openssh
前景 买了台 aliyun 香港节点 ecs 折腾下,系统改加固的加固
升级 openssh 1. 备份系统自带 openssh 文件
1 cp -rf /etc/ssh /etc/ssh.bak
2. 安装 openssh 所需依赖
1 yum install gcc openssl-devel pam-devel rpm-build
3. 下载 openssh 文件,检测运行环境编译并安装
这里我去掉了 pam 模块
1 2 3 4 5 wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz tar zxvf openssh-7.4p1.tar.gz ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --enable-shared make & make install service sshd restart
4. 解决警告openssh-warn
1 2 3 4 sed -i '/^GSSAPICleanupCredentials/s/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/' /etc/ssh/sshd_config sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/' /etc/ssh/sshd_config sed -i '/^GSSAPIAuthentication/s/GSSAPIAuthentication no/#GSSAPIAuthentication no/' /etc/ssh/sshd_config
或者 在 configure 加入 –with-kerberos5=/usr/lib64/libkrb5.so
5. 开机运行
6. 问题
1 2 3 configure: error: PAM headers not found 需要安装pam-devel的rpm包 yum install –y pam-devel
1 2 3 Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open 权限问题导致 chmod 0600 /etc/ssh/*
