linux openssh 源码升级并隐藏版本号 提供一键安装脚本

因某项目 系统是 SUSE 11 SP3。 在上线前，甲方在安全检测时，发现有openssh 漏洞一大堆！！，导致项目无法正式上线。故只能将openssh openssl 升级。

本文章只提供自写脚本，方便一键升级。(请先自行安装gcc gcc-c++)

本脚本只在suse 11 sp3 上进行测试。但请先自行测试，若脚本出现生产事故故障，不负任何责任！！！

需要依赖包 upgradeSSH.tar 其实就是 3个包 openssh openssl zlib，将此三个包打包成upgradeSSH.tar 名称。或自行修改脚本

# -*- coding: utf-8 -*-
#!/usr/bin/python
#python: 2.7.x
#organization: China Poka
#Author: Duan Yu
#mail:[email protected] or [email protected]
#Date: 02-01-2019
#version: 0.9


#SUSE 11 SP3


import os

class system:
    @staticmethod
    def tar():
        #sshTarPath ="/opt/safe/"
        tmpDir = "/tmp/safe/ssh/tar"
        os.system("rm -rf " + tmpDir)
        os.system("mkdir -p " + tmpDir)
        while True:
            sshTarPath = raw_input("input upgradeSSH tar Path:")+"upgradeSSH.tar"
            if os.path.exists(sshTarPath):
                break
        os.system("tar xvf " +sshTarPath + " -C " + tmpDir)
        os.system("for i in /tmp/safe/ssh/tar/*.tar.gz; do tar zxvf  $i -C /tmp/safe/ssh/ ;done")

    @staticmethod
    def config():
        #zlib
        checkZlib =os.system("cd /tmp/safe/ssh/zlib* && ./configure --shared && make && make install")
        if 0 != checkZlib:
            print("config zlib fault")
            os._exit(3)


        #openssl
        checkOpenssl = os.system("cd /tmp/safe/ssh/openssl* && ./config shared && make && make install")
        if 0 != checkOpenssl:
            print("config openssl fault")
            os._exit(4)

        #backup openssl
        os.system("mv /usr/bin/openssl /usr/bin/openssl.bak")
        os.system("ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl")
        os.system("echo /usr/local/ssl/lib >> /etc/ld.so.conf")
        os.system("ldconfig")


        #openssh
        os.system("rpm -e openssh --nodeps && mv /etc/ssh /etc/sshbak")
        #hide version
        tools.replace("/tmp/safe/ssh/openssh-7.9p1/version.h","OpenSSH_7.9","OpenSSH")
        #make
        checkOpenssh = os.system("cd /tmp/safe/ssh/openssh*/ && ./configure --prefix=/usr/ --sysconfdir=/etc/ssh "
                  "--with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords mandir=/usr/share/man "
                  "&& make && make install")
        if 0 != checkOpenssh:
            print("config openssh fault")
            os._exit(5)

        os.system("service sshd stop && mv /etc/init.d/sshd /etc/init.d/sshd.bak")
        os.system("cp -p /tmp/safe/ssh/openssh*/contrib/suse/rc.sshd /etc/init.d/sshd")
        os.system("chmod +x /etc/init.d/sshd && chkconfig --add sshd")
        os.system("cp -f -r /usr/sbin/sshd /usr/sbin/sshd.bak")
        os.system("cp -f -r /tmp/safe/ssh/openssh-*/sshd_config /etc/ssh/sshd_config ")
        os.system("cp -f -r /tmp/safe/ssh/openssh-*/sshd /usr/sbin/sshd")
        os.system("cp -f -r /tmp/safe/ssh/openssh-*/ssh /usr/sbin/ssh")

        #root login
        tools.replace("/etc/ssh/sshd_config","#PermitRootLogin prohibit-password","PermitRootLogin yes")


class tools:
    @staticmethod
    def replace(file_path, old_str, new_str):
        try:
            f = open(file_path,'r+')
            all_lines = f.readlines()
            f.seek(0)
            f.truncate()
            for line in all_lines:
                line = line.replace(old_str, new_str)
                f.write(line)
            f.close()
        except Exception,e:
            print e

def install_ssh():
    system.tar()
    system.config()

if __name__ == '__main__':
    install_ssh()

脚本运行完成后检查是否升级成功