OS
[Rocky8] OpenSSL 3.0.11 & OpenSSH 9.3p2
- 비아웹 오래 전 2024.07.02 16:36 인기
-
- 1,712
- 0
※ 설치환경
- OS : Rocky Linux release 8.10 (Green Obsidian)
- Kernel : 4.18.0-553.el8_10.x86_64
[OpenSSL 3.0.11 설치]
1. 설치된 openssl 삭제
[root@localhost ~]# openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
[root@localhost ~]# dnf -y remove openssl
[root@localhost ~]# openssl version
-bash: /usr/bin/openssl: No such file or directory
2. 컴파일 패키지 및 의존성 설치
[root@localhost ~]# dnf -y install gcc gcc-c++ perl-IPC-Cmd perl-Pod-Html
# Version 3.1.x
wget https://www.openssl.org/source/openssl-3.1.3.tar.gz
# Version 3.0.x
wget https://www.openssl.org/source/openssl-3.0.11.tar.gz
3. openssl 컴파일
[root@localhost ~]# cd /opt
[root@localhost ~]# wget https://www.openssl.org/source/openssl-3.0.11.tar.gz
[root@localhost ~]# tar xzf openssl-3.0.11.tar.gz
[root@localhost ~]# cd openssl-3.0.11
[root@localhost ~]# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
[root@localhost ~]# make -j $(nproc)
[root@localhost ~]# make install
[root@localhost ~]# ldconfig
[root@localhost ~]# sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH
EOF
[root@localhost ~]# source /etc/profile.d/openssl.sh
[root@localhost ~]# openssl version
- OpenSSL에 의존하는 패키지 설치 테스트
[root@localhost ~]# dnf install policycoreutils-python-utils
[root@localhost ~]# cp /usr/local/openssl/lib64/libcrypto.so.3 /lib64/
[OpenSSH 9.3.p2 설치]
1. 의존성 설치
[root@localhost ~]# dnf -y install zlib-devel pam-devel
[root@localhost ~]# cd /opt
[root@localhost ~]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
[root@localhost ~]# tar xzf openssh-9.3p2.tar.gz
[root@localhost ~]# cd openssh-9.3p2
2. openssh 컴파일
[root@localhost ~]# ./configure \
--prefix=/usr/local/openssh \
--with-ssl-dir=/usr/local/openssl \
--with-privsep-user=sshd \
--with-zlib \
--with-pam \
--with-md5-passwords
[root@localhost ~]# make && make install
3. 버전 확인
[root@localhost ~]# /usr/local/openssh/bin/ssh -V
4. 설정 디렉토리 심볼릭 링크 설정
◎ 심볼릭 링크 설정 전 /usr/bin 아래 ssh 관련 파일들 파일명 변경 후 적용 필요
/usr/sbin/sshd
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/bin/scp
/usr/bin/sftp
[root@localhost ~]# ln -s /usr/local/openssh/bin/* /usr/bin
[root@localhost ~]# ln -s /usr/local/openssh/libexec/* /usr/sbin
[root@localhost ~]# ln -s /usr/local/openssh/sbin/* /usr/sbin
※ 기존 /etc/ssh/sshd_config등 ssh 관련 설정 파일들은 백업 권장 sshd 설정파일 경로는 /usr/local/openssh/etc/
5. systemd 등록 및 자동시작 설정
[root@localhost ~]# vi /etc/systemd/system/sshd.service
# 아래 내용 복사 후 저장
[Unit]
Description=OpenSSH server daemon fix
#Documentation=man:sshd(8) man:sshd_config(5)
#After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
#Type=notify
#EnvironmentFile=/etc/sysconfig/sshd
#ExecStart=/usr/sbin/sshd -D
ExecStart=/usr/local/openssh/sbin/sshd
#ExecReload=/bin/kill -HUP
#KillMode=process
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable sshd
[root@localhost ~]# systemctl start sshd
6. 기존 SSH 제거
[root@localhost ~]# rpm -qa | grep openssh
[root@localhost ~]# rpm -e --nodeps openssh openssh-clients openssh-server
- 이전글[CVE-2024-6387 regreSSHion] OpenSSH 취약점 패치 & OpenSSH 9.8/9.8p1 설치2024.07.03
- 다음글ubuntu ufw 사용 방법2024.07.01
댓글목록
등록된 댓글이 없습니다.