[CentOS]Upgrading OpenSSH and vsftpd on CentOS

Thu, 23 Nov 2017 08:05:04 +0000

Upgrading OpenSSH to Version 7.4 or Above

Background

Currently, OpenSSH versions below 7.4 on Linux have some critical vulnerabilities, and OpenSSH needs to be upgraded to version 7.4 or above. On a machine without external network access (no yum), this is quite troublesome. Online resources generally recommend backing up SSH and installing Telnet first, so you can still access the machine via Telnet if the upgrade fails.

Common Issues and Solutions

4. Dependencies required for manually compiling OpenSSH

zlib
pam
pam-devel

If you get the error configure: error: PAM headers not found, you can download pam-devel:

http://rpm.pbone.net/index.php3?stat=26&dist=74&size=208492&name=pam-devel-1.1.1-17.el6.x86_64.rpm

5. OpenSSL download

ftp://ftp.openssl.org/source/

6. Installing OpenSSL

References:

Notes

If SecureCRT cannot log in after upgrading OpenSSH, it may be because the SecureCRT version is too old to support certain encryption protocols:

Reference: http://blog.csdn.net/yangg1991/article/details/51755562

Steps to Upgrade OpenSSH

Reference: http://blog.csdn.net/u011080082/article/details/64503534

Upgrading vsftpd from 2.2.2 to 2.3.4

Download the vsftpd-2.3.4.tar.gz package. For 64-bit systems, note:

1
2


sed -i 's/lib\/lib64\/g' vsf_findlibs.sh
sed -i 's/lib\//lib64\//g' vsf_findlibs.sh

Configuring vsftpd

Using active mode:

1

vsftpd /etc/vsftpd/vsftpd.conf &

When starting in standard_alone mode, you need to add the following two lines to the top of the configuration file:

Reference: http://wingjang.blog.163.com/blog/static/47913442200811113104509/

1
2


listen=YES
listen_port=21

After installation, only anonymous users are allowed to log in by default, so you need to modify the configuration:

Reference: http://blog.sina.com.cn/s/blog_7e16680c01018ox1.html

Handling TCP_Wrapper Issues

If there are issues, pay attention to removing spaces, or you can remove it entirely: