SSH用户枚举漏洞(CVE-2018-15473)

检查SSH版本ssh -V

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017

这是ubuntu 18.04.2/3自带的ssh版本,据说7.7及以前版本都有这个问题,需要升级解决

Ubuntu 16.04.2 LTS - OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g 1 Mar 2016
Ubuntu 20.04 LTS - OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020

尝试解决
sudo apt-get update
sudo ls /var/cache/apt/archives/
sudo apt-get -d install openssh-server
sudo mv /var/cache/apt/archives/*.deb .
没有新版
openssh-server_1%3a7.6p1-4ubuntu0.3_amd64.deb

OpenSSH 8.3 released May 27, 2020
http://www.openssh.com/
http://www.openssh.com/portable.html
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz
tar xf openssh-8.2p1.tar.gz && cd openssh-8.2p1/

备份
cp /etc/init.d/ssh /etc/init.d/ssh.old && cp -r /etc/ssh /etc/ssh.old

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd

configure: error: *** zlib.h missing - please install first or check config.log ***

January 15, 2017可能就是最新了
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xf zlib-1.2.11.tar.gz && cd zlib-1.2.11/
./configure && make && make install (install 需要sudo)

configure: error: *** working libcrypto not found, check config.log

https://www.openssl.org/source/
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1f.tar.gz
https://github.com/openssl/openssl/releases
wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1g.tar.gz
tar xf OpenSSL_1_1_1g.tar.gz && cd openssl-OpenSSL_1_1_1g/
./config(错?) && make && make install (sudo)
openssl version(OpenSSL 1.1.1 11 Sep 2018)没啥问题啊,没变化,不过有进展(OpenSSL 1.1.1g 21 Apr 2020)

configure:13069: error: Your OpenSSL headers do not match your library.

./config --prefix=/usr/local --openssldir=/usr/local/openssl
whereis openssl
openssl: /usr/bin/openssl /usr/local/bin/openssl /usr/local/openssl /usr/share/man/man1/openssl.1ssl.gz
重启后openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference
sudo ldconfig -v 后好了

configure: error: PAM headers not found
https://blog.csdn.net/weixin_39845407/article/details/80922488
sudo apt-get install libpam0g-dev

后边就很顺利了make & sudo make install
ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1g 21 Apr 2020
重启一下看

https://www.cnblogs.com/thechosenone95/p/10603110.html
参考:
https://blog.csdn.net/SIMPLE1995/article/details/102537189

真麻烦,还是关了吧
https://blog.csdn.net/kaikai136412162/article/details/98026747

sudo systemctl status ssh
sudo systemctl disable ssh
需要用的时候start/stop
或者远程控制开关

标签: none

添加新评论