欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

linux環(huán)境openssl、openssh升級(jí)流程

 更新時(shí)間:2025年03月04日 15:51:19   作者:MRR、皮皮蝦  
該文章詳細(xì)介紹了在Ubuntu 22.04系統(tǒng)上升級(jí)OpenSSL和OpenSSH的方法,首先,升級(jí)OpenSSL的步驟包括下載最新版本、安裝編譯環(huán)境、備份和安裝、驗(yàn)證等,然后,升級(jí)OpenSSH的步驟包括下載最新版本、安裝相關(guān)依賴、解壓和編譯安裝、查看版本、備份替換文件、重啟服務(wù)等

linux常因openssl、openssh漏洞進(jìn)行升級(jí)。

本文以u(píng)buntu22.04為例,對(duì)openssl、openssh進(jìn)行升級(jí)。

一.升級(jí)openssl

1.官網(wǎng)下載最新版openssl

wget https://www.openssl.org/source/openssl-3.0.15.tar.gz

如果因網(wǎng)絡(luò)原因下載不動(dòng),可以直接訪問(wèn)官網(wǎng),下載最新版本:

https://www.openssl.org/source/

root@localhost:~# wget https://www.openssl.org/source/openssl-3.0.15.tar.gz
--2024-07-19 07:31:28--  https://www.openssl.org/source/openssl-3.0.15.tar.gz
Resolving www.openssl.org (www.openssl.org)... 34.36.58.177, 2600:1901:0:1812::
Connecting to www.openssl.org (www.openssl.org)|34.36.58.177|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com:443/openssl/openssl/releases/download/openssl-3.0.15/openssl-3.0.15.tar.gz [following]
--2024-07-19 07:31:29--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/7634677/6ac36897-7f0a-4dc5-8d1c-3d8b0eab4f5d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240719%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240719T073129Z&X-Amz-Expires=300&X-Amz-Signature=658f52e12bd883cbda4f7abcbac2508a5642bccc70baf8d159b4e39a31623702&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=7634677&response-content-disposition=attachment%3B%20filename%3Dopenssl-3.0.15.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15305497 (15M) [application/octet-stream]
Saving to: ‘openssl-3.0.15.tar.gz'

openssl-3.0.15.tar.gz                  100%[===========================================================================>]  14.60M  81.0KB/s    in 4m 17s  

2024-07-19 07:35:48 (58.1 KB/s) - ‘openssl-3.0.15.tar.gz' saved [15305497/15305497]

2.安裝編譯環(huán)境

apt-get install -y build-essential
root@localhost:/opt/openssl-3.0.15# apt-get install -y build-essential
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  bzip2 cpp cpp-11 dpkg-dev fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base libalgorithm-diff-perl
  libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdeflate0
  libdpkg-perl libfakeroot libfile-fcntllock-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0
  libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libtiff5 libtirpc-dev libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list make
  manpages-dev rpcsvc-proto
Suggested packages:
  bzip2-doc cpp-doc gcc-11-locales debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib autoconf automake libtool flex bison gdb gcc-doc
  gcc-11-multilib glibc-doc bzr libgd-tools libstdc++-11-doc make-doc

如果系統(tǒng)為CentOS,則執(zhí)行

yum install perl-IPC-Cmd perl-Data-Dumper gcc gcc-c++ perl perl-devel -y

3.下載后解壓安裝

tar -xf openssl-3.0.15.tar.gz -C /opt/

進(jìn)入目錄

cd /opt/openssl-3.0.15

編譯配置openssl安裝目錄

./config --prefix=/usr/local/openssl
root@localhost:~# tar -xf openssl-3.0.15.tar.gz -C /opt/
root@localhost:~# cd /opt/openssl-3.0.15/
root@localhost:/opt/openssl-3.0.15# ./config --prefix=/usr/local/openssl
Configuring OpenSSL version 3.0.15 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

安裝

make && make install
root@localhost:/opt/openssl-3.0.15# make && make install
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/asn1.h.in > include/openssl/asn1.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/asn1t.h.in > include/openssl/asn1t.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/bio.h.in > include/openssl/bio.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/cmp.h.in > include/openssl/cmp.h

4.備份更新openssl

備份openssl

mv /usr/bin/openssl /usr/bin/openssl_bak

復(fù)制openssl文件到/usr/bin/下

cp /usr/local/openssl/bin/openssl /usr/bin/

添加動(dòng)態(tài)鏈接庫(kù)數(shù)據(jù)

echo ‘/usr/local/openssl/lib64/' >> /etc/ld.so.conf

更新動(dòng)態(tài)鏈接庫(kù)

ldconfig
root@localhost:/opt/openssl-3.0.15# mv /usr/bin/openssl /usr/bin/openssl_bak
root@localhost:/opt/openssl-3.0.15# cp /usr/local/openssl/bin/openssl  /usr/bin/
root@localhost:/opt/openssl-3.0.15# echo "/usr/local/openssl/lib64/" >> /etc/ld.so.conf
root@localhost:/opt/openssl-3.0.15# ldconfig

5.進(jìn)行驗(yàn)證

openssl version
root@localhost:/usr/local/openssl/lib64# openssl version
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)

若出現(xiàn)如下問(wèn)題

root@localhost:/opt/openssl-3.0.15# openssl version
openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.0.9' not found (required by openssl)

備份libcrypto.so.3文件后,復(fù)制安裝目錄下lib64/libcrypto.so.3到/lib/x86_64-linux-gnu/目錄

root@localhost:/opt/openssl-3.0.15# cd /usr/local/openssl/lib64/
root@localhost:/usr/local/openssl/lib64# ll
total 16636
drwxr-xr-x 5 root root    4096 Jul 19 07:49 ./
drwxr-xr-x 7 root root    4096 Jul 19 07:50 ../
drwxr-xr-x 2 root root    4096 Jul 19 07:49 engines-3/
-rw-r--r-- 1 root root 9541222 Jul 19 07:49 libcrypto.a
lrwxrwxrwx 1 root root      14 Jul 19 07:49 libcrypto.so -> libcrypto.so.3*
-rwxr-xr-x 1 root root 5383824 Jul 19 07:49 libcrypto.so.3*
-rw-r--r-- 1 root root 1268762 Jul 19 07:49 libssl.a
lrwxrwxrwx 1 root root      11 Jul 19 07:49 libssl.so -> libssl.so.3*
-rwxr-xr-x 1 root root  813928 Jul 19 07:49 libssl.so.3*
drwxr-xr-x 2 root root    4096 Jul 19 07:49 ossl-modules/
drwxr-xr-x 2 root root    4096 Jul 19 07:49 pkgconfig/

root@localhost:/usr/local/openssl/lib64# mv /lib/x86_64-linux-gnu/libcrypto.so.3 /root/
root@localhost:/usr/local/openssl/lib64# cp libcrypto.so.3 /lib/x86_64-linux-gnu/
root@localhost:/usr/local/openssl/lib64# openssl version
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)

二、升級(jí)openssh

1.下載最新版openssh

wget
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz

如因網(wǎng)絡(luò)原因下載不動(dòng),可以直接訪問(wèn) ,下載最新版本https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable

2.安裝相關(guān)依賴

apt-get install -y zlib1g-dev libpam0g-dev
root@localhost:~#  apt-get install -y  zlib1g-dev libpam0g-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libpam0g-dev zlib1g-dev
0 upgraded, 2 newly installed, 0 to remove and 67 not upgraded.
Need to get 281 kB of archives.
After this operation, 1,010 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libpam0g-dev amd64 1.4.0-11ubuntu2.4 [117 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 zlib1g-dev amd64 1:1.2.11.dfsg-2ubuntu9.2 [164 kB]
Fetched 281 kB in 2s (142 kB/s)

系統(tǒng)為CentOS,則執(zhí)行

yum install zlib-devel pam-devel -y

3.解壓安裝

tar xf openssh-9.9p1.tar.gz -C /opt/
cd /opt/openssh-9.9p1

配置安裝目錄

./configure --prefix=/usr/local/openssh
–with-ssl-dir=/usr/local/openssl --sysconfdir=/etc/ssh --with-pam --with-gssapi --with-rsa --with-rhosts-allowed --with-zlib --with-md5-passwords

編譯安裝

make && make install

4.查看目錄版本

/usr/local/openssh/bin/ssh -V
root@localhost:/usr/local/openssh# ./bin/ssh -V
OpenSSH_9.9p1, OpenSSL 3.0.15 3 Sep 2024

5.備份替換相關(guān)文件

mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /usr/bin/ssh /usr/bin/ssh_bak
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen_bak
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

6.重啟ssh服務(wù)

systemctl restart sshd
root@localhost:/usr/local/openssh# systemctl restart sshd.service 
root@localhost:/usr/local/openssh# ssh -V
OpenSSH_9.9p1, OpenSSL 3.0.15 3 Sep 2024

執(zhí)行ssh服務(wù)狀態(tài)查詢命令

systemctl status sshd.service

查看發(fā)現(xiàn)文件的權(quán)限設(shè)置過(guò)于寬松

Permissions 0640 for'/etc/ssh/*****.key' are too open.

執(zhí)行chmod -R 600 /etc/ssh限制權(quán)限后重啟ssh服務(wù)

systemctl restart sshd

總結(jié)

以上為個(gè)人經(jīng)驗(yàn),希望能給大家一個(gè)參考,也希望大家多多支持腳本之家。

相關(guān)文章

  • 常用Linux發(fā)行版鏡像源配置小結(jié)

    常用Linux發(fā)行版鏡像源配置小結(jié)

    這篇文章主要介紹了常用Linux發(fā)行版鏡像源配置小結(jié),文中通過(guò)示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧
    2020-02-02
  • Apache Thrift環(huán)境配置

    Apache Thrift環(huán)境配置

    這篇文章主要介紹了Apache Thrift環(huán)境配置的相關(guān)資料,需要的朋友可以參考下
    2017-10-10
  • yum 安裝memcache permission denied(拒絕訪問(wèn)) 問(wèn)題

    yum 安裝memcache permission denied(拒絕訪問(wèn)) 問(wèn)題

    這篇文章主要介紹了yum 安裝memcache permission denied(拒絕訪問(wèn)) 問(wèn)題,需要的朋友可以參考下
    2017-03-03
  • Linux下“/”和“~”的區(qū)別詳解

    Linux下“/”和“~”的區(qū)別詳解

    這篇文章主要介紹了Linux下“/”和“~”的區(qū)別詳解,文中通過(guò)示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧
    2019-09-09
  • Linux主機(jī)ssh使用秘鑰方式實(shí)現(xiàn)免登陸互通配置方式

    Linux主機(jī)ssh使用秘鑰方式實(shí)現(xiàn)免登陸互通配置方式

    實(shí)現(xiàn)多臺(tái)服務(wù)器間SSH免登陸的操作包括密鑰生成、配置與傳遞,首先在每臺(tái)主機(jī)上生成秘鑰,并將公鑰傳輸?shù)綄?duì)方主機(jī)的配置文件中,確保ssh服務(wù)開(kāi)啟并且authorized_keys文件具有正確的權(quán)限,即可實(shí)現(xiàn)免登陸互通,其中可能遇到的問(wèn)題通常跟文件權(quán)限有關(guān)
    2024-10-10
  • CentOS-NAT模式下(DHCP)聯(lián)網(wǎng)成功案例

    CentOS-NAT模式下(DHCP)聯(lián)網(wǎng)成功案例

    這篇文章主要為大家詳細(xì)介紹了CentOS-NAT模式下(DHCP)聯(lián)網(wǎng)成功,具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下
    2017-11-11
  • centos7下安裝并配置supervisor守護(hù)程序的操作方法

    centos7下安裝并配置supervisor守護(hù)程序的操作方法

    這篇文章主要介紹了centos7下安裝并配置supervisor守護(hù)程序的操作方法,本文通過(guò)圖文并茂的形式給大家介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或工作具有一定的參考借鑒價(jià)值,需要的朋友可以參考下
    2020-10-10
  • CentOS8 配置本地yum源的詳細(xì)教程

    CentOS8 配置本地yum源的詳細(xì)教程

    centos8發(fā)行版通過(guò) BaseOS 和應(yīng)用流 (AppStream) 倉(cāng)庫(kù)發(fā)布,這篇文章主要介紹了CentOS8 配置本地yum源的詳細(xì)教程,需要的朋友可以參考下
    2019-12-12
  • Linux安裝redis后沒(méi)有redis-server的問(wèn)題

    Linux安裝redis后沒(méi)有redis-server的問(wèn)題

    這篇文章主要介紹了Linux安裝redis后沒(méi)有redis-server的問(wèn)題,具有很好的參考價(jià)值,希望對(duì)大家有所幫助,如有錯(cuò)誤或未考慮完全的地方,望不吝賜教
    2024-01-01
  • Ubuntu apt-get指令autoclean,clean,autoremove的區(qū)別

    Ubuntu apt-get指令autoclean,clean,autoremove的區(qū)別

    這篇文章主要介紹了Ubuntu apt-get指令autoclean,clean,autoremove的區(qū)別的相關(guān)資料,需要的朋友可以參考下
    2017-01-01

最新評(píng)論