動態

詳情 返回 返回

Centos7.9修復openssh漏洞,使用rpm包升級openssh 9.7p - 動態 詳情

1.查看當前的系統版本和openssh,openssl版本

image.png

2.安裝telnet

rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
rpm -ivh telnet-0.17-66.el7.x86_64.rpm
rpm -ivh telnet-server-0.17-66.el7.x86_64.rpm
systemctl start telnet.socket && systemctl enable telnet.socket
sed -i 's/^auth[[:space:]]\+required[[:space:]]\+pam_securetty.so/#&/' /etc/pam.d/remote

3.在其他節點測試 telnet 連接

image.png

4.備份ssh歷史配置以防萬一

whereis ssh sshd openssl
cp -rf /etc/ssh /etc/ssh.bak
cp -rf /usr/bin/ssh /usr/bin/ssh.bak
cp -rf /usr/sbin/sshd /usr/sbin/sshd.bak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /usr/lib64/openssl /usr/lib64/openssl.bak

5.卸載openssl和openssh

yum remove openssl
手動輸入 y 確認是否關鍵依賴組件會被卸載掉,開始沒注意以前安裝的ansible被卸載了
yum remove openssh
手動輸入 y

6.安裝openssl和openssh

rpm -ivh  openssl-1.1.1w-1.el7.x86_64.rpm --nodeps
rpm -ivh openssh-9.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-clients-9.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-server-9.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-debuginfo-9.7p1-1.el7.centos.x86_64.rpm

直接啓動會報錯,所以重新授權了,估計是7.4 和 9.7的權限管理差別
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd

7.檢查ssh狀態和開機啓動

systemctl status sshd &&  systemctl is-enabled sshd

鏈接:https://pan.baidu.com/s/1GZyoJgiBNVFN_j3kJIbofQ
提取碼:43qr

漏洞 , telnet , SSH , centos7 , openssh
點贊

Add a new 評論

Some HTML is okay.