origin
As a result of a vulnerability scan of the server by A on a particular project, the system is:openEuler 22.03 (LTS-SP4)
. The existing OpenSSH version is vulnerable and needs to be upgraded to openssh-9.8p1 (currently the latest), hence this documented article.
PS: Remember! It is better to install telnet or other remote tools on the server before upgrading SSH, in case the upgrade fails and you can't link to the server.
1. Check the version
[root@localhost cyunzing]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1wa 16 Nov 2023
You can see that the current OpenSSH version is 8.8p1, which is within the range of versions included in the vulnerability, and needs to be upgraded.
2、Download openssh source code package
Compiling opensssh requires that the version of openssl installed on the server is greater than or equal to 1.1.1, and from the abovessh -V
You can see that the default OpenSSL version is 1.1.1, so you don't need to consider upgrading openssl, just upgrade openssh.
2.1. Situations where the server is not networkable
Download the source package from a computer that can link to the Internet network, and then upload it to a server in the intranet.
Download Address:/pub/OpenBSD/OpenSSH/portable/openssh-9.
2.2. Situations where servers can be networked
utilizationcurl
(The openEuler system comes with this command for minimal installations.) The command downloads.-o
is to specify the name of the file to be saved after downloading.
curl -o openssh-9. /pub/OpenBSD/OpenSSH/portable/openssh-9.
2.3 Unpack openssh-9.
The above two steps in the context of the specific circumstances of either one can be, here I chose the first one, namely2.1. Situations where the server is not networkable
The address of the directory saved on the server is/root/cyunzing/updateBugs/
(The directory should be created ahead of time), then unzip into the directory.
tar zxvf openssh-9.
cd openssh-9.8p1/
3、Compile and install openssh
pass (a bill or inspection etc)2.3 Unpack openssh-9.
Steps to unzip, cd intoopenssh-9.8p1/
Execute the following commands after the directory to check the compilation environment for any problems and compile and install.
./configure
make -j4 && make install
4. Installation completed
Restart the sshd service
This step is fine if it doesn't get stuck and doesn't move.
systemctl restart sshd
5. Check if the installation is successful
Open a new remote link windowImplementationssh -V
Compare the version information before the upgrade to determine if the upgrade is complete.
[root@localhost openssh-9.8p1]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1wa 16 Nov 2023