Location>code7788 >text

Recorded an upgrade to openssh9.8p1 by compiling offline under openEuler system.

Popularity:16 ℃/2024-07-24 08:30:16

origin

As a result of a vulnerability scan of the server by A on a particular project, the system is:openEuler 22.03 (LTS-SP4). The existing OpenSSH version is vulnerable and needs to be upgraded to openssh-9.8p1 (currently the latest), hence this documented article.

PS: Remember! It is better to install telnet or other remote tools on the server before upgrading SSH, in case the upgrade fails and you can't link to the server.

1. Check the version

[root@localhost cyunzing]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1wa  16 Nov 2023

You can see that the current OpenSSH version is 8.8p1, which is within the range of versions included in the vulnerability, and needs to be upgraded.
image

2、Download openssh source code package

Compiling opensssh requires that the version of openssl installed on the server is greater than or equal to 1.1.1, and from the abovessh -VYou can see that the default OpenSSL version is 1.1.1, so you don't need to consider upgrading openssl, just upgrade openssh.

2.1. Situations where the server is not networkable

Download the source package from a computer that can link to the Internet network, and then upload it to a server in the intranet.
Download Address:/pub/OpenBSD/OpenSSH/portable/openssh-9.

2.2. Situations where servers can be networked

utilizationcurl(The openEuler system comes with this command for minimal installations.) The command downloads.-ois to specify the name of the file to be saved after downloading.

curl -o openssh-9. /pub/OpenBSD/OpenSSH/portable/openssh-9.

2.3 Unpack openssh-9.

The above two steps in the context of the specific circumstances of either one can be, here I chose the first one, namely2.1. Situations where the server is not networkableThe address of the directory saved on the server is/root/cyunzing/updateBugs/(The directory should be created ahead of time), then unzip into the directory.

tar zxvf openssh-9.
cd openssh-9.8p1/

3、Compile and install openssh

pass (a bill or inspection etc)2.3 Unpack openssh-9.Steps to unzip, cd intoopenssh-9.8p1/Execute the following commands after the directory to check the compilation environment for any problems and compile and install.

./configure
make -j4 && make install

4. Installation completed

Restart the sshd service

This step is fine if it doesn't get stuck and doesn't move.

systemctl restart sshd

5. Check if the installation is successful

Open a new remote link windowImplementationssh -VCompare the version information before the upgrade to determine if the upgrade is complete.

[root@localhost openssh-9.8p1]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1wa  16 Nov 2023

image