Chinaunix首页 | 论坛 | 博客

Go ahead, try it now..ulovko.blog.chinaunix.net

首页 |  博文目录 |  关于我

ulovko

  • 博客访问: 717413
  • 博文数量: 235
  • 博客积分: 4309
  • 博客等级: 中校
  • 技术积分: 2325
  • 用 户 组: 普通用户
  • 注册时间: 2011-01-17 11:25
个人简介

If you don\\\\\\\\\\\\\\\'t wanna do it, you find an EXCUSE; if you do, you\\\\\\\\\\\\\\\'ll find a WAY :-)

文章分类

全部博文(235)

文章存档

2014年(3)

2013年(2)

2012年(31)

2011年(199)

我的朋友
最近访客
推荐博文
相关博文
Hide the ssh server version

分类: LINUX

2011-01-20 21:10:15

Client: macOS Sierra 10.12.1  Server: Debian 8.5

1. 确认目标服务版本

  1. 方法一:
  2. # /Users/ko telnet 172.16.7.18 22
  3. Trying 172.16.7.18...
  4. Connected to 172.16.7.18.
  5. Escape character is '^]'.
  6. SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3   (可以清晰看到目标服务器的ssh服务版本号)

  8. 方法二:
  9. #  /Users/ko ssh -v 172.16.7.18
    OpenSSH_7.2p2, LibreSSL 2.4.1
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to 172.16.7.18 [172.16.7.18] port 22.
    debug1: Connection established.
    ...
  10. ...
  11. ...
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
    debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000

  12. 方法三:
  13. #  /Users/ko nc 172.16.7.18 22
    SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

2. 修改版本号

  1. 登录目标服务器:
  2. # /Users/ko ssh ko@172.16.7.18
  3. root@debian:~# which sshd
    /usr/sbin/sshd

  4. root@debian:~# cp /usr/sbin/sshd /usr/sbin/sshd.orig   (备份源程序)
    root@debian:~# ssh -V
    OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016


  7. 修改版本号:
    root@debian:~# sed -i 's/OpenSSH_6.7p1/OpenSSH_6.8p1/g' /usr/sbin/sshd

  1. 另一种方法,执行远程命令但不创建登陆shell:(使用普通用户操作需要root权限,使用sudo)
  2. /Users/ko ssh -t ko@172.16.7.18 sudo sed -i 's/OpenSSH_6.8p1/OpenSSH_6.9p1/g' /usr/sbin/sshd  

  4. # /Users/ko ssh ko@172.16.7.18 sudo -S sed -i 's/OpenSSH_6.9p1/OpenSSH_7.1p1/g' /usr/sbin/sshd

3. 确认当前版本

  1. 方法一:
  2. # /Users/ko telnet 172.16.7.18 22
  3. Trying 172.16.7.18...
  4. Connected to 172.16.7.18.
  5. Escape character is '^]'.
  6. SSH-2.0-OpenSSH_6.8p1 Debian-5+deb8u3

  8. 方法二:
  9. #  /Users/ko nc 172.16.7.18 22
    SSH-2.0-OpenSSH_6.8p1 Debian-5+deb8u3

  11. 方法三:
    #  /Users/ko ssh -v 172.16.7.18
    OpenSSH_7.2p2, LibreSSL 2.4.1
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to 172.16.7.18 [172.16.7.18] port 22.
    debug1: Connection established.
    ...
    ...
  12. ...
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8p1 Debian-5+deb8u3
    debug1: match: OpenSSH_6.8p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000



4. 版本号修改需遵循RFC4253规范
  1. 4.2. Protocol Version Exchange

  3.    When the connection has been established, both sides MUST send an
  4.    identification string. This identification string MUST be

  6.       SSH-protoversion-softwareversion SP comments CR LF

  8.    Since the protocol being defined in this set of documents is version
  9.    2.0, the 'protoversion' MUST be "2.0". The 'comments' string is
  10.    OPTIONAL. If the 'comments' string is included, a 'space' character
  11.    (denoted above as SP, ASCII 32) MUST separate the 'softwareversion'
  12.    and 'comments' strings. The identification MUST be terminated by a
  13.    single Carriage Return (CR) and a single Line Feed (LF) character
  14.    (ASCII 13 and 10, respectively). Implementers who wish to maintain
  15.    compatibility with older, undocumented versions of this protocol may
  16.    want to process the identification string without expecting the
  17.    presence of the carriage return character for reasons described in
  18.    Section 5 of this document. The null character MUST NOT be sent.
  19.    The maximum length of the string is 255 characters, including the
  20.    Carriage Return and Line Feed.

  22.    The part of the identification string preceding the Carriage Return
  23.    and Line Feed is used in the Diffie-Hellman key exchange (see Section
  24.    8).
5. 编译源码,自定义版本号

OpenSSH Mirror List: 
Release Notes: 

  1. Checksums:
  2. ==========

  4.  - SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
  5.  - SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=

  7.  - SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
  8.  - SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=

  10. Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). 
  11. The PGP key used to sign the releases is available as RELEASE_KEY.asc from the mirror sites.



  2. 下载源码 openssh-7.3p1: 
  3. root@debian:~# wget ftp://openbsd.cs.toronto.edu/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz

  5. 确认hash:

  7. SHA1 = bfade84283fcba885e2084343ab19a08c7d123a5
  8. root@debian:~# sha1sum openssh-7.3p1.tar.gz
  9. bfade84283fcba885e2084343ab19a08c7d123a5 openssh-7.3p1.tar.gz

  11. SHA256 = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=
  12. Please note that the SHA256 signatures are base64 encoded and not hexadecimal:

  14. root@debian:~# cat openssh-7.3p1.tar.gz |openssl dgst -binary -sha256|base64
    P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=

  16. 解压源码包:
  17. root@debian:~# mkdir openssh-7.3p1;tar -zxvf ./openssh-7.3p1.tar.gz -C $_
  18. root@debian:~# cd openssh-7.3p1/openssh-7.3p1;./configure
  19. root@debian:~# vim Makefile


How can I get a base64 encoded shaX on the cli:

 





10. Reserved for future use...

Reference: 

http://blog.chinaunix.net/uid-83572-id-3542.html
http://hackerwang.blog.51cto.com/734458/1864720
阅读(1730) | 评论(0) | 转发(0) |
0

上一篇:Atheros AR8131 Linux Driver

下一篇:R U Okay ? May I have your name, please?

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6