---------------------------------
一、为什么要升级
二、系统环境
三、卸载系统自带openssh-server
四、源码安装openssh
五、配置
---------------------------------
一、为什么要升级
最近收到某项目的安全评估报告,让升级最新的openssh,如下:
二、系统环境
#cat/etc/redhat-release CentOSrelease6.4(Final) #uname-r 2.6.32-358.el6.x86_64
三、卸载系统自带openssh-server
1.保留系统自带的openssl无需卸载,直接源码安装最新的openssh。
#opensslversion-a OpenSSL1.0.0-fips29Mar2010 builton:ThuFeb2123:42:57UTC2013 platform:linux-x86_64 options:bn(64,64)md2(int)rc4(16x,int)des(idx,cisc,16,int)blowfish(idx) compiler:gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT-m64-DL_EN DIAN-DTERMIO-Wall-O2-g-pipe-Wall-Wp,-D_FORTIFY_SOURCE=2-fexceptions-fstack-protector--param=ssp-buffer-size=4-m64-mtune=generic-Wa,--noexecstack-DMD32_REG_T=int-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DWHIRLPOOL_ASMOPENSSLDIR:"/etc/pki/tls" engines:aesnidynamic
2.卸载系统自带的openssh-server
#servicesshdstop Stoppingsshd:[OK] #rpm-qa|grepopenss openssl-1.0.0-27.el6.x86_64 openssh-5.3p1-84.1.el6.x86_64 openssh-server-5.3p1-84.1.el6.x86_64 #rpm-eopenssh-server #rpm-eopenssh #mv/etc/ssh/etc/ssh.bak
四、源码安装openssh
1.安装必要的依赖包
#yuminstallgccmakeperlpampam-develzlibzlib-developenssl-devel
2.源码编译安装
#tarzxvfopenssh-7.2p2.tar.gz #cdopenssh-7.2p2 #./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords//不要更改--prefix目录 #make #makeinstall #ssh-V OpenSSH_7.2p2,OpenSSL1.0.0-fips29Mar2010
五、配置
#cpopenssh-7.2p2/contrib/redhat/sshd.init/etc/init.d/sshd//加入系统服务 #chkconfig--addsshd #servicesshdstart #netstat-tupln|grep22 tcp000.0.0.0:220.0.0.0:*LISTEN36385/sshd tcp00:::22:::*LISTEN36385/sshd #vi/etc/ssh/sshd_config//允许root远程登录 44PermitRootLoginyes//将prohibit-password替换为yes
ps:报错解决
configure:error:***OpenSSLheadersmissing-pleaseinstallfirstorcheckconfig.log***
