Chinaunix首页 | 论坛 | 博客
  • 博客访问: 738924
  • 博文数量: 235
  • 博客积分: 4309
  • 博客等级: 中校
  • 技术积分: 2325
  • 用 户 组: 普通用户
  • 注册时间: 2011-01-17 11:25
个人简介

If you don\\\\\\\\\\\\\\\'t wanna do it, you find an EXCUSE; if you do, you\\\\\\\\\\\\\\\'ll find a WAY :-)

文章分类

全部博文(235)

文章存档

2014年(3)

2013年(2)

2012年(31)

2011年(199)

分类: LINUX

2011-01-20 21:10:15

Client: macOS Sierra 10.12.1  Server: Debian 8.5

1. 确认目标服务版本


  1. 方法一:
  2. # /Users/ko telnet 172.16.7.18 22
  3. Trying 172.16.7.18...
  4. Connected to 172.16.7.18.
  5. Escape character is '^]'.
  6. SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3   (可以清晰看到目标服务器的ssh服务版本号)

  7. 方法二:
  8. #  /Users/ko ssh -v 172.16.7.18
    OpenSSH_7.2p2, LibreSSL 2.4.1
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to 172.16.7.18 [172.16.7.18] port 22.
    debug1: Connection established.
    ...
  9. ...
  10. ...
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
    debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000

  11. 方法三:
  12. #  /Users/ko nc 172.16.7.18 22
    SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3

2. 修改版本号

  1. 登录目标服务器:
  2. # /Users/ko ssh ko@172.16.7.18
  3. root@debian:~# which sshd
    /usr/sbin/sshd

  4. root@debian:~# cp /usr/sbin/sshd /usr/sbin/sshd.orig   (备份源程序)
    root@debian:~# ssh -V
    OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016


  5. 修改版本号:
    root@debian:~# sed -i 's/OpenSSH_6.7p1/OpenSSH_6.8p1/g' /usr/sbin/sshd

  1. 另一种方法,执行远程命令但不创建登陆shell:(使用普通用户操作需要root权限,使用sudo)
  2. /Users/ko ssh -t ko@172.16.7.18 sudo sed -i 's/OpenSSH_6.8p1/OpenSSH_6.9p1/g' /usr/sbin/sshd  

  3. # /Users/ko ssh ko@172.16.7.18 sudo -S sed -i 's/OpenSSH_6.9p1/OpenSSH_7.1p1/g' /usr/sbin/sshd

3. 确认当前版本

  1. 方法一:
  2. # /Users/ko telnet 172.16.7.18 22
  3. Trying 172.16.7.18...
  4. Connected to 172.16.7.18.
  5. Escape character is '^]'.
  6. SSH-2.0-OpenSSH_6.8p1 Debian-5+deb8u3

  7. 方法二:
  8. #  /Users/ko nc 172.16.7.18 22
    SSH-2.0-OpenSSH_6.8p1 Debian-5+deb8u3

  9. 方法三:
    #  /Users/ko ssh -v 172.16.7.18
    OpenSSH_7.2p2, LibreSSL 2.4.1
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 20: Applying options for *
    debug1: Connecting to 172.16.7.18 [172.16.7.18] port 22.
    debug1: Connection established.
    ...
    ...
  10. ...
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8p1 Debian-5+deb8u3
    debug1: match: OpenSSH_6.8p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000



4. 版本号修改需遵循RFC4253规范
  1. 4.2. Protocol Version Exchange

  2.    When the connection has been established, both sides MUST send an
  3.    identification string. This identification string MUST be

  4.       SSH-protoversion-softwareversion SP comments CR LF

  5.    Since the protocol being defined in this set of documents is version
  6.    2.0, the 'protoversion' MUST be "2.0". The 'comments' string is
  7.    OPTIONAL. If the 'comments' string is included, a 'space' character
  8.    (denoted above as SP, ASCII 32) MUST separate the 'softwareversion'
  9.    and 'comments' strings. The identification MUST be terminated by a
  10.    single Carriage Return (CR) and a single Line Feed (LF) character
  11.    (ASCII 13 and 10, respectively). Implementers who wish to maintain
  12.    compatibility with older, undocumented versions of this protocol may
  13.    want to process the identification string without expecting the
  14.    presence of the carriage return character for reasons described in
  15.    Section 5 of this document. The null character MUST NOT be sent.
  16.    The maximum length of the string is 255 characters, including the
  17.    Carriage Return and Line Feed.

  18.    The part of the identification string preceding the Carriage Return
  19.    and Line Feed is used in the Diffie-Hellman key exchange (see Section
  20.    8).
5. 编译源码,自定义版本号

OpenSSH Mirror List: 
Release Notes: 

  1. Checksums:
  2. ==========

  3.  - SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
  4.  - SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=

  5.  - SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
  6.  - SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=

  7. Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). 
  8. The PGP key used to sign the releases is available as RELEASE_KEY.asc from the mirror sites.



  1. 下载源码 openssh-7.3p1: 
  2. root@debian:~# wget ftp://openbsd.cs.toronto.edu/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz

  3. 确认hash:

  4. SHA1 = bfade84283fcba885e2084343ab19a08c7d123a5
  5. root@debian:~# sha1sum openssh-7.3p1.tar.gz
  6. bfade84283fcba885e2084343ab19a08c7d123a5 openssh-7.3p1.tar.gz

  7. SHA256 = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=
  8. Please note that the SHA256 signatures are base64 encoded and not hexadecimal:

  9. root@debian:~# cat openssh-7.3p1.tar.gz |openssl dgst -binary -sha256|base64
    P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=

  10. 解压源码包:
  11. root@debian:~# mkdir openssh-7.3p1;tar -zxvf ./openssh-7.3p1.tar.gz -C $_
  12. root@debian:~# cd openssh-7.3p1/openssh-7.3p1;./configure
  13. root@debian:~# vim Makefile



How can I get a base64 encoded shaX on the cli:

 





10. Reserved for future use...

Reference: 

http://blog.chinaunix.net/uid-83572-id-3542.html
http://hackerwang.blog.51cto.com/734458/1864720

阅读(1794) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~