ubantu 12.05 and ubantu 14.05 upgrade openssl and openssh

Ubantu upgrade openssl and openssh

The Security Bureau scanning system has a lot of openssl and openssh vulnerabilities, so upgrade it

Three authors' documents were referenced:
https://blog.csdn.net/hexf9632/article/details/99820859
https://blog.51cto.com/xjsunjie/2347949?source=dra
https://blog.csdn.net/hexf9632/article/details/99820859

I use

zlib-1.2.11.tar.gz
openssl-1.1.1g.tar.gz
openssh-8.3p1.tar.gz 
1. zlib-1.2.11.tar.gz             # Official download address: http://www.zlib.net/
2.openssl-1.1.1g.tar.gz       # Official download address: https://www.openssl.org/source/
3..openssh-8.3p1.tar.gz         # Official download address: https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

Put the installation package on the u disk
If the code is online, it is recommended to back up ubantu first

1: Mo u nt USB flash disk
1. view the current mount

fdisk -l

2. create a new directory to mount the hard disk to mnt/usb

root@h-Default-string:~# cd /mnt
root@h-Default-string:/mnt# mkdir /mnt/usb

3. mount command
root@h -Default string: / mnt\mnt\mount /dev/sdb1 /mnt/usb where /dev/sdb1 is obtained by viewing fdisk -l
4. if there is no problem, the mount will succeed.
5. unload USB flash disk: after using USB flash disk, you need to type the command to unload USB flash disk before unplugging it
umount /mnt/usb
backups

tar cvpzf backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/mnt/usb/backup.tgz --exclude=/mnt --exclude=/sys /

reduction

tar xvpfz backup.tgz -C /

2: Let's upgrade openssl and openssh
1. create a file and put the installation package together
Remember to run with root privileges
cd / back to root

sudo mkdir /openssl  //Create file under root directory
cd /mnt/usb //Go to the directory where the U SB flash disk is mounted to see the first step
cp  zlib-1.2.11.tar.gz    /openssl  //Copy zlib-1.2.11 Tar GZ to openssl directory
cp openssl-1.1.1g.tar.gz    /openssl  //Copy openssl-1.1.1g Tar GZ to OpenSSL directory
cp  openssh-8.3p1.tar.gz     /openssl  //Copy openssh-8.3p1 Tar GZ to openssl directory
cd /openssl 					//Enter the openssl directory
tar -zxvf zlib-1.2.11.tar.gz  //Unzip zlib-1.2.11 Tar Gz
tar -zxvf penssl-1.1.1g.tar.gz //Unzip penssl-1.1.1g Tar Gz
tar -zxvf zopenssh-8.3p1.tar.gz //Unzip openssh-8.3p1 Tar Gz

2. back up openssl and openssh. If you need to restore the configuration later, you can replace it
Back up the original openssh file

mv /etc/init.d/ssh /etc/init.d/ssh.old
cp -r /etc/ssh /etc/ssh.old

Back up the original openssl

mv /usr/bin/openssl /usr/bin/openssl.bak 
mv /usr/include/openssl /usr/include/openssl.bak

First, check your own openssl version and openssh version to see if there is any change in the later installation

openssl version //View openssl version
ssh -v			//View ssh version

Here's the point: because I want to upgrade the system in an environment that can't access the Internet. There are two versions of the system. First, I want to upgrade the system in an environment that can access the Internet
1. uninstall: for the old version, execute it several times more. Every time I execute the first time, I will uninstall it for the second time
Enter after execution

openssl version //View openssl version
ssh -v			//View ssh version

If there is no version information, the uninstall is successful

apt-get remove openssl //Do not execute if you cannot connect to the Internet
apt-get remove openssh-server openssh-client //Do not execute if you cannot connect to the Internet
apt-get purge openssl //Do not execute if you cannot connect to the Internet
cd zlib-1.2.11 		//Enter the extracted zlib-1.2.11 directory
./configure
make
make install 		//If the three steps are correct, the installation is complete
cd ..				//Return to /openssl directory
cd openssl-1.1.1g Enter the extracted openssl-1.1.1g catalogue
./config --prefix=/usr --shared //Must add --shared
make
make test
make intall

Then, execute openssl version and the version content will be successful

cd ..            //Return to /openssl directory
cd openssh-8.3p1 //Enter the extracted openssh-8.3p1 directory
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd --with-pam

If any RAW error occurs during this step, Download libpam0g dev first

apt-get install libpam0g-dev 

If I can't connect to the Internet, I upload the installation package on Baidu cloud, and then you download it and put it into /openssl for execution:

sudo dpkg -i libpam0g_1.1.3-7ubuntu2.3_amd64.deb

sudo dpkg -i libpam0g-dev_1.1.3-7ubuntu2.3_amd64.deb

If you perform this step, the

configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.

Error, please be sure to download the suffix xg Tar GZ version, if not, please download other versions on the official website
If you have any questions, please send a private letter or comment

make
make install

That's it

Then you use ssh -v to find that the version information cannot be displayed,

You enter the cd /usr/sbin directory
Execution/ sshd -v you will find the version information

Then start ssh with a little change:

server ssh start //Start ssh
server ssh stop //cease
service ssh restart restart 

Check whether ssh is enabled after starting ssh

ps -e | grep ssh

If sshd occurs, it is successful

Note: you may not be able to connect with sftp when connecting:
First use scp connection to see if it is connected. If there is a problem

sudo vi /etc/ssh/sshd_config

Check whether there is a \y number in front of Port 22. If yes, remove it
Then check whether the \

PermitRootLogin  and StrictModes Change the rear face to yes  //This is to enable root login


Then exit and remember to save

Then execute service ssh restart to restart
Check whether scp can be connected
If you can connect, it's good. If you can't connect, send me private messages or comments, and I will often be online

Then, let's talk about the reasons why sftp can't be connected:
Because ssh has been updated, some file locations have changed,

vi /etc/ssh/sshd_config   

Bottom of document
Check the location specified by Subsystem sftp to see if there is still this problem. I don't think so!
Then execute exit document, execute

cd /
find / -name sftp-server

Find the location of this file

Then execute

vi /etc/ssh/sshd_config

Modify Subsystem sftp to the found path


Then execute service ssh restart to restart
Check whether ssh is enabled

ps -e | grep ssh


Open it, and then connect it with sftp

If you have any questions or do not understand, please comment or send a private letter

Tags: Linux Ubuntu ssh

Posted by vombomin on Sun, 29 May 2022 22:41:36 +0530