系統:centos6.4 64位
先解析下openssl 不是協議,而是對協議的實現,SSL/TLS 纔是協議。
升級openssl:
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
yum -y update zlib
./config --prefix=/usr --shared(需帶上–shared參數 否則會出現頭文件和庫文件不匹配)
make && make install
升級openssh:
wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
備份原ssh配置
mv /etc/ssh /etc/ssh_bak
yum install pam-krb5 krb5-devel krb5-libs pam-devel
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man --with-kerberos5=/usr/lib64/libkrb5.so(防止出現Unsupported option GSSAPIAuthentication 和 Unsupported option GSSAPICleanupCredentials)
make && make install
注意的問題:
1、如果提示libcrypto.so.1.0.0沒有權限加載 執行setenforce 0 再升級
2、提示:PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail.Example PAM control files can be found in the contrib/ subdirectory
# 就是如果啓用PAM,需要有一個控制文件,否則認證失敗
cp /etc/init.d/sshd /etc/init.d/sshd_old
cp /etc/pam.d/sshd /etc/pam.d/sshd_old
cd openssh-6.6p1/contrib/redhat
cp sshd.init /etc/init.d/sshd
cp sshd.pam /etc/pam.d/sshd
修改/etc/ssh/sshd_config中 UsePAM yes
3、登錄的時候使用密碼登錄提示:Access denied;使用key登錄時‘Server unexpectedly closed network connection’,這時候在日誌裏面可以看到下面的提示信息
sshd[15721]: PAM unable to dlopen(/lib/security/pam_stack.so): /lib/security/pam_stack.so: cannot open shared object file: No such file or directory(這個是配置文件錯誤,這個so已經不用了)
這時候需修改 /etc/pam.d/sshd 文件
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth