解决漏洞
OpenSSH 安全漏洞(CVE-2025-26465 )
OpenSSH 资源管理错误漏洞(CVE-2025-26466 )
查看OpenSSH当前版本
ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1h 22 Sep 2020
- 备份
cp -r /etc/ssh /etc/ssh_backup_98
cp /usr/sbin/sshd /usr/sbin/sshd_backup_98
- 下载并解压 OpenSSH 10.0p1
下载包地址:(https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/ 或https://openssl-library.org/source/)
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-10.0p1.tar.gz
tar -zxvf openssh-10.0p1.tar.gz
cd openssh-10.0p1
- 安装依赖环境
yum install -y gcc pam-devel zlib-devel openssl-devel make tar
- 编译与安装
--prefix=/usr:指定软件的安装根目录,二进制文件会安装到 /usr/bin 或 /usr/sbin,库文件会安装到 /usr/lib 或 /usr/lib64,头文件会安装到 /usr/include。
--sysconfdir=/etc/ssh:指定软件的配置文件安装目录,配置文件(如 sshd_config、ssh_config)会安装到 /etc/ssh 目录。
为什么用 /etc/ssh?大多数 Linux 系统默认将 OpenSSH 的配置文件放在此目录,保持一致性可以避免路径混乱。
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl
make && make install
安装成功后打印
/etc/ssh/ssh_config already exists, install will not overwrite
/etc/ssh/sshd_config already exists, install will not overwrite
/etc/ssh/moduli already exists, install will not overwrite
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
- 重启服务并检查服务状态
systemctl restart sshd
systemctl status sshd
查看ssh版本号
ssh -V
OpenSSH_10.0p2, OpenSSL 1.1.1h 22 Sep 2020
查看ssh进程,并验证版本号
ps -ef | grep sshd
root 9883 1 0 14:10 ? 00:00:00 sshd-session: root [priv]
root 9885 9883 0 14:10 ? 00:00:00 sshd-session: root@notty
root 9961 1 0 17:01 ? 00:00:00 sshd-session: root [priv]
root 9963 9961 0 17:01 ? 00:00:00 sshd-session: root@pts/0
root 18196 1 0 17:18 ? 00:00:00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
root 18205 9964 0 17:20 pts/0 00:00:00 grep --color=auto sshd
/usr/sbin/sshd -V
OpenSSH_10.0p2, OpenSSL 1.1.1h 22 Sep 2020
