升级 OpenSSH 到最新版

前言

近期公司有个硬件产品被客户扫描出漏洞,要求修复,大部分都是 OpenSSH 的漏洞,趁此机会研究了下如何升级 OpenSSH 版本。 Ubuntu 14 已停止维护,APT 源上的 openssh-server 最新版还是 6.6,官方最新版是 9.8,所以只有走手动编译这条路。

准备

硬件手头只有一个,搞坏了很难恢复,而且对升级能否一次成功没有把握,所以先用虚拟机安装一个同版本的 Ubuntu. 用虚拟机还有一个好处,可以打快照,搞坏了可以很方便的从头再来。

编译 OpenSSH

1
2
3
4
5
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxvf openssh-9.8p1.tar.gz
cd openssh-9.8p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr --with-md5-passwords

报错信息

1
2
3
4
5
6
7
8
9
10
11
12
13
checking for linux/seccomp.h... yes
checking for linux/filter.h... yes
checking for linux/audit.h... yes
checking for seccomp architecture... "AUDIT_ARCH_X86_64"
checking compiler and flags for sanity... yes
checking for setsockopt... yes
checking for dirname... yes
checking for libgen.h... yes
checking for getspnam... yes
checking for library containing basename... none required
checking for zlib... yes
checking for zlib.h... no
configure: error: *** zlib.h missing - please install first or check config.log ***

安装 zlib

1
apt install zlib1g-dev

下载源码编译安装 zlib 也可以,但没必要。

到 openssh 目录再次尝试

1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr --with-md5-passwords

报错信息

1
2
3
checking if getpgrp accepts zero args... yes
checking for openssl... /usr/bin/openssl
configure: error: *** working libcrypto not found, check config.log

安装 OpenSSL

解决方案

1
2
3
4
5
6
wget https://mirrors.cloud.tencent.com/openssl/source/openssl-1.1.1w.tar.gz
tar zxvf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr --openssldir=/etc/ssl shared zlib
make
make install

注意不要用 3.x 的版本,尝试过了问题较多

到 openssh 目录再次尝试

1
2
3
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr --with-md5-passwords
make
make install

报错信息

1
2
3
4
5
6
7
8
9
10
11
12
/etc/ssh/ssh_config already exists, install will not overwrite
/etc/ssh/sshd_config already exists, install will not overwrite
/etc/ssh/moduli already exists, install will not overwrite
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
/etc/ssh/sshd_config line 16: Deprecated option UsePrivilegeSeparation
/etc/ssh/sshd_config line 19: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 20: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 31: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 38: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config line 88: Unsupported option UsePAM
Unable to load host key "/etc/ssh/ssh_host_dsa_key": invalid format
Unable to load host key: /etc/ssh/ssh_host_dsa_key

Deprecated 和 Unsupported 的不影响使用,有洁癖可以去 /etc/ssh/sshd_config 注释掉

Unable to load host key "/etc/ssh/ssh_host_dsa_key": invalid format 这个错误要解决

1
HostKey /etc/ssh/ssh_host_dsa_key

找到这一行,前面添加 # 注释掉。

版本验证

1
2
unipus@unipus:~$ ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1w 11 Sep 2023

可以发现已经升级到最新版 9.8

漏洞验证

https://github.com/jtesta/ssh-audit 是一款可以扫描 ssh 漏洞的工具。我们可以利用它来验证漏洞是否已修复。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
➜  ssh-audit git:(master) python3 ssh-audit.py -4 192.168.X.X -p 8211
# general
(gen) banner: SSH-2.0-OpenSSH_9.8
(gen) software: OpenSSH 9.8
(gen) compatibility: OpenSSH 8.5+, Dropbear SSH 2020.79+
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) sntrup761x25519-sha512@openssh.com -- [info] available since OpenSSH 8.5
`- [info] default key exchange since OpenSSH 9.0
(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
`- [info] default key exchange from OpenSSH 7.4 to 8.9
(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
`- [info] default key exchange from OpenSSH 6.5 to 7.3
(kex) ecdh-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4
`- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).
(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
`- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) ext-info-s -- [info] pseudo-algorithm that denotes the peer supports RFC8308 extensions
(kex) kex-strict-s-v00@openssh.com -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)

# host-key algorithms
(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2, Dropbear SSH 2020.79
(key) ecdsa-sha2-nistp256 -- [fail] using elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519 -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5, Dropbear SSH 2020.79
`- [info] default cipher since OpenSSH 6.9
(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr -- [info] available since OpenSSH 3.7
(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2

# message authentication code algorithms
(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com -- [fail] using broken SHA-1 hash algorithm
`- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
`- [warn] using small 64-bit tag size
`- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1 -- [fail] using broken SHA-1 hash algorithm
`- [warn] using encrypt-and-MAC mode
`- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28

# fingerprints
(fin) ssh-ed25519: SHA256:+VbmRthawhX/S3GKSvEWnlaJ+gKOS0v16DCrvhDQwx4
(fin) ssh-rsa: SHA256:072/FDvhDKbWxvVaLs89wAi6OMTj8jRUaXt5saMofQU

# algorithm recommendations (for OpenSSH 9.8)
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
(rec) -diffie-hellman-group14-sha256 -- kex algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
(rec) -umac-128@openssh.com -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
(rec) -umac-64@openssh.com -- mac algorithm to remove

# additional info
(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
(nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present. The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com. If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types.

如果有问题,扫描结果中会出现漏洞列表

1
2
3
4
5
6
7
8
9
10
11
12
13

# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers
(cve) CVE-2018-15919 -- (CVSSv2: 5.3) username enumeration via GS2
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response
(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
(cve) CVE-2015-8325 -- (CVSSv2: 7.2) privilege escalation via triggering crafted environment
(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack


升级 OpenSSH 到最新版
https://asynctask.cn/openssh/
作者
三丰
发布于
2024年9月4日
许可协议