In the past few days, due to security vulnerability scanning, a large number of OpenSSH vulnerabilities are scanned, and security reinforcement is required, mainly because of the upgraded version. In the past, we did not care about patching, but this time we encountered some minor problems and sorted them into a book, I hope it will be helpful to you. The following are the specific implementation methods: For the SUSERedHatLinux OpenSSH5.0 version upgrade 6.0 operation manual I. preparations before Upgrade 1. first download SSH install the required dependency package on the official website, generally three packages on the zlib-1.2.5.ta
In the past few days, due to security vulnerability scanning, a large number of OpenSSH vulnerabilities are scanned, and security reinforcement is required, mainly because of the upgraded version. In the past, we did not care about patching, but this time we encountered some minor problems and sorted them into a book, I hope this will be helpful to you. The following are the specific implementation methods:
For SUSE RedHat Linux systems
OpenSSH version 5.0 upgrade 6.0 Operation Manual
I. Preparations before Upgrade
1. First download the required dependency package for SSH installation on the official website. Generally, three packages are enough.
Zlib-1.2.5.tar.gz
Openssl-1.0.1e.tar.gz
Openssh-6.6p1.tar.gz
2. Enable TELNET or connect to the VNC tool to prevent remote operations after the SSH upgrade fails.
Generally, TELNET is installed on a linux server by default.
Rpm-qa | grep telnet
If it has been installed, change the configuration to enable TELNET
Vi/etc/xinetd. d/telnet
Disable = no
Service xinetdrestart
Add/etc/securetty
Pts/0
Pts/1
Pts/2
Pts/3
Comment out the/etc/pam. d/login file:
# Auth [user_unknown = ignore success = okignore = ignore
# Auth_err = die default = bad] pam_securetty.so if there are comments, ignore them if none exist.
Now the telnet service is enabled and tested on another machine. If the TELNET service is not available, install the TELNET package and perform an SSH upgrade.
Ii. ssh program upgrade
1.
Backup the startup script and the master configuration directory of the ssh service
# Cp/etc/init. d/sshd/ssh5bak
# Cp/etc/ssh/ssh5bak
2.
Decompress and install zlib
# Tar-zxf zlib-1.2.5.tar.gz // first install the zlib library, otherwise the zlib. c error will be reported and cannot be performed
# Cd zlib-1.2.5
#./Configure -- shared
# Make & make install
3. decompress and install the openssl package:
# Tar-zxf openssl-1.0.1.tar.gz
# Cd openssl-1.0.1
#./Config share
# Make
# Make test
# Make install
# Mv/usr/bin/openssl. OFF
# Mv/usr/include/openssl. OFF
// This step may prompt that no file exists. Ignore this step.
# Ln-s/usr/local/ssl/bin/openssl/usr/bin/openssl
# Ln-s/usr/local/ssl/include/openssl/usr/include/openssl
// Remove openssl from the original system and link the newly compiled file.
4. Configure the library file search path
# Echo "/usr/local/ssl/lib">/etc/ld. so. conf
#/Sbin/ldconfig-v
# Openssl version-
Iii. Uninstall the original ssh service
# Rpm-qa | grep openssh // query the original openssh package installed in the system. Uninstall all the packages. Run the rpm-e command to uninstall the instance. If an error occurs, add the-nodeps parameter as follows:
# Rpm-eopenssh-askpass -- nodeps
4. Install and Upgrade SSH
# Tar -zxfopenssh-6.6p1.tar.gz
#. /Configure -- prefix =/usr/-- sysconfdir =/etc/ssh -- with-zlib -- with-ssl-dir =/usr/local/ssl -- with-md5-passwords -- mandir =/usr/ share/man
# Make
# Makeinstall
5. Start the service
Enter/usr/local/openssh
# Cp-pcontrib/redhat/sshd. init/etc/init. d/sshd (redhat)
# Cp-pcontrib/suse/rc. sshd/etc/init. d/sshd (suse)
// For other versions of the operating system, view the corresponding contrib directory and readme.
# Chmod + x/etc/init. d/sshd
# Chkconfig -- add sshd
# Cpsshd_config/etc/ssh/sshd_config (if overwrite is prompted, yes, press Enter)
# Cp sshd/usr/sbin/sshd
# Cp-p ssh/usr/bin/ssh
# Service sshd start ----
Start the SSH service
# Ssh-V ---- view the current version
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm
Encryption Algorithm Analysis and OpenSSL, OpenSSH use http://www.linuxidc.com/Linux/2014-08/105386.htm
Install and configure OpenSSH http://www.linuxidc.com/Linux/2014-02/96953.htm in Ubuntu Server 13.10
Ubuntu install remote login OpenSSH service http://www.linuxidc.com/Linux/2014-02/97218.htm
Solve http://www.linuxidc.com/Linux/2013-07/86879.htm with latency issues during OpenSSH Remote Login
Ubuntu 12.10 OpenSSH offline Installation Method http://www.linuxidc.com/Linux/2013-04/82814.htm
OpenSSH upgrade steps and precautions http://www.linuxidc.com/Linux/2013-04/82123.htm
OpenSSH common users cannot log on to several cases solution http://www.linuxidc.com/Linux/2012-05/59457.htm
General thread: OpenSSH key management, Part 1 RSA/DSA certified http://www.linuxidc.com/Linux/2011-08/39871.htm
RedHat install OpenSSH and configure sftp lock directory http://www.linuxidc.com/Linux/2012-12/75398.htm
OpenSSL details: Click here
OpenSSL: Click here
This article permanently updates the link address: Http://www.linuxidc.com/Linux/2014-12/110256.htm