zoukankan      html  css  js  c++  java

  • Centos7利用rpm升级OpenSSH到openssh-8.1p1版本

    一、漏洞情况

     OpenSSH_7.4版本曝出OpenSSH 输入验证错误漏洞(CVE-2019-16905),修复方法为升级OpenSSH。

    二、升级过程

    (1) 检查环境

    [root@localhost ~]$ cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@localhost ~]$ uname -r
3.10.0-957.el7.x86_64
[root@localhost ~]$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@localhost ~]$ yum list installed|grep openssh
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
openssh.x86_64                       7.4p1-16.el7                   @anaconda   
openssh-clients.x86_64               7.4p1-16.el7                   @anaconda   
openssh-server.x86_64                7.4p1-16.el7                   @anaconda

    (2) 下载rpm包

    [root@localhost ~]# wget https://cikeblog.com/s/openssh8.1.tar.gz
[root@localhost ~]# ll openssh8.1.tar.gz 
-rw-r--r-- 1 root root 4102232 Jul 13 10:18 openssh8.1.tar.gz
[root@localhost ~]# tar -xf openssh8.1.tar.gz 
[root@localhost ~]# ll *.rpm
-rw-r--r-- 1 root root  534112 Dec  2  2019 openssh-8.1p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  566080 Dec  2  2019 openssh-clients-8.1p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2664012 Dec  2  2019 openssh-debuginfo-8.1p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  406004 Dec  2  2019 openssh-server-8.1p1-1.el7.x86_64.rpm

    (3) 备份相关数据

    [root@localhost ~]# cp -ra /etc/ssh /etc/ssh_bak
[root@localhost ~]# cp -a /etc/pam.d/sshd /etc/pam.d/sshd_ba

    (4) 安装rpm包

    [root@localhost ~]# yum install -y ./openssh-*

    (5) 修改相关配置

    [root@localhost ~]# cd /etc/ssh
[root@localhost ssh]# chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
[root@localhost ssh]# vim sshd_config
#修改以下两项
PermitRootLogin yes
PasswordAuthentication yes
#还原pam文件
[root@localhost ssh]# cat /etc/pam.d/sshd_bak > /etc/pam.d/sshd
#重启sshd
[root@localhost ssh]# systemctl restart sshd

    (6) 至此升级完成,先别关闭终端,直接新开一个终端,连接到服务器测试
  • 相关阅读:
    挂载银行前置机Ukey到windows server2012虚拟机的操作记录
    LVS负载均衡下session共享的实现方式-持久化连接
    Centos6.9下RabbitMQ集群部署记录
    Linux下绑定网卡的操作记录
    Redis Cluster集群知识学习总结
    Redis Cluster日常操作命令梳理
    android Unable to inflate view tag without class attribute
    java / android int类型如何判空?
    Android 倒计时按钮,倒计时发送短信验证码…
    Android 自定义View
  • 原文地址:https://www.cnblogs.com/hovin/p/13914798.html
Copyright © 2011-2022 走看看