openssh8.3p1 RPM 升级
1.下载openssh8.3p1升级包
centos7 https://download.csdn.net/download/ChongDanYiQieHuiYi/12570967
centos6 https://download.csdn.net/download/ChongDanYiQieHuiYi/12507873
cp ssh.repo /etc/yum.repos.d/ssh.repo
mv x86_64 /tmp/
yum clean all
yum install -y openssh
[root@VM_0_11_centos RPMS]# sshd -v
unknown option -- v
OpenSSH_8.3p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file][-E log_file] [-f config_file] [-g login_grace_time][-h host_key_file] [-o option] [-p port] [-u len]
2.异常处理:
a.CRT7.0.0由于sshd升级弱算法将不采用
Key exchange failed.
No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
No compatible hostkey. The server supports these methods: ssh-ed25519
增加配置
cat >>/etc/ssh/sshd_config <<-EOF
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
EOF
systemctl restart sshd
3.安全扫描合规
4.2020-7-2 修复BUG
centos7.x-7.6登录异常及systemctl 管理失败
[root@192 ~]# tar -xf openssh8.3p1.tar
[root@192 ~]# ls
anaconda-ks.cfg openssh8.3p1.tar original-ks.cfg x86_64
[root@192 ~]# mv x86_64/ /tmp/
[root@192 ~]# mv /tmp/x86_64/ssh.repo /etc/yum.repos.d/
[root@192 ~]# yum install -y openssh
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
ssh | 2.9 kB 00:00:00
ssh/primary_db | 6.2 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64
---> Package openssh.x86_64 0:8.3p1-1.el7 will be an update
--> Running transaction check
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:8.3p1-1.el7 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:8.3p1-1.el7 will be an update
--> Finished Dependency ResolutionDependencies Resolved====================================================================================================================================Package Arch Version Repository Size
====================================================================================================================================
Updating:openssh x86_64 8.3p1-1.el7 ssh 562 k
Updating for dependencies:openssh-clients x86_64 8.3p1-1.el7 ssh 568 kopenssh-server x86_64 8.3p1-1.el7 ssh 411 kTransaction Summary
====================================================================================================================================
Upgrade 1 Package (+2 Dependent packages)Total download size: 1.5 M
Downloading packages:
------------------------------------------------------------------------------------------------------------------------------------
Total 177 MB/s | 1.5 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionUpdating : openssh-8.3p1-1.el7.x86_64 1/6 Updating : openssh-clients-8.3p1-1.el7.x86_64 2/6 Updating : openssh-server-8.3p1-1.el7.x86_64 3/6 Cleanup : openssh-server-7.4p1-21.el7.x86_64 4/6 Cleanup : openssh-clients-7.4p1-21.el7.x86_64 5/6 Cleanup : openssh-7.4p1-21.el7.x86_64 6/6 Verifying : openssh-clients-8.3p1-1.el7.x86_64 1/6 Verifying : openssh-8.3p1-1.el7.x86_64 2/6 Verifying : openssh-server-8.3p1-1.el7.x86_64 3/6 Verifying : openssh-clients-7.4p1-21.el7.x86_64 4/6 Verifying : openssh-7.4p1-21.el7.x86_64 5/6 Verifying : openssh-server-7.4p1-21.el7.x86_64 6/6 Updated:openssh.x86_64 0:8.3p1-1.el7 Dependency Updated:openssh-clients.x86_64 0:8.3p1-1.el7 openssh-server.x86_64 0:8.3p1-1.el7 Complete!
[root@192 ~]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemonLoaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)Active: active (running) since Thu 2020-07-02 04:31:58 PDT; 25s agoDocs: man:systemd-sysv-generator(8)Process: 31010 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)Process: 31016 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)Main PID: 1142 (code=exited, status=0/SUCCESS)CGroup: /system.slice/sshd.service└─31024 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startupsJul 02 04:31:58 192.168.1.15 systemd[1]: Stopped SYSV: OpenSSH server daemon.
Jul 02 04:31:58 192.168.1.15 systemd[1]: Starting SYSV: OpenSSH server daemon...
Jul 02 04:31:58 192.168.1.15 sshd[31016]: ssh-keygen: generating new host keys: DSA
Jul 02 04:31:58 192.168.1.15 sshd[31016]: Starting sshd:[ OK ]
Jul 02 04:31:58 192.168.1.15 systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) after start: No such file or directory
Jul 02 04:31:58 192.168.1.15 systemd[1]: Started SYSV: OpenSSH server daemon.
Jul 02 04:31:59 192.168.1.15 sshd[31024]: Server listening on 0.0.0.0 port 22.
Jul 02 04:31:59 192.168.1.15 sshd[31024]: Server listening on :: port 22.
Jul 02 04:32:03 192.168.1.15 sshd[31026]: Accepted password for root from 192.168.1.6 port 11657 ssh2
6.安装了之前版本的修复安装下面步骤修复一下就行
/usr/bin/cat >/etc/pam.d/sshd<<EOF
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
EOF
[ -f /etc/ssh/ssh_host_rsa_key ] && /usr/bin/chmod 600 /etc/ssh/ssh_host_rsa_key
[ -f /etc/ssh/ssh_host_ecdsa_key ] && /usr/bin/chmod 600 /etc/ssh/ssh_host_ecdsa_key
[ -f /etc/ssh/ssh_host_ed25519_key ] && /usr/bin/chmod 600 /etc/ssh/ssh_host_ed25519_key代码复制粘贴运行之后
1.vim /etc/ssh/sshd_config
PermitRootLogin yes
UsePAM yes 2.重启sshd
systemctl restart sshd
注意事项:
目前测试centos 7.2至7.7版本没有异常,有问题及时发给我修复bug
7.0及7.1如果想使用想先挂载7.2及ssh.repo 镜像源,然后升级openssh
1.会覆盖原来的配置文件/etc/ssh/sshd_config 注意保存
2.默认root可以登录
vim /etc/ssh/sshd_config
#注释了就需要从普通用户跳转登录了
#PermitRootLogin yes
openssh8.3p1 RPM 升级相关推荐
- CentOS7 打包RPM 升级OpenSSH8.3
目录 一.源码包 二.打包RPM 2.1.准备阶段 2.2.打包排错阶段 三.升级 漏扫设备发现OpenSSH有漏洞,需要升级到OpenSSH 8.1及以上版本,那么干脆就直接升级到发文时最新的版本, ...
- rpm | 升级软件包
rpm | 升级软件包 检查已安装包 rpm -qa | grep samba samba-common-3.6.9-164.el6.x86_64 samba-3.6.9-164.el6.x86_64 ...
- openeuler 22.03 制作openssh9.3p1 rpm升级包和升级实战
一.背景说明 openeuler 22.03 默认安装的openssh 版本为8.8p1,经绿盟扫描,存在高危漏洞,需要升级到最新. 官网只提供编译安装包,而openeuler 22.03 为rpm方 ...
- linux openssh升级8.1,Centos7利用rpm升级OpenSSH到openssh-8.1p1版本
由于近期安全事故频发,打算把机器OpenSSH升级到最新版本,找了一圈,发现分享的rpm包就到7.4版本,最新版已经到8.1.p1,所以博客自编译一个openssh-8.1p1的rpm包进行分享. 检 ...
- CentOS7升级openssh8.0及升级后无法root登陆处理
openssh7.4自带一些已存在的漏洞.所以公司决定升级openssh到8.0 一.升级openssl(开版本需要有时候可以不升级) 1.安装依赖:(这里可以先挂载安装镜像到YUM进行安装也可以) ...
- 软件包管理器 RPM 升级软件包过程分析
升级软件包 alsaplayer-0.99.76-2.2.fc4.i386.rpm,并显示详细的升级信息: rpm -Uvv alsaplayer-0.99.76-2.2.fc4.i386.rpm 把 ...
- linux用rpm升级rpm包,使用RPM升级软件
rpm -U 做了什么 如果RPM的命令中有一条命令好用到没朋友,那么这条命令就是RPM的软件升级命令了.毕竟,只有那些尝试过手动在linux中升级一个软件的版本的人才知道蛋蛋有多疼.有了RPM,软件 ...
- openssh rpm包_100台CentOS7要升级OpenSSH怎么办?
背景 现在有 100 台 Centos7 需要升级 OpenSSH 到 8.3,怎么办呢?一台台的操作显然不符合我摸鱼的风格,既然每台操作都一样,Ansible Roles 就有用武之地了. 正常升级 ...
- Centos 6.5、7升级安装openssh8.2p1
因centos7自带的ssh版本较低,存在高危漏洞,故升级到最新版本(目前是8.2p1) 注意: 升级ssh存在一定的危险性,一旦不成功可能无法通过远程连接到系统,因此在升级之前最好先安装vnc或者t ...
最新文章
- JAVA导出exls时报oom_如何实现导出百万条数据到EXCEL中不报OOM异常?
- C语言标准库函数getenv的实现
- C++写的一个简单的词法分析器(分析C语言)
- Fiddler抓取手机APP数据包
- 八数码(康拓展开标记)及类似题
- Hyper-V之02 虚拟机复制与故障转移
- JAXWS和JAXRS(REST)开发WebService区别
- WPF 反编译后错误处理
- CSS中id选择器和class选择器
- 间歇输入数据的数据处理设计模式
- 阶乘末尾连续零的个数
- anaconda-ks.cfg详解
- 服务器lsass系统错误,Win7电脑无法正常登陆提示lsass.exe系统错误如何解决
- CentOs网络管理:ifconfig家族,iproute家族及配置文件
- Java和大数据到底是什么关系?
- python中的_和__
- android视频编辑spk下载,Tipard Video Enhancer(视频增强编辑器)
- sketchup 计算机配置,【答疑】草图大师电脑配置要求?草图大师2016电脑配置要求? - 视频教程线上学...
- Hybrid——混杂接口
- 关于内存分配代码段数据段的几个概念理解
热门文章
- Leetcode PHP题解--D38 463. Island Perimeter
- 伯俊软件获得阿里云原生核心授牌伙伴认证,共建新生态
- VS2017下解决:error LNK2019: 无法解析的外部符号 __iob_func
- Android使用xml自定义软键盘效果(附源码)
- gamemaker学习笔记:导入龙骨动画
- unity 平移图片_Unity3D研究院之脚本实现模型的平移与旋转(六)
- 这些专业是考研大户!
- 深大数据库系统实验4——Using mysql and php to implement the Car Share Reservation Database system
- 软件项目管理复习(一-七章)
- 利用Python绘制一朵太阳花