openssh9.3-p2以下版本有如下漏洞

在rhel7.4/7.5/7.6均做过测试。

本文需要用到的rpm包如下：

https://download.csdn.net/download/kadwf123/88652359

升级步骤

1、升级前启动telnet

##升级前启动telnet服务
yum -y install telnet-server
yum -y install xinetd
yum -y install telnet

systemctl restart telnet.socket
systemctl restart xinetd
##注意：默认telnet远程连接不能使用root用户。
 

2、升级openssl到1.1.1w

##升级openssl到1.1.1w
cd /root/rpmbuild/RPMS/x86_64/
rpm -ivh  openssl-1.1.1w-1.el7.x86_64.rpm openssl-devel-1.1.1w-1.el7.x86_64.rpm --force --nodeps

[root@cdm421 ~]# rpm -qa | grep openssl
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-1.0.2k-25.el7_9.x86_64
openssl-devel-1.1.1w-1.el7.x86_64
openssl098e-0.9.8e-29.el7_2.3.x86_64
openssl-libs-1.0.2k-25.el7_9.x86_64
openssl-devel-1.0.2k-25.el7_9.x86_64
openssl-1.1.1w-1.el7.x86_64

rpm -e openssl-1.0.2k-25.el7_9.x86_64 openssl-devel-1.0.2k-25.el7_9.x86_64 --nodeps

[root@cdm421 ~]# rpm -qa | grep openssl
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-devel-1.1.1w-1.el7.x86_64
openssl098e-0.9.8e-29.el7_2.3.x86_64
openssl-libs-1.0.2k-25.el7_9.x86_64
openssl-1.1.1w-1.el7.x86_64

openssl version

root@hostdb2[/root]#openssl version
OpenSSL 1.1.1w  11 Sep 2023
 

3、升级openssh到9.5-p1

##升级openssh前备份
mkdir ~/ssh_bak
mkdir ~/ssh_bak/service
mkdir ~/ssh_bak/pam.d/
# 备份PAM配置
cp /etc/pam.d/*  ~/ssh_bak/pam.d/
# 备份sshd_config
cp /etc/ssh/sshd_config ~/ssh_bak/
# 备份sshd的启动服务
cp /usr/lib/systemd/system/sshd* ~/ssh_bak/service/
# 备份ssh环境变量文件
cp /etc/sysconfig/sshd  ~/ssh_bak/

rpm -qa | grep openssh

[root@cdm421 ~]# rpm -qa | grep openssh
openssh-server-7.4p1-22.el7_9.x86_64
openssh-7.4p1-22.el7_9.x86_64
openssh-clients-7.4p1-22.el7_9.x86_64

rpm -ivh openssh-9.5p1-1.el7.x86_64.rpm openssh-clients-9.5p1-1.el7.x86_64.rpm openssh-server-9.5p1-1.el7.x86_64.rpm --force

rpm -qa | grep openssh

[root@cdm421 ~]# rpm -qa | grep openssh
openssh-server-7.4p1-22.el7_9.x86_64
openssh-9.5p1-1.el7.x86_64
openssh-7.4p1-22.el7_9.x86_64
openssh-clients-7.4p1-22.el7_9.x86_64
openssh-clients-9.5p1-1.el7.x86_64
openssh-server-9.5p1-1.el7.x86_64

rpm -e openssh-server-7.4p1-22.el7_9.x86_64 openssh-7.4p1-22.el7_9.x86_64 openssh-clients-7.4p1-22.el7_9.x86_64

[root@cdm421 ~]# rpm -qa | grep openssh
openssh-9.5p1-1.el7.x86_64
openssh-clients-9.5p1-1.el7.x86_64
openssh-server-9.5p1-1.el7.x86_64

chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key

恢复PAM设置
cp -f ~/ssh_bak/sshd /etc/pam.d/

chmod 0400 /etc/ssh/ssh_host_*

##恢复配置文件（可选）

###注意，该步骤为可选步骤，仅在服务启动失败时供排查报错或者恢复配置使用！
###(我这边实际测试需要恢复/etc/pam.d/sshd，否则能正常启动sshd服务，
###但是远程ssh连接的时候报错PAM unable to dlopen(/usr/lib64/security/pam_stack.so): /usr/lib64/security/pam_stack.so)
###另外两个是都要恢复，如果不恢复，重启os后会有问题，sshd服务起不来
cp -f ~/ssh_bak/sshd /etc/sysconfig/sshd
cp -f ~/ssh_bak/pam.d/sshd /etc/pam.d/sshd
cp -f ~/ssh_bak/service/* /usr/lib/systemd/system/

vi /etc/ssh/sshd_config 
PermitRootLogin yes
取消上面的root远程登录的注释

vi /usr/lib/systemd/system/sshd.service 
[Service]下新增
Type=simple

 
systemctl restart sshd
systemctl status sshd