AIX6.1上源碼編譯升級openssh6.6p1

時間 2020-02-02

標籤 aix6.1 aix 源碼編譯升級 openssh6.6p1 openssh 简体版

原文原文鏈接

最近由於綠盟掃描到AIX5.3 AIX6.1系統有openssh高危漏洞，OPENSSH6.4以前的都報高危漏洞，IBM官網上也只有最新的openssh6.0安裝文件供下載，沒辦法只有本身試驗的用源碼來安裝升級，期間各類報錯，搞了差很少一週的時間，才順利的安裝的把openssh版本升上去了。如下是安裝步驟php

1，修改/etc/profile文件node

cp -p /etc/profile /etc/profile_bak bash

/etc/profile文件添加網絡

export LIBPATH=/opt/freeware/libssh

export PATH=$PATH:/usr/local/bin:/usr/local/sbinide

source /etc/profileui

2，安裝openssl1.0.1gspa

從http://www-frec.bull.com/recherche.php下載所需的opensslRPM安裝包，並安裝：orm

openssl-1.0.1g-1.aix6.1.ppc.rpm
server

openssl-devel-1.0.1g-1.aix6.1.ppc.rpm

root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-1.0.1g-1.aix6.1.ppc.rpm

warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmorig

openssl ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh openssl-devel-1.0.1g-1.aix6.1.ppc.rpm

openssl-devel ##################################################

接下來須要安裝zlib，因爲沒有安裝GCC，須要首先安裝GCC

從http://www-frec.bull.com/recherche.php下載GCC RPM包，並下載相關的倚賴安裝包，並安裝：

2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip

gcc-4.8.1-2.aix6.1.ppc.rpm

首先將2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip解壓出來

root@SHDNSDB02:/home/weihu>jar -xvf 2503gcc-cpp-4.8.1-2.aix6.1.ppc.rpm-with-deps.zip

inflated: libmpc-0.9-1.aix5.3.ppc.rpm

inflated: zlib-1.2.5-6.aix6.1.ppc.rpm

inflated: info-5.0-2.aix6.1.ppc.rpm

inflated: gettext-0.17-8.aix6.1.ppc.rpm

inflated: libiconv-1.14-1.aix6.1.ppc.rpm

inflated: gmp-5.1.3-1.aix6.1.ppc.rpm

inflated: mpfr-3.1.2-1.aix6.1.ppc.rpm

inflated: gcc-4.8.1-2.aix6.1.ppc.rpm

inflated: gcc-cpp-4.8.1-2.aix6.1.ppc.rpm

inflated: libgcc-4.8.1-2.aix6.1.ppc.rpm

inflated: bash-4.2-9.aix6.1.ppc.rpm

root@SHDNSDB02:/home/weihu>rpm -Uvh libgcc-4.8.1-2.aix6.1.ppc.rpm

libgcc ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh gmp-5.1.3-1.aix6.1.ppc.rpm

gmp ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh gettext-0.17-8.aix6.1.ppc.rpm --nodeps

gettext ##################################################

add libintl.so.1 (32bits) shared member to /opt/freeware/lib/libintl.a

add libintl.so.1 (64bits) shared member to /opt/freeware/lib/libintl.a

root@SHDNSDB02:/home/weihu>rpm -Uvh libiconv-1.14-1.aix6.1.ppc.rpm

libiconv ##################################################

add shr4.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.a

add shr.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.a

add shr4_64.o shared members from /usr/lib/libiconv.a to /opt/freeware/lib/libiconv.a

root@SHDNSDB02:/home/weihu>rpm -Uvh mpfr-3.1.2-1.aix6.1.ppc.rpm

mpfr ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh zlib-1.2.5-6.aix6.1.ppc.rpm

zlib ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh info-5.0-2.aix6.1.ppc.rpm

warning: /opt/freeware/info/dir created as /opt/freeware/info/dir.rpmnew

info ##################################################

Please check that /etc/info-dir does exist.

You might have to rename it from /etc/info-dir.rpmsave to /etc/info-dir.

root@SHDNSDB02:/home/weihu>rpm -Uvh libmpc-0.9-1.aix5.3.ppc.rpm

libmpc ##################################################

root@SHDNSDB02:/home/weihu>rpm -Uvh bash-4.2-9.aix6.1.ppc.rpm

bash ##################################################

## Binary "bash" is avaible on 32bit and 64bit ##

The default used is 64bit

Please change symbolic link

from "bash" into /bin directory

To do that tape:

# rm -f /bin/bash

# ln -sf /opt/freeware/bin/bash_32 /bin/bash

root@SHDNSDB02:/home/weihu>mv /bin/bash /bin/bash_bak

root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_

bash_32 bash_64

root@SHDNSDB02:/home/weihu>ln -sf /opt/freeware/bin/bash_32 /bin/bash

root@SHDNSDB02:/home/weihu>rpm -Uvh gcc-cpp-4.8.1-2.aix6.1.ppc.rpm gcc-4.8.1-2.aix6.1.ppc.rpm

gcc-cpp ##################################################

gcc ##################################################

root@SHDNSDB02:/home/weihu>type gcc

gcc is /usr/bin/gcc

到此GCC已經安裝好。

接下來編譯zlib,我用的zlib版本是zlib-1.2.5.tar.bz2，解壓並編譯它

(*注意這裏必定要安裝，不然會報錯：configure: error: *** zlib.h missing - please install first or check config.log ****)

root@SHDNSDB02:/home/weihu>bzip2 -d zlib-1.2.5.tar.bz2

root@SHDNSDB02:/home/weihu>tar -xvf zlib-1.2.5.tar

root@SHDNSDB02:/home/weihu>cd zlib-1.2.5

root@SHDNSDB02:/home/weihu>./configure

root@SHDNSDB02:/home/weihu>make

root@SHDNSDB02:/home/weihu>make install

編譯openssh,並將openssh源碼包打包成

root@SHDNSDB02:/home/weihu>gzip -d openssh-6.6p1.tar.gz

root@SHDNSDB02:/home/weihu>tar xvf openssh-6.6p1.tar

root@SHDNSDB02:/home/weihu>cd openssh-6.6p1

root@SHDNSDB02:/home/weihu>./configure

root@SHDNSDB02:/home/weihu/openssh-6.6p1>contrib/aix/buildbff.sh (*這條命令生成BFF格式可安裝文件，若是腳本最後沒有生成openssh-6.6p1.bff文件，你須要檢查LIB_ PATH是否設置好，而且source /etc/profile讓設置當即生效，同時須要make clean清空上次configure的文件，而後再次./configure並執行buildbff.sh文件*)

root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh

openssh-6.6p1.bff openssh.xml opensshd.init

openssh-exec(): openssh.xml.in opensshd.init.in

root@SHDNSDB02:/home/weihu/openssh-6.6p1>ls -lat openssh-6.6p1.bff

-rw-r--r-- 1 root system 4966400 Oct 16 16:17 openssh-6.6p1.bff

在當前目錄下安裝openssh-6.6p1.bff文件

root@SHDNSDB02:/home/weihu/openssh-6.6p1>inutoc .

(*注意運行上面的命令出現此錯誤sh: 0403-057 Syntax error at line 1 : `(' is not expected.，只須要刪除當前目錄下的openssh-exec(): 文件便可正常運行*)

root@SHDNSDB02:/home/weihu/openssh-6.6p1>installp -acgNQqX -d . -f .toc

到此OPENSSH安裝成功

這個時候看ssh版本仍是之前的

root@SHDNSDB02:/>type sshd

sshd is /usr/sbin/sshd

關閉sshd

root@SHDNSDB02:/>stopsrc -s sshd

備份老版本sshd，創建軟連接到新版本

root@SHDNSDB02:/>mv /usr/sbin/sshd /usr/sbin/sshd_bak

root@SHDNSDB02:/>ln -s /usr/local/sbin/sshd /usr/sbin/sshd

啓動ssh

root@SHDNSDB02:/>/usr/sbin/sshd

Could not load host key: /usr/local/etc/ssh_host_rsa_key

Could not load host key: /usr/local/etc/ssh_host_dsa_key

Could not load host key: /usr/local/etc/ssh_host_ecdsa_key

Could not load host key: /usr/local/etc/ssh_host_ed25519_key

創建KEY文件

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ecdsa -f /usr/local/etc/ssh_host_ecdsa_key

root@SHDNSDB02:/>/usr/local/bin/ssh-keygen -t ed25519 -f /usr/local/etc/ssh_host_ed25519_key

從新開啓ssh服務

root@SHDNSDB02:/>/usr/sbin/sshd

至此ssh服務啓動完成，能夠正常遠程鏈接

查看如下ssh服務進程和OPENSSH的版本

root@SHDNSDB02:/>ps -ef|grep sshd

weihu 44957866 5767496 0 14:38:48 - 0:00 /usr/sbin/sftp-server -m /etc/ssh/sshd_config

weihu 45481992 48365574 0 13:55:31 - 0:00 sshd: weihu@pts/3

weihu 46661832 7340288 0 13:09:51 - 0:00 sshd: weihu@pts/1

root 48365574 1 0 13:55:18 - 0:00 sshd: weihu [priv]

root 3998086 1 0 16:47:30 - 0:00 sshd: weihu [priv]

root 4063686 6357374 0 16:59:02 pts/0 0:00 grep sshd

weihu 4194786 3998086 0 16:47:52 - 0:00 sshd: weihu@pts/0

weihu 5767496 6750580 0 14:38:48 - 0:01 sshd: weihu@notty

root 6750580 1 0 14:38:47 - 0:00 sshd: weihu [priv]

root 7340288 1 0 13:09:44 - 0:00 sshd: weihu [priv]

root 7406052 1 0 16:58:54 - 0:00 /usr/sbin/sshd

root@SHDNSDB02:/>sshd -v

unknown option -- v

OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014

usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]

[-E log_file] [-f config_file] [-g login_grace_time]

[-h host_key_file] [-k key_gen_time] [-o option] [-p port]

[-u len]

作到這一步openssh的版本就算是升上去了，可是有一個問題還未解決

root@SHDNSDB02:/>stopsrc -s sshd

root@SHDNSDB02:/>startsrc -s sshd

上面的命令沒法對ssh進程產生重啓和關閉的做用，並且當我重啓系統後，ssh是不會自啓動的，還好開啓了telnet，這個問題暫時還未解決，但願看到此文的網絡大牛們給指導指導。

上文所須要的所有安裝包，我已經上傳，有須要的能夠下載，下載地址以下：

http://down.51cto.com/data/1884215

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。