当前位置:网站首页>Upgrade of openssh and modification of version number
Upgrade of openssh and modification of version number
2022-04-23 14:22:00 【Small ash pier】
upgrade OpenSSH
System version :
[root@centos7 ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
1、 upgrade OpenSSH front , It's best to turn on the on the system Telnet service , adopt Telnet Connect the system for upgrading . in case OpenSSH There is a problem with the upgrade and the system cannot be connected .
2、 Backup /etc/ssh
[root@centos7 ~]# cp -rp /etc/ssh /etc/ssh.bak
3、 Install the necessary software
[root@centos7 ~]# yum install gcc zlib zlib-devel openssl-devel
4、 View the current OpenSSH edition
[root@centos7 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@centos7 ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
5、 download OpenSSH The new version
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
[root@centos7 ~]# curl -O https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
6、 compile
[root@centos7 ~]# tar xvf openssh-8.6p1.tar.gz
[root@centos7 ~]# cd openssh-8.6p1/
[root@centos7 openssh-8.6p1]# ./configure
[root@centos7 openssh-8.6p1]# make && make install
If there is no mistake , It means the upgrade is successful .
perform ssh -V You can see OpenSSH The client upgrade of was successful .
[root@centos7 openssh-8.6p1]# ./ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips 26 Jan 2017
7、 To configure
It just says OpenSSH The client is starting to use the new version , but openssh-server The server is still using the old version .
So we need to modify ssh Service documents of , Let it start using the new version .
If the previous ./configure If there is no designated location , New after compilation sshd The default service file is /usr/local/sbin/sshd
We need to change sshd Service documents of , Point to this new sshd file .
CentOS6 and CentOS7 The system modification method is different .
CentOS6
CentOS6 System :
#vim /etc/rc.d/init.d/sshd
SSHD=/usr/local/sbin/sshd
Enable new sshd after , Because of the new version of OpenSSH Not allowed by default root The user login , If needed root Remote login , You also need to make settings . If you don't need to , You can restart the service directly .
new OpenSSH The configuration file for is in /usr/local/etc/ Under this catalog , edit /usr/local/etc/sshd_config:
# vim /usr/local/etc/sshd_config
PermitRootLogin yes
Restart the service
#service sshd restart
CentOS7
Disable the original SSH service , And remove the service file
[root@centos7 ]# systemctl disable sshd
[root@centos7 ]# mv /usr/lib/systemd/system/sshd.service /ssh.service
[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd^C
[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd
[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@centos7 openssh-8.6p1]# chmod +x /etc/init.d/sshd
[root@centos7 ~]# vim /etc/init.d/sshd
SSHD=/usr/local/sbin/sshd
# Enable new sshd after , Because of the new version of OpenSSH Not allowed by default root The user login , If needed root Remote login , You also need to make settings . If you don't need to , You can restart the service directly .
# new OpenSSH The configuration file for is in /usr/local/etc/ Under this catalog , edit /usr/local/etc/sshd_config:
[root@centos7 ~]# vim /usr/local/etc/sshd_config
PermitRootLogin yes
8、 Restart the service
[root@centos7 ~]# sytemctl daemon-reload
[root@centos7 ~]# systemctl enable --now sshd
Be careful : If ssh -V Or the previous version number , please which ssh from openssh-8.6p1.tar.gz Found in this bag ssh And replace
# mv /usr/bin/ssh /tmp/
# source /etc/profile
# ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips 26 Jan 2017
modify Openssh Version number
1、 View version number
[root@centos7 ~]# sshd -V
unknown option -- V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
2、 see sshd Location
[root@centos7 ~]# which sshd
/usr/local/sbin/sshd
3、 Backup sshd
[root@centos7 ~]# cp /usr/local/sbin/sshd /usr/local/sbin/sshd.bak
4、 see sshd String related to version number ( Optional )
[root@centos7 ~]# strings /usr/local/sbin/sshd | grep 8.6
OpenSSH_8.6p1
OpenSSH_8.6
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
.......
5、 modify sshd Version number
[root@centos7 ~]# sed -i 's/OpenSSH_8.6/OpenSSH_9.9/g' /usr/local/sbin/sshd
6、 View version number
[root@centos7 ~]# sshd -V
unknown option -- V
OpenSSH_9.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
explain :sshd For the server ssh For the client , If ssh If you want to modify the version number in, you can use the same operation steps to modify it ; Version number 9.9 It can avoid scanning by the scanner, but it is sensitive to know that it has been artificially modified at a glance , It seems that you don't need the version number directly and it doesn't affect your use .
版权声明
本文为[Small ash pier]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231409158773.html
边栏推荐
猜你喜欢
随机推荐
使用Executors类快速创建线程池
关于在vs中使用scanf不安全的问题
拨开云雾synchronized使用五种方式介绍
XX project structure notes
Tongxin UOS php7 2.3 upgrade to php7.0 two point two four
MySQL-InnoDB-事务
Returns the subscript after array sorting
关于UDP接收icmp端口不可达(port unreachable)
js 递归(1)
On the problem of cliff growth of loss function in the process of training
Nacos uses demo as configuration center (IV)
翻牌效果
单片机的函数信号发生器,输出4种波形,频率可调,原理图,仿真和C程序
流程控制之分支语句
void*是怎样的存在?
1分钟看懂执行流程,永久掌握for循环(附for循环案例)
Visio画拓扑图随记
Mysql的安装过程(已经安装成功的步骤说明)
线程间控制之CountDownLatch和CyclicBarrier使用介绍
统信UOS PHP7.2.3升级至PHP7.2.24