当前位置:网站首页>Upgrade of openssh and modification of version number

Upgrade of openssh and modification of version number

2022-04-23 14:22:00 Small ash pier

upgrade OpenSSH

System version :

[root@centos7 ~]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

1、 upgrade OpenSSH front , It's best to turn on the on the system Telnet service , adopt Telnet Connect the system for upgrading . in case OpenSSH There is a problem with the upgrade and the system cannot be connected .

2、 Backup /etc/ssh

[root@centos7 ~]# cp -rp /etc/ssh /etc/ssh.bak

3、 Install the necessary software

[root@centos7 ~]# yum install gcc zlib zlib-devel openssl-devel

4、 View the current OpenSSH edition

[root@centos7 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@centos7 ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

5、 download OpenSSH The new version

https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

[root@centos7 ~]# curl -O https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz

6、 compile

[root@centos7 ~]# tar xvf openssh-8.6p1.tar.gz
[root@centos7 ~]# cd openssh-8.6p1/
[root@centos7 openssh-8.6p1]# ./configure
[root@centos7 openssh-8.6p1]# make && make install 

If there is no mistake , It means the upgrade is successful .

perform ssh -V You can see OpenSSH The client upgrade of was successful .

[root@centos7 openssh-8.6p1]# ./ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips  26 Jan 2017

7、 To configure

It just says OpenSSH The client is starting to use the new version , but openssh-server The server is still using the old version .

So we need to modify ssh Service documents of , Let it start using the new version .

If the previous ./configure If there is no designated location , New after compilation sshd The default service file is /usr/local/sbin/sshd

We need to change sshd Service documents of , Point to this new sshd file .

CentOS6 and CentOS7 The system modification method is different .

CentOS6

CentOS6 System :

#vim /etc/rc.d/init.d/sshd

SSHD=/usr/local/sbin/sshd

 Enable new sshd after , Because of the new version of OpenSSH Not allowed by default root The user login , If needed root Remote login , You also need to make settings . If you don't need to , You can restart the service directly .

 new OpenSSH The configuration file for is in /usr/local/etc/ Under this catalog , edit /usr/local/etc/sshd_config:

# vim /usr/local/etc/sshd_config

PermitRootLogin yes
 
 Restart the service 

#service sshd restart

CentOS7

 Disable the original SSH service , And remove the service file 

[root@centos7 ]# systemctl disable sshd

[root@centos7 ]# mv /usr/lib/systemd/system/sshd.service /ssh.service

[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd^C
        
[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.init /etc/init.d/sshd

[root@centos7 openssh-8.6p1]# cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

[root@centos7 openssh-8.6p1]# chmod +x /etc/init.d/sshd

[root@centos7 ~]# vim /etc/init.d/sshd

SSHD=/usr/local/sbin/sshd

# Enable new sshd after , Because of the new version of OpenSSH Not allowed by default root The user login , If needed root Remote login , You also need to make settings . If you don't need to , You can restart the service directly .
# new OpenSSH The configuration file for is in /usr/local/etc/ Under this catalog , edit /usr/local/etc/sshd_config:
[root@centos7 ~]# vim /usr/local/etc/sshd_config 
PermitRootLogin yes

8、 Restart the service

[root@centos7 ~]# sytemctl daemon-reload
[root@centos7 ~]# systemctl enable --now sshd

Be careful : If ssh -V Or the previous version number , please which ssh from openssh-8.6p1.tar.gz Found in this bag ssh And replace

# mv /usr/bin/ssh /tmp/
# source /etc/profile
# ssh -V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips  26 Jan 2017

modify Openssh Version number

1、 View version number

[root@centos7 ~]# sshd -V
unknown option -- V
OpenSSH_8.6p1, OpenSSL 1.0.2k-fips  26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]

2、 see sshd Location

[root@centos7 ~]# which sshd
/usr/local/sbin/sshd

3、 Backup sshd

[root@centos7 ~]# cp /usr/local/sbin/sshd /usr/local/sbin/sshd.bak

4、 see sshd String related to version number ( Optional )

[root@centos7 ~]# strings /usr/local/sbin/sshd | grep 8.6 
OpenSSH_8.6p1
OpenSSH_8.6
FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
.......

5、 modify sshd Version number

[root@centos7 ~]# sed -i 's/OpenSSH_8.6/OpenSSH_9.9/g' /usr/local/sbin/sshd

6、 View version number

[root@centos7 ~]# sshd -V
unknown option -- V
OpenSSH_9.9p1, OpenSSL 1.0.2k-fips  26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]

explain :sshd For the server ssh For the client , If ssh If you want to modify the version number in, you can use the same operation steps to modify it ; Version number 9.9 It can avoid scanning by the scanner, but it is sensitive to know that it has been artificially modified at a glance , It seems that you don't need the version number directly and it doesn't affect your use .

版权声明
本文为[Small ash pier]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231409158773.html