hpux 11.31 openssh 直接装到6.6, openssl 装到 openssl-1.0.1h

由于HP官方只提供了secureshell6.2的depot包，导致安装到6.2后，安全扫描仍然能查出漏洞，按照要求需要升级至最新的6.6版本。

直接下载编译好的depot 


资源:

注意版本,分安腾和PA-RISC

还要把依赖包也下,先装依赖包

建议在安装之前先把telnet打开，防止升级导致无法ssh远程连接

1 安装openssl
上传安装包
gzip -d open*  解压
swinstall -s /home/monitor/openssh/openssl-1.0.1h-ia64-11.31.depot


配置ssl


mv /usr/bin/openssl /usr/bin/openssl.old 
mv /usr/include/openssl   /usr/include/openssl.old
ln -s /usr/local/bin/openssl /usr/bin/openssl 
ln -s /usr/local/include/openssl/ /usr/include/openssl 

2 安装openssh，要用绝对路径
swinstall -s /home/monitor/openssh/libiconv-1.14-ia64-11.31.depot
swinstall -s /home/monitor/openssh/gettext-0.19.1-ia64-11.31.depot
swinstall -s /home/monitor/openssh/zlib-1.2.8-ia64-11.31.depot
swinstall -s /home/monitor/openssh/openssh-6.6p1-ia64-11.31.depot

3、安装完后配置
cp /opt/ssh/etc/ssh_host* /usr/local/etc
mv /usr/sbin/sshd /usr/sbin/sshdold20140721
ln -s /usr/local/sbin/sshd /usr/sbin/sshd 
mv  /usr/bin/ssh  /usr/bin/sshold201407121
ln -s /usr/local/bin/ssh  /usr/bin/ssh


修改/usr/local/etc/sshd_config
将下面的内容写在文件开头


#Warning!!!!!!!
#Those policy was created by *** at 2014.10.13,please don't remove them without inform.
Port 22
Protocol 2
ListenAddress 0.0.0.0
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin yes
RhostsRASAuthentication no
IgnoreRhosts yes
UsePrivilegeSeparation yes

修改/sbin/init.d/secsh,保证重启系统时启动新sshd
WHAT_PATH=/usr/local/sbin/sshd

可以kill掉当前ssh进程后，重新启动，但这需要开启telnet

# ssh -V
OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014