CVE-2024-6387OpenSSH Server远程代码执行漏洞修复之openssh升级方法

测试环境centos7.6

一、安装编译依赖工具包
yum install -y vim gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers libedit-devel perl-IPC-Cmd wget tar lrzsz1
在/usr/local/下创建ssh目录

二、编译升级zlib

./configure--prefix=/usr/local/ssh/zlib
make -j 4
make install
echo '/usr/local/zlib/lib' >> /etc/ld.so.conf.d/zlib.conf
ldconfig

三、编译升级openssl

./config --prefix=/usr/local/ssh/openssl
make -j 4
make install
mv /usr/bin/openssl /usr/bin/openssl.bak
ln-s/usr/local/ssh/openssl/bin/openssl /usr/bin/openssl
ln-s/usr/local/ssh/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln-s/usr/local/ssh/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
echo '/usr/local/ssh/openssl/lib64' >> /etc/ld.so.conf.d/ssl.conf

四、卸载旧的sshd服务（切记不能关掉或重启远程工具）
yum remove openssh

五、编译升级openssh

./configure--prefix=/usr/local/ssh/openssh--sysconfdir=/etc/ssh--with-ssl-dir=/usr/local/ssh/openssl/--with-zlib=/usr/local/ssh/zlib
make -j 4
make install
cp contrib/redhat/sshd.init /etc/init.d/sshd
cp /usr/local/ssh/openssh/sbin/sshd /usr/sbin/
cp /usr/local/ssh/openssh/bin/ssh /usr/bin/
cp /usr/local/ssh/openssh/bin/ssh-keygen /usr/bin/
chkconfig --add sshd
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config