Ubuntu 20.04 OpenSSH 升级
|
854
|
0
|
等级保护

527 字
|
8 分钟

一、安装包下载

二、安装telnet

验证telnet服务是否存在并启用。telnet ip # 测试是否成功登陆;

如果登录不成功,安装telnet服务;

apt-get install openbsd-inetd telnetd telnet -y

/etc/init.d/openbsd-inetd restart # 启动服务;
netstat -anpt|grep 23 # 查看telnet服务的默认端口是否启动;
telnet ip # 测试是否成功登陆;

三、安装

卸载原openssh:

apt-get remove openssh-server openssh-client -y

此时想再通过类似xshell,putty之类的工具访问对应服务器就失效了,所以切勿关闭当前操作界面。

安装 libpam0g-dev和gcc:

apt-get update -y
apt-get install libpam0g-dev -y
apt install build-essential -y

四、安装zlib

cd /mnt/

tar zxvf zlib-1.2.13.tar.gz

 cd zlib-1.2.13/

 ./configure --shared

 make && make install

五、安装OpenSSL

cd /mnt/
tar zxvf openssl-3.0.7.tar.gz
cd openssl-3.0.7/
./config shared zlib

一定要加上shared 参数,要不在安装openssh的时候就无法找到

 make && make install

备份原来的openssl

mv /usr/bin/openssl /usr/bin/openssl.bak

mv /usr/include/openssl /usr/include/openssl.bak

mv: cannot stat ‘/usr/include/openssl’: No such file or directory
这个报错不管

创建软链接到系统位置

 ln -s /usr/local/bin/openssl /usr/bin/openssl

 ln -s /usr/local/include/openssl /usr/include/openssl

查看libssl.so位置

# find / -name "libssl.so"
/mnt/openssl-3.0.7/libssl.so
/usr/local/lib64/libssl.so

软链接openssl的lib库

mkdir -p /usr/local/openssl/lib64
ln -s /usr/local/lib64/libssl.so /usr/local/openssl/lib64/libssl.so

将openssl 的lib 库添加到系统

echo “/usr/local/openssl/lib64” > /etc/ld.so.conf.d/openssl.conf

使新添加的lib 被系统找到

 ldconfig -v

可能遇到的问题:

解决方法
通过 find / -name libcrypto.so.3 和 find / -name libssl.so.3 查找到对应so文件的位置,并建立软连接

ln -s /usr/local/lib64/libssl.so.3  /usr/lib/libssl.so.3

ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3

openssl升级成功显示

# openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)

六、安装openssh

# cd /mnt/

# tar zxvf openssh-9.0p1.tar.gz

# cd openssh-9.0p1/

# whereis openssl

# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/include/openssl --with-privsep-path=/var/lib/sshd

需要指定openssl的安装路径

# make && make install

# ssh -V
OpenSSH_9.0p1, OpenSSL 3.0.7 1 Nov 2022

# cd /etc/ssh

# mv sshd_config sshd_config.default

# cp ../ssh.old/sshd_config ./

# mv /etc/init.d/ssh.old /etc/init.d/ssh

# systemctl unmask ssh

# systemctl restart sshd

完整安装编译脚本

#!/bin/bash

echo "remove old openssh-server openssh-client"
sleep 2
apt-get remove openssh-server openssh-client -y
echo "remove old openssh-server openssh-client success"

echo "=============================================================="
sleep 1
echo "install build-essential packages"
apt-get install libpam0g-dev -y
apt install build-essential -y
sleep 1
echo "install build-essential packages success"
echo "=============================================================="

sleep 1
echo "begin install zlib"
tar zxvf zlib-1.2.13.tar.gz &&  rm zlib-1.2.13.tar.gz
cd zlib-1.2.13/
./configure --shared
make && make install
echo "zlib install success"
echo "=============================================================="
sleep 1


cd ../

echo "begin install openssl"
sleep 1
tar zxvf openssl-3.0.7.tar.gz && rm openssl-3.0.7.tar.gz
cd openssl-3.0.7/
./config shared zlib 
make && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
mkdir -p /usr/local/openssl/lib64
ln -s /usr/local/lib64/libssl.so /usr/local/openssl/lib64/libssl.so
echo "/usr/local/openssl/lib64" > /etc/ld.so.conf.d/openssl.conf
ldconfig -v
ln -s /usr/local/lib64/libssl.so.3  /usr/lib/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3
echo "install openssl success"

echo "=============================================================="
sleep 1

cd ../

echo "begin install openssh"
tar zxvf openssh-9.0p1.tar.gz && rm zxvf openssh-9.0p1.tar.gz
cd openssh-9.0p1/
whereis openssl
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/include/openssl --with-privsep-path=/var/lib/sshd
make && make install
systemctl unmask ssh
systemctl restart sshd
ssh  -V
echo "install openssh success"
opensshUbuntu基线加固网络安全
暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇 

                    

                    
			        推荐文章
		            

		            

							
Openssh漏洞(CVE-2002-20001)

							
							

							
ubuntu登录时多次输错密码锁定账户