Some problems encountered in upgrading openssh to the latest version 7.5


openssh upgrade to latest version

Recently, the company’s system was scanned for several vulnerabilities in openssh by a set of vulnerability scanning equipment on the customer’s side. I probably looked at it. The main reason is that the current version of openssh is 5.3 and the version is lower. I thought it was a small problem. My own distribution is CentOS 6.0 x. Yum’s latest openssh is only 5.3. There is no way but to find a new package on the RPM official website. The latest package is 6.4, and then upgraded through Yum localinstall. Unexpectedly, the customer reported that there was still an openssh vulnerability the next day. Port 22 could not be opened to the outside world without one. I have no choice but to go to the openssh official website to find the latest release. The latest version is 7.5. I will not describe a series of pits encountered during the installation process one by one. In order to help you avoid these pits, it is recorded for reference only.

SSH upgrade steps


cd /root/
mkdir ssh_upgrade && cd ssh_upgrade

Upload openssh installation package

RZ installation package

View the current openssh version

ssh -V     

Uninstall the original openssh

yum remove openssh -y    

Install GCC, OpenSSL, and zlib

yum install gcc openssl-devel zlib-devel
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
make && make install

Copy SSH service file

cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd

Modify sshd service file

vim /etc/init.d/sshd
Modify the following
Sshd = / usr / SBIN / sshd is sshd = / usr / local / SBIN / sshd
/Usr / SBIN / SSH keygen - A is / usr / local / bin / SSH keygen - A 
Save exit

Join system services

chkconfig --add sshd

Check whether the system startup service adds modification items

chkconfig --list |grep sshd

sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off 

Allow root to log in remotely

cp sshd_config /etc/ssh/sshd_config
vim /etc/ssh/sshd_ Config modify permitrotlogin yes and remove the comment

Configure allow root user to log in remotely

This operation is very important! Very important! Very important! Say the important thing three times, because when openssh is installed, sshd is not executed by default_ Config file, so even in sshd_ Config allows the root user to log in remotely, but it will not take effect without this command!

vim /etc/init.d/sshd
Add a line 'options = "- F / etc / SSH / sshd_config" above the line' $sshd $options & & success | failure '
Save exit


service sshd start