{"id":115,"date":"2018-01-16T10:42:57","date_gmt":"2018-01-16T02:42:57","guid":{"rendered":"http:\/\/safs.me\/wordpress\/?p=115"},"modified":"2018-01-16T10:43:37","modified_gmt":"2018-01-16T02:43:37","slug":"centos-6-6%e5%8d%87%e7%ba%a7openssh%e5%88%b0%e6%9c%80%e6%96%b0%e7%89%88%e6%9c%ac7-5-p1","status":"publish","type":"post","link":"http:\/\/safs.me\/wordpress\/?p=115","title":{"rendered":"CentOS 6.6\u5347\u7ea7OpenSSH\u5230\u6700\u65b0\u7248\u672c7.5.p1"},"content":{"rendered":"<p>\u672c\u6587\u4e3b\u8981\u7b80\u5355\u8bb0\u5f55<a title=\"CentOS\" href=\"http:\/\/www.linuxidc.com\/topicnews.aspx?tid=14\" target=\"_blank\" rel=\"noopener noreferrer\">CentOS<\/a>\u00a06.6\u4e0bOpenSSH\u5347\u7ea7\u6b65\u9aa4\uff0c\u53ca\u4e00\u952e\u5347\u7ea7\u811a\u672c\u3002\u5b89\u88c5\u7f16\u8bd1\u6240\u9700\u5de5\u5177\u5305<br \/>\nyum install gcc pam-devel zlib-devel<\/p>\n<p>openssh7.5p1:<a href=\"https:\/\/openbsd.hk\/pub\/OpenBSD\/OpenSSH\/portable\/openssh-7.5p1.tar.gz\">https:\/\/openbsd.hk\/pub\/OpenBSD\/OpenSSH\/portable\/openssh-7.5p1.tar.gz<\/a><\/p>\n<p>\u4e00\u3001\u5347\u7ea7\u539f\u56e0<br \/>\n7.4\u4ee5\u4e0bopenssh\u7248\u672c\u5b58\u5728\u4e25\u91cd\u6f0f\u6d1e\uff1a<br \/>\n1.OpenSSH \u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e(CVE-2016-10010)<br \/>\n2.OpenSSH J-PAKE\u6388\u6743\u95ee\u9898\u6f0f\u6d1e(CVE-2010-4478)<br \/>\n3.Openssh MaxAuthTries\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2015-5600)<br \/>\nOpenSSL&gt;=1.0.1\u53ef\u4ee5\u4e0d\u7528\u5347\u7ea7OpenSSL<\/p>\n<p>\u4e8c\u3001\u5b89\u88c5telnet\u670d\u52a1<br \/>\n1.\u5b89\u88c5\u8f6f\u4ef6<br \/>\n1 # yum -y install telnet-server* telnet<\/p>\n<p>2.\u542f\u7528telnet\u670d\u52a1<br \/>\n# vi \/etc\/xinetd.d\/telnet<br \/>\n\u5c06\u5176\u4e2ddisable\u5b57\u6bb5\u7684yes\u6539\u4e3ano\u4ee5\u542f\u7528telnet\u670d\u52a1<br \/>\n# mv \/etc\/securetty \/etc\/securetty.old\u00a0 \u00a0 #\u5141\u8bb8root\u7528\u6237\u901a\u8fc7telnet\u767b\u5f55<br \/>\n# service xinetd start\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u542f\u52a8telnet\u670d\u52a1<br \/>\n# chkconfig xinetd on\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u4f7ftelnet\u670d\u52a1\u5f00\u673a\u542f\u52a8\uff0c\u907f\u514d\u5347\u7ea7\u8fc7\u7a0b\u4e2d\u670d\u52a1\u5668\u610f\u5916\u91cd\u542f\u540e\u65e0\u6cd5\u8fdc\u7a0b\u767b\u5f55\u7cfb\u7edf<\/p>\n<p>3.\u6d4b\u8bd5telnet\u80fd\u5426\u6b63\u5e38\u767b\u5165\u7cfb\u7edf<br \/>\n\u4e09\u3001\u5347\u7ea7OpenSSH<br \/>\n1.\u5907\u4efd\u5f53\u524dopenssh<br \/>\nmv \/etc\/ssh \/etc\/ssh.old<br \/>\nmv \/etc\/init.d\/sshd \/etc\/init.d\/sshd.old<\/p>\n<p>2.\u5378\u8f7d\u5f53\u524dopenssh<br \/>\n# rpm -qa | grep openssh<br \/>\nopenssh-clients-5.3p1-104.el6.x86_64<br \/>\nopenssh-server-5.3p1-104.el6.x86_64<br \/>\nopenssh-5.3p1-104.el6.x86_64<br \/>\nopenssh-askpass-5.3p1-104.el6.x86_64<br \/>\n# rpm -e &#8211;nodeps openssh-5.3p1-104.el6.x86_64<br \/>\n# rpm -e &#8211;nodeps openssh-server-5.3p1-104.el6.x86_64<br \/>\n# rpm -e &#8211;nodeps openssh-clients-5.3p1-104.el6.x86_64<br \/>\n# rpm -e &#8211;nodeps openssh-askpass-5.3p1-104.el6.x86_64<br \/>\n# rpm -qa | grep openssh<br \/>\n\u6ce8\u610f\uff1a\u5378\u8f7d\u8fc7\u7a0b\u4e2d\u5982\u679c\u51fa\u73b0\u4ee5\u4e0b\u9519\u8bef<br \/>\n[root@node1 openssh-7.5p1]# rpm -e &#8211;nodeps openssh-server-5.3p1-104.el6.x86_64<br \/>\nerror reading information on service sshd: No such file or directory<br \/>\nerror: %preun(openssh-server-5.3p1-104.el6.x86_64) scriptlet failed, exit status 1<br \/>\n\u89e3\u51b3\u65b9\u6cd5\uff1a<br \/>\n# rpm -e &#8211;noscripts openssh-server-5.3p1-104.el6.x86_64<\/p>\n<p>3.openssh\u5b89\u88c5\u524d\u73af\u5883\u914d\u7f6e<br \/>\n# install -v -m700 -d \/var\/lib\/sshd<br \/>\n# chown -v root:sys \/var\/lib\/sshd<br \/>\n\u5f53\u524d\u7cfb\u7edfsshd\u7528\u6237\u5df2\u7ecf\u5b58\u5728\u7684\u8bdd\u4ee5\u4e0b\u4e0d\u7528\u64cd\u4f5c<br \/>\n# groupadd -g 50 sshd<br \/>\n# useradd -c &#8216;sshd PrivSep&#8217; -d \/var\/lib\/sshd -g sshd -s \/bin\/false -u 50 sshd<\/p>\n<p>4.\u89e3\u538bopenssh_7.5p1\u6e90\u7801\u5e76\u7f16\u8bd1\u5b89\u88c5<br \/>\n# tar -zxvf openssh-7.5p1.tar.gz<br \/>\n# cd openssh-7.5p1<br \/>\n# .\/configure &#8211;prefix=\/usr &#8211;sysconfdir=\/etc\/ssh &#8211;with-md5-passwords &#8211;with-pam &#8211;with-zlib &#8211;with-openssl-includes=\/usr &#8211;with-privsep-path=\/var\/lib\/sshd<br \/>\n# make<br \/>\n# make install<\/p>\n<p>5.openssh\u5b89\u88c5\u540e\u73af\u5883\u914d\u7f6e<br \/>\n# \u5728openssh\u7f16\u8bd1\u76ee\u5f55\u6267\u884c\u5982\u4e0b\u547d\u4ee4<br \/>\n# install -v -m755\u00a0 \u00a0 contrib\/ssh-copy-id \/usr\/bin<br \/>\n# install -v -m644\u00a0 \u00a0 contrib\/ssh-copy-id.1 \/usr\/share\/man\/man1<br \/>\n# install -v -m755 -d \/usr\/share\/doc\/openssh-7.5p1<br \/>\n# install -v -m644\u00a0 \u00a0 INSTALL LICENCE OVERVIEW README* \/usr\/share\/doc\/openssh-7.5p1<br \/>\n# ssh -V\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u9a8c\u8bc1\u662f\u5426\u5347\u7ea7\u6210\u529f<\/p>\n<p>6.\u542f\u7528OpenSSH\u670d\u52a1<br \/>\n# \u5728openssh\u7f16\u8bd1\u76ee\u5f55\u6267\u884c\u5982\u4e0b\u76ee\u5f55<br \/>\n# echo &#8216;X11Forwarding yes&#8217; &gt;&gt; \/etc\/ssh\/sshd_config<br \/>\n# echo &#8220;PermitRootLogin yes&#8221; &gt;&gt; \/etc\/ssh\/sshd_config\u00a0 #\u5141\u8bb8root\u7528\u6237\u901a\u8fc7ssh\u767b\u5f55<br \/>\n# cp -p contrib\/<a title=\"RedHat\" href=\"http:\/\/www.linuxidc.com\/topicnews.aspx?tid=10\" target=\"_blank\" rel=\"noopener noreferrer\">RedHat<\/a>\/sshd.init \/etc\/init.d\/sshd<br \/>\n# chmod +x \/etc\/init.d\/sshd<br \/>\n# chkconfig\u00a0 &#8211;add\u00a0 sshd<br \/>\n# chkconfig\u00a0 sshd\u00a0 on<br \/>\n# chkconfig\u00a0 &#8211;list\u00a0 sshd<br \/>\n# service sshd restart<\/p>\n<p>\u6ce8\u610f\uff1a\u5982\u679c\u5347\u7ea7\u64cd\u4f5c\u4e00\u76f4\u662f\u5728ssh\u8fdc\u7a0b\u4f1a\u8bdd\u4e2d\u8fdb\u884c\u7684\uff0c\u4e0a\u8ff0sshd\u670d\u52a1\u91cd\u542f\u547d\u4ee4\u53ef\u80fd\u5bfc\u81f4\u4f1a\u8bdd\u65ad\u5f00\u5e76\u65e0\u6cd5\u4f7f\u7528ssh\u518d\u884c\u767b\u5165\uff08\u5373ssh\u672a\u80fd\u6210\u529f\u91cd\u542f\uff09\uff0c\u6b64\u65f6\u9700\u8981\u901a\u8fc7telnet\u767b\u5165\u518d\u6267\u884csshd\u670d\u52a1\u91cd\u542f\u547d\u4ee4\u3002<\/p>\n<p>7.\u91cd\u542f\u7cfb\u7edf\u9a8c\u8bc1\u6ca1\u95ee\u9898\u540e\u5173\u95edtelnet\u670d\u52a1<br \/>\n# mv \/etc\/securetty.old \/etc\/securetty<br \/>\n# chkconfig\u00a0 xinetd off<br \/>\n# service xinetd stop<br \/>\n\u5982\u9700\u8fd8\u539f\u4e4b\u524d\u7684ssh\u914d\u7f6e\u4fe1\u606f\uff0c\u53ef\u76f4\u63a5\u5220\u9664\u5347\u7ea7\u540e\u7684\u914d\u7f6e\u4fe1\u606f\uff0c\u6062\u590d\u5907\u4efd\u3002<br \/>\n# rm -rf \/etc\/ssh<br \/>\n# mv \/etc\/ssh.old \/etc\/ssh<\/p>\n<p><strong>\u76f8\u5173\u6587\u6863\u53ef\u4ee5\u5230Linux\u516c\u793e\u8d44\u6e90\u7ad9\u4e0b\u8f7d\uff1a<\/strong><\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\u5206\u5272\u7ebf&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p><strong>\u514d\u8d39\u4e0b\u8f7d\u5730\u5740\u5728<\/strong>\u00a0<a title=\"\" href=\"http:\/\/linux.linuxidc.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/linux.linuxidc.com\/<\/a><\/p>\n<p><strong>\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u90fd\u662f<\/strong><a href=\"http:\/\/www.linuxidc.com\/\">www.linuxidc.com<\/a><\/p>\n<p><strong>\u5177\u4f53\u4e0b\u8f7d\u76ee\u5f55\u5728<\/strong>\u00a0\/2017\u5e74\u8d44\u6599\/5\u6708\/8\u65e5\/CentOS 6.6\u5347\u7ea7OpenSSH\u5230\u6700\u65b0\u7248\u672c7.5.p1\/<\/p>\n<p>\u4e0b\u8f7d\u65b9\u6cd5\u89c1\u00a0<a href=\"http:\/\/www.linuxidc.com\/Linux\/2013-07\/87684.htm\">http:\/\/www.linuxidc.com\/Linux\/2013-07\/87684.htm<\/a><\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\u5206\u5272\u7ebf&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p><strong>OpenSSH \u5347\u7ea7\u81f3\u76ee\u524d\u6700\u65b07.5\u7248\u672c\u9047\u5230\u7684\u4e00\u4e9b\u5751<\/strong><\/p>\n<h4 id=\"articleHeader0\">openssh upgrade to latest version\u3002<\/h4>\n<h3 id=\"articleHeader1\">ssh \u5347\u7ea7\u6b65\u9aa4<\/h3>\n<h4 id=\"articleHeader2\">\u5b89\u88c5<\/h4>\n<pre class=\"hljs dos\"><code><span class=\"hljs-built_in\">cd<\/span> \/root\/\r\n<span class=\"hljs-built_in\">mkdir<\/span> ssh_upgrade &amp;&amp; <span class=\"hljs-built_in\">cd<\/span> ssh_upgrade<\/code><\/pre>\n<h4 id=\"articleHeader3\">\u4e0a\u4f20openssh\u5b89\u88c5\u5305<\/h4>\n<pre class=\"hljs nginx\"><code><span class=\"hljs-attribute\">rz<\/span> \u5b89\u88c5\u5305 <\/code><\/pre>\n<h4 id=\"articleHeader4\">\u67e5\u770b\u5f53\u524dopenssh\u7248\u672c<\/h4>\n<pre class=\"hljs ebnf\"><code><span class=\"hljs-attribute\">ssh -V<\/span>     <\/code><\/pre>\n<h4 id=\"articleHeader5\">\u5378\u8f7d\u539f\u6709openssh<\/h4>\n<pre class=\"hljs arduino\"><code>yum <span class=\"hljs-built_in\">remove<\/span> openssh -y    <\/code><\/pre>\n<h4 id=\"articleHeader6\">\u5b89\u88c5 gcc\u3001openssl\u548czlib<\/h4>\n<pre class=\"hljs stylus\"><code>yum install gcc openssl-devel zlib-devel\r\ntar zxvf openssh-<span class=\"hljs-number\">7.5<\/span>p1<span class=\"hljs-selector-class\">.tar<\/span><span class=\"hljs-selector-class\">.gz<\/span>\r\ncd openssh-<span class=\"hljs-number\">7.5<\/span>p1\r\n.\/configure\r\nmake &amp;&amp; make install<\/code><\/pre>\n<h4 id=\"articleHeader7\">\u62f7\u8d1dssh\u670d\u52a1\u6587\u4ef6<\/h4>\n<pre class=\"hljs awk\"><code>cp .<span class=\"hljs-regexp\">\/contrib\/<\/span>redhat<span class=\"hljs-regexp\">\/sshd.init \/<\/span>etc<span class=\"hljs-regexp\">\/init.d\/<\/span>sshd\r\nchmod +x <span class=\"hljs-regexp\">\/etc\/i<\/span>nit.d<span class=\"hljs-regexp\">\/sshd<\/span><\/code><\/pre>\n<h4 id=\"articleHeader8\">\u4fee\u6539SSHD\u670d\u52a1\u6587\u4ef6<\/h4>\n<pre class=\"hljs dts\"><code>vim <span class=\"hljs-meta-keyword\">\/etc\/<\/span>init.d\/sshd\r\n\u4fee\u6539\u4ee5\u4e0b\u5185\u5bb9\r\nSSHD=<span class=\"hljs-meta-keyword\">\/usr\/<\/span>sbin\/sshd \u4e3a SSHD=<span class=\"hljs-meta-keyword\">\/usr\/<\/span>local<span class=\"hljs-meta-keyword\">\/sbin\/<\/span>sshd\r\n<span class=\"hljs-meta-keyword\">\/usr\/<\/span>sbin\/ssh-keygen -A \u4e3a <span class=\"hljs-meta-keyword\">\/usr\/<\/span>local<span class=\"hljs-meta-keyword\">\/bin\/<\/span>ssh-keygen -A \r\n\u4fdd\u5b58\u9000\u51fa<\/code><\/pre>\n<h4 id=\"articleHeader9\">\u52a0\u5165\u7cfb\u7edf\u670d\u52a1<\/h4>\n<pre class=\"hljs dockerfile\"><code>chkconfig --<span class=\"hljs-keyword\">add<\/span><span class=\"bash\"> sshd<\/span><\/code><\/pre>\n<h4 id=\"articleHeader10\">\u67e5\u770b\u7cfb\u7edf\u542f\u52a8\u670d\u52a1\u662f\u5426\u589e\u52a0\u6539\u9879<\/h4>\n<pre class=\"hljs applescript\"><code>chkconfig <span class=\"hljs-comment\">--list |grep sshd<\/span>\r\n\r\nsshd               <span class=\"hljs-number\">0<\/span>:off    <span class=\"hljs-number\">1<\/span>:off    <span class=\"hljs-number\">2<\/span>:<span class=\"hljs-keyword\">on<\/span>    <span class=\"hljs-number\">3<\/span>:<span class=\"hljs-keyword\">on<\/span>    <span class=\"hljs-number\">4<\/span>:<span class=\"hljs-keyword\">on<\/span>    <span class=\"hljs-number\">5<\/span>:<span class=\"hljs-keyword\">on<\/span>    <span class=\"hljs-number\">6<\/span>:off <\/code><\/pre>\n<h4 id=\"articleHeader11\">\u5141\u8bb8root\u7528\u6237\u8fdc\u7a0b\u767b\u5f55<\/h4>\n<pre class=\"hljs dts\"><code>cp sshd_config <span class=\"hljs-meta-keyword\">\/etc\/<\/span>ssh\/sshd_config\r\nvim <span class=\"hljs-meta-keyword\">\/etc\/<\/span>ssh\/sshd_config \u4fee\u6539 PermitRootLogin yes,\u5e76\u53bb\u6389\u6ce8\u91ca<\/code><\/pre>\n<h4 id=\"articleHeader12\">\u914d\u7f6e\u5141\u8bb8root\u7528\u6237\u8fdc\u7a0b\u767b\u5f55<\/h4>\n<blockquote><p><strong>\u8fd9\u4e00\u64cd\u4f5c\u5f88\u91cd\u8981\uff01\u5f88\u91cd\u8981\uff01\u5f88\u91cd\u8981\uff01\u91cd\u8981\u7684\u4e8b\u60c5\u8bf4\u4e09\u904d\uff0c\u56e0\u4e3aopenssh\u5b89\u88c5\u597d\u9ed8\u8ba4\u662f\u4e0d\u6267\u884csshd_config\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u5373\u4f7f\u5728sshd_config\u4e2d\u914d\u7f6e\u5141\u8bb8root\u7528\u6237\u8fdc\u7a0b\u767b\u5f55\uff0c\u4f46\u662f\u4e0d\u52a0\u4e0a\u8fd9\u53e5\u547d\u4ee4\uff0c\u8fd8\u662f\u4e0d\u4f1a\u751f\u6548\uff01<\/strong><\/p><\/blockquote>\n<pre class=\"hljs gams\"><code>vim \/etc\/init.d\/sshd\r\n\u5728 \u2018<span class=\"hljs-symbol\">$<\/span>SSHD <span class=\"hljs-symbol\">$<\/span><span class=\"hljs-keyword\">OPTIONS<\/span> &amp;&amp; success || failure\u2019\u8fd9\u4e00\u884c\u4e0a\u9762\u52a0\u4e0a\u4e00\u884c \u2018<span class=\"hljs-keyword\">OPTIONS<\/span>=<span class=\"hljs-string\">\"-f \/etc\/ssh\/sshd_config\"<\/span>\u2019\r\n\u4fdd\u5b58\u9000\u51fa<\/code><\/pre>\n<h4 id=\"articleHeader13\">\u91cd\u542f<\/h4>\n<pre class=\"hljs crmsh\"><code>service sshd <span class=\"hljs-literal\">start<\/span>  <\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6587\u4e3b\u8981\u7b80\u5355\u8bb0\u5f55CentOS\u00a06.6\u4e0bOpenSSH\u5347\u7ea7\u6b65\u9aa4\uff0c\u53ca\u4e00\u952e\u5347\u7ea7\u811a\u672c\u3002\u5b89\u88c5\u7f16\u8bd1\u6240\u9700\u5de5\u5177\u5305 yum in &hellip; <a href=\"http:\/\/safs.me\/wordpress\/?p=115\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">CentOS 6.6\u5347\u7ea7OpenSSH\u5230\u6700\u65b0\u7248\u672c7.5.p1<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/115"}],"collection":[{"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=115"}],"version-history":[{"count":2,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/115\/revisions"}],"predecessor-version":[{"id":117,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/115\/revisions\/117"}],"wp:attachment":[{"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=115"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/safs.me\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}