CentOS 6.4 64位
查看当前的ssl版本
[root@localhost ~]# ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
升级openssl
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz tar -xzf openssl-1.0.1g.tar.gz cd openssl-1.0.1g ./config --prefix=/usr/local/ssl shared zlib-dynamic enable-camellia make make install openssl version mv /usr/bin/openssl /usr/bin/openssl.olg mv /usr/bin/openssl.olg /usr/bin/openssl.old mv /usr/include/openssl/ /usr/include/opensslold ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl echo "/usr/local/ssl/lib/" >> /etc/ld.so.conf ldconfig -v|grep ssl openssl version
升级后截图
升级 openssh
wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz yum install pam* tar -xzf openssh-6.6p1.tar.gz cd openssh-6.6p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man make make install ssh -V service sshd restart
升级完成后打开新的终端连接
升级完成
当执行service sshd restart 的时候有错误提示
vim /etc/ssh/sshd_config 把81和83行注释
再执行就没问题了
service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
附:
Unsupported option GSSAPIAuthentication 和 Unsupported option GSSAPICleanupCredentials
这两个认证机制的解决方法:
service sshd restart
Stopping sshd: [ OK ]
Starting sshd: /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials
[ OK ]在编译openssh-6.6p1的时候把kerberos5的选项指定,就不会出现问题
[root@localhost openssh-6.6p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so
vim /etc/ssh/sshd_config
本文出自 “一颗石头 BBOTTE的博客” 博客,请务必保留此出处http://bbotte.blog.51cto.com/6205307/1394174
openssl 升级到OpenSSL 1.0.1g 修复漏洞,布布扣,bubuko.com
openssl 升级到OpenSSL 1.0.1g 修复漏洞
原文:http://bbotte.blog.51cto.com/6205307/1394174