vsiu

vsiu

HomeArchives

OpenSSH Upgrade (Ubuntu)

609
AI Translation
This post is translated from Chinese into English through AI.View Original

1. Installation Dependencies#

Install the following dependencies:

# Update repositories
sudo apt update 

# Install dependencies
sudo apt install zlib1g libpam0g-dev libssl-dev

2. Package Download#

Download the following software packages, referring to the download instructions for the versions:

3. Preparation#

Verify if the telnet service is available:

telnet ip

If login is unsuccessful, the telnet service needs to be installed:

# Install telnet
sudo apt-get install openbsd-inetd telnetd telnet

# Start the service
sudo /etc/init.d/openbsd-inetd restart 

# Check telnet port
netstat -anpt | grep 23 

# Open port 23 in the firewall
sudo ufw allow 23

# Test login again
telnet ip

4. Installation#

Uninstall the original openssh:

sudo apt-get remove openssh-server openssh-client

Note: At this point, it is not possible to create a new SSH connection, so do not close the current operating interface.

1. Install zlib#

tar -zxvf zlib-version.tar.gz
cd zlib-version
./configure --prefix=/usr/local/zlib
make && sudo make install

2. Upgrade openssl#

tar -zxvf openssl-version.tar.gz
cd openssl-version
./config shared zlib
make && sudo make install

Add the shared parameter to avoid the inability to find zlib during the installation of openssh.

2.1 Remove and backup the original openssl#
sudo mv /usr/bin/openssl /usr/bin/openssl.bak
sudo mv /usr/include/openssl /usr/include/openssl.bak
2.2 Create symbolic links to system locations#
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
sudo ln -s /usr/local/include/openssl /usr/include/openssl
2.3 Add openssl's lib library to the system#
sudo echo "/usr/local/openssl/lib64" > /etc/ld.so.conf.d/openssl.conf

# Make the newly added lib discoverable by the system
sudo ldconfig
2.4 Check openssl version#
openssl version -a

3. Upgrade openssh#

3.1 Remove and backup the original openssh#
sudo mv /etc/init.d/ssh /etc/init.d/ssh.old
sudo cp -r /etc/ssh /etc/ssh.old
3.2 Upgrade openssh#
tar -zxvf openssh-version.tar.gz
cd openssh-version
# Specify the installation path of openssl
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd
make && sudo make install
3.3 Check the current version of SSH#
ssh -V
sshd -V

5. Modify and Restore Default Configuration#

cd /etc/ssh
sudo mv sshd_config sshd_config.default
sudo cp ../ssh.old/sshd_config ./

# Use the original /etc/init.d/ssh
sudo mv /etc/init.d/ssh.old /etc/init.d/ssh

# Unmask the specified service
sudo systemctl unmask ssh

# Restart sshd
sudo systemctl restart sshd

6. Disable Telnet Service#

  1. Stop the Telnet service:

    sudo systemctl stop openbsd-inetd

  2. Disable the Telnet service:

    sudo systemctl disable openbsd-inetd

  3. Uninstall the Telnet server (optional):

    sudo apt remove telnetd

    This will completely remove the Telnet server, including configuration files and executable files.

  4. Close port 23 in the firewall:

    # View current firewall rules with numbers
sudo ufw status numbered

# Delete firewall rule
sudo ufw delete <rule number>
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.