Anolis OS 8.4上编译rpm升级OpenSSH至 9.

OpenSSH漏洞预警：无需用户交互，可提权至 root
https://mp.weixin.qq.com/s/c_gATfwcjyXVGj0g6xXIBg

OpenSSH远程代码执行漏洞分析及POC（CVE-2024-6387）
https://mp.weixin.qq.com/s/79P1zpb36D0ku-gwwXfPtQ

OenSSH官方只提供源码包，我们考虑自己将源码编译为rpm包来升级环境的OpenSSH。
当然编译过程也尽量简单化，这里我们直接使用开源的脚本进行编译。
https://github.com/boypt/openssh-rpms

# yum -y install epel-release 
# yum -y install  git   zip  unzip
# yum -y groupinstall  "Development Tools"
# yum -y install  imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel

# git clone https://github.com/boypt/openssh-rpms.git
#百度网盘下载链接: https://pan.baidu.com/s/1gS0ltu3YNmgPIAMHxc0xiw?pwd=sgpa 
# cd openssh-rpms-main
# ll
总用量 32
drwxr-xr-x 7 root root    72 8月  23 15:16 amzn1
drwxr-xr-x 7 root root    72 8月  23 15:16 amzn2
drwxr-xr-x 7 root root    72 8月  23 15:16 amzn2023
-rwxr-xr-x 1 root root  4044 8月  23 15:24 compile.sh
drwxr-xr-x 2 root root   149 8月  23 15:16 docker
-rw-r--r-- 1 root root 11802 8月  23 15:16 docker.README.md
drwxr-xr-x 2 root root   114 8月  23 15:28 downloads
drwxr-xr-x 7 root root    72 8月  23 15:16 el5
drwxr-xr-x 7 root root    72 8月  23 15:16 el6
drwxr-xr-x 8 root root    89 8月  23 15:44 el7
-rwxr-xr-x 1 root root  1874 8月  23 15:26 pullsrc.sh
-rw-r--r-- 1 root root  4394 8月  23 15:16 README.md
-rw-r--r-- 1 root root   336 8月  23 15:16 version.env

将出现 source version.env 的行，改为 source ./version.env

# grep "version.env"   *.sh
compile.sh:source ./version.env
pullsrc.sh:source ./version.env
vim compile.sh
第70行
source  version.env
改为
source ./version.env
并保存退出。
vim pullsrc.sh
第23行
source  version.env
改为
source ./version.env
并保存退出。

将出现 wget 的行加上 --no-check-certificate 参数，避免因为证书问题导致源码下载失败。

#  grep  "wget"  pullsrc.sh

wget --no-check-certificate $OPENSSLMIR/$OPENSSLSRC
wget --no-check-certificate $OPENSSHMIR/$OPENSSHSRC
wget --no-check-certificate $ASKPASSMIR/$ASKPASSSRC

image.png

#  sh  pullsrc.sh
#  sh  compile.sh
Recommends: openssh-debugsource(x86-64) = 9.8p1-1.an8
检查未打包文件：/usr/lib/rpm/check-files /root/openssh-rpms-main/el7/BUILDROOT/openssh-9.8p1-1.an8.x86_64
已写至：/root/openssh-rpms-main/el7/SRPMS/openssh-9.8p1-1.an8.src.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-clients-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-server-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-debugsource-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-debuginfo-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-clients-debuginfo-9.8p1-1.an8.x86_64.rpm
已写至：/root/openssh-rpms-main/el7/RPMS/x86_64/openssh-server-debuginfo-9.8p1-1.an8.x86_64.rpm
正在执行(%clean)：/bin/sh -e /var/tmp/rpm-tmp.CqEtsN
+ umask 022
+ cd /root/openssh-rpms-main/el7/BUILD
+ cd openssh-9.8p1
+ rm -rf /root/openssh-rpms-main/el7/BUILDROOT/openssh-9.8p1-1.an8.x86_64
+ exit 0
~/openssh-rpms-main

# ll /root/openssh-rpms-main/el7/RPMS/x86_64/
总用量 22512
-rw-r--r-- 1 root root 6674000 8月  23 15:47 openssh-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 6816912 8月  23 15:47 openssh-clients-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1987868 8月  23 15:47 openssh-clients-debuginfo-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1522876 8月  23 15:47 openssh-debuginfo-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  853532 8月  23 15:47 openssh-debugsource-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 3616880 8月  23 15:47 openssh-server-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1561984 8月  23 15:47 openssh-server-debuginfo-9.8p1-1.an8.x86_64.rpm

#  yum -y localinstall  /root/openssh-rpms-main/el7/RPMS/x86_64/*.rpm
 
#  systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

# systemctl  status   sshd
● sshd.service - OpenSSH 9 server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2024-08-23 16:47:26 CST; 16s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 83903 (sshd)
    Tasks: 1 (limit: 50648)
   Memory: 756.0K
   CGroup: /system.slice/sshd.service
           └─83903 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

8月 23 16:47:26 anolis8 systemd[1]: Started OpenSSH 9 server daemon.
8月 23 16:47:26 anolis8 sshd[83903]: Server listening on 0.0.0.0 port 22.
8月 23 16:47:26 anolis8 sshd[83903]: Server listening on :: port 22.
 
 
# chmod  400 /etc/ssh/*key
# systemctl  restart  sshd.service
# systemctl  status  sshd.service

● sshd.service - OpenSSH 9 server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2024-08-23 16:47:26 CST; 1min 23s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 83903 (sshd)
    Tasks: 1 (limit: 50648)
   Memory: 756.0K
   CGroup: /system.slice/sshd.service
           └─83903 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

8月 23 16:47:26 anolis8 systemd[1]: Started OpenSSH 9 server daemon.
8月 23 16:47:26 anolis8 sshd[83903]: Server listening on 0.0.0.0 port 22.
8月 23 16:47:26 anolis8 sshd[83903]: Server listening on :: port 22.

<meta charset="utf-8">

OpenSSH 从 7.0 后开始对于version 1.x 就不支持了，相应的RSA1算法也不再支持了
编译OpenSSH 源码的时候也不会在/etc/ssh目录下面生成ssh_host_key/ssh_host_key.pub
http://www.openssh.com/txt/release-6.9

将 /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub 行注释掉

# sed -i '/ssh_host_dsa_key.pub/s/^/#/'  /etc/init.d/sshd

# systemctl daemon-reload
# systemctl  restart sshd
# systemctl status sshd
● sshd.service - OpenSSH 9 server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2024-08-23 17:04:41 CST; 21s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 84066 (sshd)
    Tasks: 1 (limit: 50648)
   Memory: 716.0K
   CGroup: /system.slice/sshd.service
           └─84066 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

8月 23 17:04:41 anolis8 systemd[1]: Started OpenSSH 9 server daemon.
8月 23 17:04:41 anolis8 sshd[84066]: Server listening on 0.0.0.0 port 22.
8月 23 17:04:41 anolis8 sshd[84066]: Server listening on :: port 22.
8月 23 17:04:48 anolis8 sshd-session[84067]: Accepted password for root from 172.16.17.128 port 52337 ssh2
8月 23 17:04:48 anolis8 sshd-session[84067]: pam_unix(sshd:session): session opened for user root by (uid=0)

# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1w  11 Sep 2023
# sshd  -V
OpenSSH_9.8p1, OpenSSL 1.1.1w  11 Sep 2023
# rpm -qa | grep openssh
openssh-clients-9.8p1-1.el8.x86_64
openssh-9.8p1-1.el8.x86_64
openssh-server-9.8p1-1.el8.x86_64

#cd 
# mkdir  install_openssh-9.8p1
# cd  install_openssh-9.8p1
# cp  /root/openssh-rpms-main/el7/BUILD/openssh-9.8p1/contrib/ssh-copy-id   ./
# cp /root/openssh-rpms-main/el7/RPMS/x86_64/*   ./
# ll
总用量 22528
-rw-r--r-- 1 root root 6674000 8月  23 17:19 openssh-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 6816912 8月  23 17:19 openssh-clients-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1987868 8月  23 17:19 openssh-clients-debuginfo-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1522876 8月  23 17:19 openssh-debuginfo-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  853532 8月  23 17:19 openssh-debugsource-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 3616880 8月  23 17:19 openssh-server-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1561984 8月  23 17:19 openssh-server-debuginfo-9.8p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root   13078 8月  23 17:19 ssh-copy-id 

cat install_openssh-9.8p1.sh

#!/bin/bash
 
if ! yum -y localinstall *.rpm ; then
  echo "OpenSSH rpm 安装失败！"
  exit 1
fi
 
chmod 400 /etc/ssh/ssh_host_*_key
 
cp ssh-copy-id  /usr/bin/
chmod  755  /usr/bin/ssh-copy-id

sed -i '/ssh_host_dsa_key.pub/s/^/#/' /etc/init.d/sshd
 
systemctl daemon-reload
 
systemctl restart sshd
systemctl enable  sshd
systemctl status sshd
 
rpm -qa | grep openssh
ssh  -V

转载自https://www.jianshu.com/p/46011da1047c