OS 是 Ubuntu 10.04 64-bit 並且已經做完 apt-get update && apt-get upgrade 後,還是被資安人員發現有安全性漏洞,理由是 Openssh 版本小於 5.6:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

處理方式:

只好用 tarball 更新,到 http://www.openssh.com/ 下載程式碼,在此隨便挑一處下載,再加上機器好像沒啥人在登入,就衝 openssh-5.8p1.tar.gz 吧!

$ cd /tmp
$ wget http://openbsd.org.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.8p1.tar.gz
$ tar -xvf  openssh-5.8p1.tar.gz
$ cd openssh-5.8p1
$ ./configure && make

只可惜沒那麼順利,會出現 OpenSSL headers missing 與 zlib.h 相關訊息,只好多裝一下:

$ sudo apt-get install zlib1g-dev libssl-dev

如此一來就能正常 configure && make && make install

只是,問題並沒這般解決,判斷 ssh & sshd 版本:

安裝前:

$ ssh -version
OpenSSH_5.3p1 Debian-3ubuntu5, OpenSSL 0.9.8k 25 Mar 2009
Bad escape character 'rsion'.

$ dpkg -s openssh-server
Package: openssh-server
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 796
Maintainer: Colin Watson <cjwatson@ubuntu.com>
Architecture: amd64
Source: openssh
Version: 1:5.3p1-3ubuntu5
... 

用 telnet localhost 22 來查看

$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5

安裝後,卻只有 ssh -version 顯示正確,其他的跟安裝前一樣:

$ ssh -version
OpenSSH_5.3p1 Debian-3ubuntu5, OpenSSL 0.9.8k 25 Mar 2009
Bad escape character 'rsion'.

查看預設 configure 結果:

configure: creating ./config.status
config.status: creating Makefile
config.status: creating buildpkg.sh
config.status: creating opensshd.init
config.status: creating openssh.xml
config.status: creating openbsd-compat/Makefile
config.status: creating openbsd-compat/regress/Makefile
config.status: creating ssh_prng_cmds
config.status: creating survey.sh
config.status: creating config.h

OpenSSH has been configured with the following options:
                                                User binaries: /usr/local/bin
                                           System binaries: /usr/local/sbin

                                       Configuration files: /usr/local/etc
                                        Askpass program: /usr/local/libexec/ssh-askpass
                                             Manual pages: /usr/local/share/man/manX
                                                        PID file: /var/run
                Privilege separation chroot path: /var/empty
                              sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
                                        Manpage format: doc
                                              PAM support: no
                                        OSF SIA support: no
                                    KerberosV support: no
                                        SELinux support: no
       Smartcard support: 
                                           S/KEY support: no
                             TCP Wrappers support: no
                            MD5 password support: no
                                          libedit support: no
              Solaris process contract support: no
                             Solaris project support: no
                    IP address in $DISPLAY hack: no
                             Translate v4 in v6 hack: yes
                                     BSD Auth support: no
                           Random number source: OpenSSL internal ONLY

                       Host: x86_64-unknown-linux-gnu
                 Compiler: gcc
         Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fstack-protector-all 
  Preprocessor flags: 
               Linker flags:  -fstack-protector-all
                    Libraries: -lcrypto -ldl -lutil -lz -lnsl  -lcrypt -lresolv

Ubuntu 10.04 server 之 sshd 的設定檔預設是擺在 /etc/ssh/ 而執行檔在 /usr/sbin/sshd, /usr/bin/ssh 並且查看 /etc/init.d/ssh 裡頭的描述也都是用 /usr/sbin/sshd 來動作,因此就稍微改一下流程:

$ ./configure --sbindir=/usr/sbin
$ sudo make install

暫時運行的結果還正常,只是感覺還是整身的不乾淨的感覺

$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.8


changyy 發表在 痞客邦 PIXNET 留言(0) 人氣()