openssh openssl zlib 升级至最新版解决安全问题

解决openssh openssl zlib 安全问题

openssh在github上下载
https://github.com/openssh/openssh-portable/releases
openssl官网下载
https://www.openssl.org/source/
zlib下载
http://www.zlib.net/zlib-1.2.11.tar.gz
分享的源码包
链接：https://pan.baidu.com/s/1mtfoWtz0hZda6R2WFGf4hg
提取码：i1do
先升级zib，再升openssh openssl

zlib升级1.2.11

tar xf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr
make && make install

openssl升级1.1.1版本

yum -y install xinetd telnet-server
for i in {0..2};do echo "pts/$i" >> /etc/securetty;done
systemctl restart telnet.socket
systemctl restart xinetd
systemctl enable telnet.socket
systemctl enable xinetd
ss -lntp|grep 23
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
echo "/usr/local/lib64" >> /etc/ld.so.conf
tar xf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
./config --prefix=/usr shared zlib && make && make install
ldconfig -v
openssl version
OpenSSL 1.1.1g  21 Apr 2020

openssh升级8.4

tar xf openssh-8.4p1.tar.gz
rm -rf /etc/ssh/* /usr/lib/systemd/system/sshd.service
cd openssh-8.4p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl --with-zlib --with-md5-passwords --with-pam && make && make install
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
cp -a contrib/redhat/sshd.init /etc/init.d/sshd && chmod +x /etc/init.d/sshd && cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam && chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
ssh -V

如果升级成功后发现后台不能保留守护进程，程序开启后退出ssh远程登录后不能保持存活状态，重启sshd服务即可