centos远程升级sshd到5.9p1并删除老版本ssh
升级sshd可以增加安全性,当然要做到绝对安全是不可能的.下文只是简单的升级了下sshd.
1.升级sshd前准备
![点击查看原图](/content/plugins/kl_album/upload/201204/5a70b8fd86bfeb5b535c5f29ffd76f37201204191051101604347206.jpg)
yum -y install gcc* make openssl openssl-devel perl pam pam-devel
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
备份ssh
mv /etc/ssh/ /etc/ssh.bak
当然最好再装个dropbear,大家可以去看我这篇文章centos安装dropbear代替openssh,避免升级失败,连不上服务器就杯具了.
2.安装sshd
openssl version -a
tar zxf openssh-5.9p1.tar.gz && cd openssh-5.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-zlib --with-md5-passwords
make
rpm -e --nodeps openssh-server-4.3p2-41.el5
rpm -e --nodeps openssh-4.3p2-41.el5
![点击查看原图](/content/plugins/kl_album/upload/201204/b299da8d7a2ec7138e19b5d8631fea96201204131616091701666658.jpg)
make install
service sshd restart
这时候不要先忙断开ssh连接,重新开个ssh来试试可否连接,如果可以,这时候会出现证书错误,这是很正常.
![点击查看原图](/content/plugins/kl_album/upload/201204/41b1a03265c0f93fa4520c0f95a0fd2b201204131616101131243618.jpg)
重启sshd后会出现ssh-keygen: generating new host keys: ECDSA unknown key type错误提示.
touch /etc/ssh/ssh_host_ecdsa_key
touch /etc/ssh/ssh_host_ecdsa_key.pub
![点击查看原图](/content/plugins/kl_album/upload/201204/def90e26d5cc7cf26ab14a0812d925f6201204191051101339392130.jpg)
然后再重启sshd.
service sshd restart
![点击查看原图](/content/plugins/kl_album/upload/201204/a21476c087491b8b557e1debce58100c20120413161610276512002.jpg)
好了,远程升级成功.
1.升级sshd前准备
![点击查看原图](/content/plugins/kl_album/upload/201204/5a70b8fd86bfeb5b535c5f29ffd76f37201204191051101604347206.jpg)
yum -y install gcc* make openssl openssl-devel perl pam pam-devel
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
备份ssh
mv /etc/ssh/ /etc/ssh.bak
当然最好再装个dropbear,大家可以去看我这篇文章centos安装dropbear代替openssh,避免升级失败,连不上服务器就杯具了.
2.安装sshd
openssl version -a
tar zxf openssh-5.9p1.tar.gz && cd openssh-5.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh \
--with-pam --with-zlib --with-md5-passwords
make
rpm -e --nodeps openssh-server-4.3p2-41.el5
rpm -e --nodeps openssh-4.3p2-41.el5
![点击查看原图](/content/plugins/kl_album/upload/201204/b299da8d7a2ec7138e19b5d8631fea96201204131616091701666658.jpg)
make install
service sshd restart
这时候不要先忙断开ssh连接,重新开个ssh来试试可否连接,如果可以,这时候会出现证书错误,这是很正常.
![点击查看原图](/content/plugins/kl_album/upload/201204/41b1a03265c0f93fa4520c0f95a0fd2b201204131616101131243618.jpg)
重启sshd后会出现ssh-keygen: generating new host keys: ECDSA unknown key type错误提示.
touch /etc/ssh/ssh_host_ecdsa_key
touch /etc/ssh/ssh_host_ecdsa_key.pub
![点击查看原图](/content/plugins/kl_album/upload/201204/def90e26d5cc7cf26ab14a0812d925f6201204191051101339392130.jpg)
然后再重启sshd.
service sshd restart
![点击查看原图](/content/plugins/kl_album/upload/201204/a21476c087491b8b557e1debce58100c20120413161610276512002.jpg)
好了,远程升级成功.
评论: