RHEL7.4--openssl1.1.1j--openssh8.4p1升级步骤
写在前面
=====
Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
1.本文档用于虚拟化环境(物理机的操作最好具备直连机器或者远程idrac的环境,以备不时之需)的OpenSSL和OpenSSH的加固
2.适合RHEL7.4光盘安装系统后,未升级过OpenSSL和OpenSSH的操作系统(其它具体情况具体分析)
=====
1.确认当前系统版本、内核版本、OpenSSH&OpenSSL 版本号并备份ssh配置文件:
uname -a
-----------
Linux kzgmfile-59 3.10.0-693.el7.x86_64 #1 SMP Thu Jul 6 19:56:57 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
cat /etc/redhat-release
--------------------------
Red Hat Enterprise Linux Server release 7.4 (Maipo)
ssh -V
--------
OpenSSH_7.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
上传文件openssl和openssh到系统root下
--------------------------------------------------------
cd ~
wget http://内网的http地址/openssl-1.1.1j.tar.gz
wget http://内网的http地址/openssh-8.4p1.tar.gz
安装openssl
--------------------------------------
cd /root
mkdir openssl_install_log
tar -xzf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j
mv /usr/bin/openssl /usr/bin/openssl_bak
nohup ./config shared --prefix=/usr/local/ssl >/root/openssl_install_log/config-right.log 2>/root/openssl_install_log/config-err.log&&nohup make >/root/openssl_install_log/make-right.log 2>/root/openssl_install_log/make-err.log&&nohup make install >/root/openssl_install_log/make_install_right.log 2>/root/openssl_install_log/make_install_err.log &
jobs
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
echo "/usr/local/ssl/lib/" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version
安装openssh
--------------------------------------
备份sshd文件
cp -r /etc/ssh/ /root/bakssh
rm -rf /etc/ssh/*
yum -y install pam-devel zlib-devel
cd /root
mkdir openssh_install_log
tar -xzvf openssh-8.4p1.tar.gz
chown -R root:root openssh-8.4p1
cd openssh-8.4p1
nohup ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam >/root/openssh_install_log/configure_right_log 2>/root/openssh_install_log/configure_err_log&&nohup make >/root/openssh_install_log/make_right_log 2>/root/openssh_install_log/make_err_log&&nohup make install >/root/openssh_install_log/make_install_right.log 2>/root/openssh_install_log/make_install_err.log &
mv /usr/lib/systemd/system/sshd.service /tmp
mv /usr/lib/systemd/system/sshd.socket /tmp
mv /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
mv /root/bakssh/sshd_config /etc/ssh/sshd_config
cp -a /root/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a /root/openssh-8.4p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
systemctl daemon-reload
systemctl enable sshd
systemctl restart sshd
grep -Ev "^$|^#" /etc/ssh/sshd_config |nl
ssh -V
-----------------------------------------------------
OpenSSH_8.4p1, OpenSSL 1.1.1j 16 Feb 2021
浙公网安备 33010602011771号