this step.

# Ln-s/usr/local/ssl/bin/openssl/usr/bin/openssl

# Ln-s/usr/local/ssl/include/openssl/usr/include/openssl

// Remove openssl from the original system and link the newly compiled file.

4. Configure the library file search path

# Echo "/usr/local/ssl/lib">/etc/ld. so. conf

#/Sbin/ldconfig-v

# Openssl version-

Iii. Uninstall the original ssh service
# Rpm-qa | grep openssh // query the original openssh package installed in the system. Uninstall all the packages. Run the rpm-e command to uninstall the instance. If an error occurs, add the-nodeps parameter as follows:
# Rpm-eopenssh-askpass -- nodeps
4. Install and Upgrade SSH

# Tar -zxfopenssh-6.6p1.tar.gz

#. /Configure -- prefix =/usr/-- sysconfdir =/etc/ssh -- with-zlib -- with-ssl-dir =/usr/local/ssl -- with-md5-passwords -- mandir =/usr/ share/man

# Make

# Makeinstall

5. Start the service

Enter/usr/local/openssh

# Cp-pcontrib/redhat/sshd. init/etc/init. d/sshd (redhat)

# Cp-pcontrib/suse/rc. sshd/etc/init. d/sshd (suse)

// For other versions of the operating system, view the corresponding contrib directory and readme.

# Chmod + x/etc/init. d/sshd

# Chkconfig -- add sshd

# Cpsshd_config/etc/ssh/sshd_config (if overwrite is prompted, yes, press Enter)

# Cp sshd/usr/sbin/sshd

# Cp-p ssh/usr/bin/ssh

# Service sshd start ----

Start the SSH service

# Ssh-V ---- view the current version

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Analysis of encryption algorithms and OpenSSL for OpenSSH

Install and configure OpenSSH in Ubuntu Server 13.10

Install OpenSSH remotely on Ubuntu

Solve the latency problem during remote login through OpenSSH

Offline installation of OpenSSH in Ubuntu 12.10

OpenSSH upgrade steps and precautions

Solutions for failures of common OpenSSH users

General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication

Install OpenSSH and configure the sftp lock directory for RedHat

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: