ubuntu14.04.1 upgrade openssh

Since the default openssh of ubuntu14.04.1 is version 5.6p1, there are many security vulnerabilities, so we plan to upgrade to openssh7.5p1

1. Download the software required for the upgrade
   zlib-1.2.11.tar.gz openssh-7.5p1.tar.gz openssl-1.0.2l.tar.gz

2. Need to uninstall the old version

apt-get remove openssl

apt-get remove openssh-server openssh-client

apt-get purge openssl

Three, start the installation
1、 First unzip and install zlib: tar -zxvf zlib-1.2.11.tar.gz, the zlib directory will be generated in the current directory. Enter the zlib directory, then ./configure, make, make install, all the way down, there is no error prompt, the installation is successful.

2、 Install openssl first, be sure to add the --shared option, otherwise the newly installed openssl library will not be found when openssh is compiled, and an error will be reported: openssl header and library version do not match.

cd /openssl-1.0.2l

#. /configure --prefix=/usr --shared

make

make test

make install

After installation, you can use openssl version -a to check whether openssl is installed correctly.

Installation here may report errors: POD document had syntax errors at /usr/bin/pod2man line 71.

Solution: Open the configuration file /usr/bin/pod2man and take a look. If possible, comment out line 71 and use #comment in compiling

3. Install openssh-server again. The steps are the same as above.
   #. /configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd --with-pam

make clean

make

make install

Report an error in the last step: Privilege separation user sshd does not exist Solution: Add in /etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Make install again to compile and install successfully.
Note: If you encounter library files not found

Compare the file size of the normal machine and this libcrypto.so.1.0.0. If the file is 0, it must be overwritten with a normal file (there will be multiple files in the system, distributed in different directories ), if it is found to be missing compared to the normal machine, copy it to that directory.

4. Start ssh. ssh is installed by default in the /usr/local/sbin/ directory. Use /usr/local/sbin/sshd to start the ssh service, which listens on port 22 by default.

5. Check whether the ssh service is started:

• • View ssh service

/usr/sbin/sshd -d

netstat -tnlp | grep :22

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2204/sshd *tcp 0 0 :::22 ::: LISTEN 2204/sshd

ssh -V

OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017

Finally, if ubuntu is restarted, sshd will not start on boot by default, so it is necessary to add boot automatically

sudo vi /etc/rc.local

Before exit 0, add a line:

/usr/local/sbin/sshd

Can also be like this

• • Set up auto start
    cp -p /usr/local/openssh-7.5p1/contrib/redhat/sshd.init /etc/init.d/sshd
    chmod+x /etc/init.d/sshd
    chkconfig --add sshd
    chkconfig sshd on
    chkconfig --list sshd

appendix:
Uninstall zlib, error handling
rpm-qa | grep zlib
zlib-1.2.3-29.el6.x86_64
rpm -e--nodeps zlib-1.2.3-29.el6.x86_64
rpm-qa | grep zlib
rpm:error while loading shared libraries: libz.so.1: cannot open shared objectfile: No such file or directory

• • Solution
    ldd/bin/rpm |grep libz.so.1
    libz.so.1 => not found
    libz.so.1 => not found
    libz.so.1 => not found
    libz.so.1 => not found
    libz.so.1 => not found

find /-name libz.so.1
/lib64/libz.so.1
ll /lib64/libz.so.1
lrwxrwxrwx.1 root root 13 November 16 2013 /lib64/libz.so.1 -> libz.so.1.2.3
Copy libz.so.1.2.3 from another linux to the /lib64/ directory, create a connection
cd /lib64/
ln -slibz.so.1.2.3 libz.so.1

yum install pam-dev
Therewas a problem importing one of the Python modules
requiredto run yum. The error leading to this problem was:

libssl.so.10: cannot open shared objectfile: No such file or directory
libcrypto.so.10: cannot open shared objectfile: No such file or directory
Solution:
cd /usr/lib64/
ln-s libssl.so.1.0.0 libssl.so.10
ln-s libcrypto.so.1.0.0 libcrypto.so.10

Mount the CD, use ISO
sudo mount /dev/sr0 /mnt
After the command is executed, the feedback "mount: /dev/sr0 is write-protected, mounting read-only" means that the CD-ROM is mounted in a read-only manner.

ubuntu yum configuration
ubuntu does not support yum command, so I tried the installation of ubuntu yum command. The installation process is as follows (ubuntu version is 14.04)

1、 First check whether the build-essential package is installed

apt-get install build-essential
2、 Install yum
apt-get install yum

ubuntu's own package management
/etc/apt/sources.list is the configuration file used by the package management tool apt to record the location of the software package repository, as well as the files located in /etc/apt/sources.list.d/*.list.
Edit the statement
deb [arch=amd64] http://11.11.177.72:28000 ngiam main
Other external sources
deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
Then save, sudo apt upgrade (update)

Ssh has permission denied (publickey, password) problem on ubuntu:

Modify the /etc/ssh/sshd-config file.
Modify PermitRootLogin no to yes
PubkeyAuthentication yes is changed to no
AuthorizedKeysFile .ssh/authorized_keys is preceded by # to block it,
Modify PasswordAuthentication no to yes.

Restart sshd: service sshd restart

In fact, this method can not solve the problem of public key, but it is changed to access by password

If the password is correct, you can’t log in. You can delete /root/.ssh/known_hosts, or check whether there are restrictions in sshd_config