Linux中OpenSSH输⼊验证错误漏洞(CVE-2019-16905)修复解决⽅案 blog.csdn/sunmenggmail/article/details/42526117
blog.csdn/baidu_36209638/article/details/109121765
blog.csdn/asdfrt8686/article/details/101692580?utm_medium=distribute.-task-blog-BlogCommendFromMachineLearnPai2-
1.pc_relevant_is_cache&depth_1-utm_source=distribute.-task-blog-BlogCommendFromMachineLearnPai2-1.pc_relevant_is_cache
2020-11-01 02:11 评论 0 阅读 84 
解决⽅案:
redhat6、7与centos6、7版本升级到openssh8.1版本与openssl-1.1.1⾃动化脚本,解决linuxOpenSSH输⼊验证错误漏洞(CVE-2019-16905)
解决步骤:
1、附件
2、解压升级包
tar --no-same-owner -zxvf zlib-1.2.
tar --no-same-owner -zxvf openssh-8.
tar --no-same-owner -zxvf openssl-1.1.
3、编译安装zlib
cd zlib-1.2.11
cve漏洞库./configure --prefix=/usr/local/zlib
make && make install
4、编译安装openssl
cd openssl-1.1.1g
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/f
ldconfig -v
5、安装openssh
cd openssh-8.3p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
6、sshd_config⽂件修改
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
7、备份原有⽂件,并将新的配置复制到指定⽬录
复制代码
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
复制代码
8、启动sshd
service sshd restart
9、查看信息版本
ssh -V
10、升级完成后sftp登录后瞬间断开问题
修改/etc/ssh/sshd_config ⽂件中sftp路径,改为
Subsystem sftp /usr/libexec/sftp-server

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。