Linux升级OpenSSH修复高危漏洞

1、查看当前版本信息

[root@mast ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

2、安装基础组件

[root@mast ~]# yum install gcc gcc-c++ openssl-devel autoconf automake zlib zlib-devel pcre-devel pam-devel rpm-build pam-devel telnet -y

3、卸载系统老版本openssh，备份配置文件

[root@mast ~]# rpm -e --nodeps $(rpm -qa | grep openssh)
[root@mast ~]# cp -r /etc/ssh/ /tmp/ssh
[root@mast ~]# cd /etc/ssh/
[root@mast ssh]# rm /etc/ssh/* -rf

4、下载openssh安装包编译安装

[root@mast ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
[root@mast ~]# tar xvf openssh-8.3p1.tar.gz
[root@mast ~]# cd openssh-8.3p1
[root@mast openssh-8.3p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl
[root@mast openssh-8.3p1]# make -j 4
[root@mast openssh-8.3p1]# make install

5、设置/etc/ssh/sshd_config文件参数

# 这三行改为 yes
PermitRootLogin yes #这项一定要改成yes，否则登陆不进去
PubkeyAuthentication yes
PasswordAuthentication yes

6、复制配置文件、设置开机启动

[root@mast openssh-8.3p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd #之前解压的包里面可以找到这个文件
[root@mast openssh-8.3p1]# chmod +x /etc/init.d/sshd
[root@mast openssh-8.3p1]# chkconfig sshd on
[root@mast openssh-8.3p1]# systemctl restart sshd

7、最后查看版本号

[root@mast ~]# ssh -V
OpenSSH_8.3p1, OpenSSL 1.0.2k-fips  26 Jan 2017