如何查看sshd当前配置 (gcore, gdb 的妙用)
Linux sshd没有提供显示当前sshd的配置的接口，所以当我们需要了解它的配置时，怎么办呢？
另外我们还不知道sshd已经加载的配置文件名，这有从何下手呢？
本文将结合openssh的源码，给大家一种取得当前sshd配置的方法。
Linux sshd没有提供显示当前sshd的配置的接口，所以当我们需要了解它的配置时，怎么办呢？
另外我们还不知道sshd已经加载的配置文件名，这有从何下手呢？
本文将结合openssh的源码，给大家一种取得当前sshd配置的方法。
sshd将要加载哪些配置文件
调用sshd进程，并且通过strace输出open file。
就可以从中得知sshd将要打开的配置文件。
# strace -e open -ostrace.out /usr/sbin/sshd
查看strace的结果
# cat strace.out
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libfipscheck.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libwrap.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypto.so.10", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libldap-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/liblber-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libutil.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnsl.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libk5crypto.so.3", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libpcre.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libsasl2.so.3", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libssl3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libsmime3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnss3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnssutil3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libplds4.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libplc4.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnspr4.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libfreebl3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/proc/filesystems", O_RDONLY)
open("/etc/pki/f", O_RDONLY) = 3
open("/dev/null", O_RDWR)
open("/etc/ssh/sshd_config", O_RDONLY)
// 找到你了
open("/dev/urandom", O_RDONLY)
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ssh/ssh_host_rsa_key", O_RDONLY) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC)
open("/etc/ssh/ssh_host_rsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_rsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_rsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_rsa_key.pub", O_RDONLY) = 3
open("/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC)
open("/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_ecdsa_key", O_RDONLY) = 3
open("/etc/ssh/ssh_host_ecdsa_key.pub", O_RDONLY) = 3
+++ exited with 0 +++
open("/etc/ssh/sshd_config", O_RDONLY)
// 找到你了
注意，这是将要打开的，已经启动的sshd读过哪个配置文件，哪些配置，不得而知，那么怎么知道当前sshd的配置呢？
查看sshd的当前配置
因为sshd没有提供接口，所以我们需要用gcore把进程的内存dump出来，到内存中查看它的配置。
# ps -ewf|grep sshd
00:00:00 /usr/sbin/sshd -D
使用gcore 将pid的memory dump出来
# gcore 25202
使用gdb 分析
# gdb -core=core.25202
/usr/sbin/sshd
由于没有按照debuginfo包，会提示按照，否则没有符号表信息。
Missing separate debuginfos, use: debuginfo-install openssh-server-6.4p1-8.el7.x86_64
按照缺失的debuginfo包
# debuginfo-install openssh-server-6.4p1-8.el7.x86_64
# gdb -core=core.25202
/usr/sbin/sshd
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 nspr-4.10.6-1.el7_0.x86_64 nss-3.16.2-7.el7_0.x86_64 nss-softokn-freebl-3.16.2-2.el7_0.x86_64 nss-util-3.16.2-2.el7_0.x86_64 pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64
# debuginfo-install cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 nspr-4.10.6-1.el7_0.x86_64 nss-3.16.2-7.el7_0.x86_64 nss-softokn-freebl-3.16.2-2.el7_0.x86_64 nss-util-3.16.2-2.el7_0.x86_64 pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64
# gdb -core=core.25202
/usr/sbin/sshd
那么我怎么知道配置对应的变量呢？在这个openssh的源码文件中搜索到了 /etc/ssh/sshd_config 里的配置项/usr/src/debug/openssh-6.4p1/servconf.c
/* Initializes the server options to their default values. */
initialize_server_options(ServerOptions *options)
memset(options, 0, sizeof(*options));
/* Portable-specific options */
options-&use_pam = -1;
/* Standard Options */
options-&num_ports = 0;
options-&ports_from_cmdline = 0;
options-&listen_addrs = NULL;
options-&address_family = -1;
options-&num_host_key_files = 0;
options-&num_host_cert_files = 0;
options-&host_key_agent = NULL;
options-&pid_file = NULL;
options-&server_key_bits = -1;
options-&login_grace_time = -1;
options-&key_regeneration_time = -1;
options-&permit_root_login = PERMIT_NOT_SET;
options-&ignore_rhosts = -1;
options-&ignore_user_known_hosts = -1;
options-&print_motd = -1;
options-&print_lastlog = -1;
options-&x11_forwarding = -1;
options-&x11_display_offset = -1;
options-&x11_use_localhost = -1;
options-&xauth_location = NULL;
options-&strict_modes = -1;
options-&tcp_keep_alive = -1;
options-&log_facility = SYSLOG_FACILITY_NOT_SET;
options-&log_level = SYSLOG_LEVEL_NOT_SET;
options-&rhosts_rsa_authentication = -1;
options-&hostbased_authentication = -1;
options-&hostbased_uses_name_from_packet_only = -1;
options-&rsa_authentication = -1;
options-&pubkey_authentication = -1;
options-&kerberos_authentication = -1;
options-&kerberos_or_local_passwd = -1;
options-&kerberos_ticket_cleanup = -1;
options-&kerberos_get_afs_token = -1;
options-&gss_authentication=-1;
options-&gss_keyex = -1;
options-&gss_cleanup_creds = -1;
options-&gss_strict_acceptor = -1;
options-&gss_store_rekey = -1;
options-&password_authentication = -1;
options-&kbd_interactive_authentication = -1;
options-&challenge_response_authentication = -1;
options-&permit_empty_passwd = -1;
options-&permit_user_env = -1;
options-&use_login = -1;
options-&compression = -1;
options-&rekey_limit = -1;
options-&rekey_interval = -1;
options-&allow_tcp_forwarding = -1;
options-&allow_agent_forwarding = -1;
options-&num_allow_users = 0;
options-&num_deny_users = 0;
options-&num_allow_groups = 0;
options-&num_deny_groups = 0;
options-&ciphers = NULL;
options-&macs = NULL;
options-&kex_algorithms = NULL;
options-&protocol = SSH_PROTO_UNKNOWN;
options-&gateway_ports = -1;
options-&num_subsystems = 0;
options-&max_startups_begin = -1;
options-&max_startups_rate = -1;
options-&max_startups = -1;
options-&max_authtries = -1;
options-&max_sessions = -1;
options-&banner = NULL;
options-&show_patchlevel = -1;
options-&use_dns = -1;
options-&client_alive_interval = -1;
options-&client_alive_count_max = -1;
options-&num_authkeys_files = 0;
options-&num_accept_env = 0;
options-&permit_tun = -1;
options-&num_permitted_opens = -1;
options-&adm_forced_command = NULL;
options-&chroot_directory = NULL;
options-&authorized_keys_command = NULL;
options-&authorized_keys_command_user = NULL;
options-&zero_knowledge_password_authentication = -1;
options-&revoked_keys_file = NULL;
options-&trusted_user_ca_keys = NULL;
options-&authorized_principals_file = NULL;
options-&ip_qos_interactive = -1;
options-&ip_qos_bulk = -1;
options-&version_addendum = NULL;
options-&use_kuserok = -1;
所以要查看当前sshd进程的配置，打印options即可
# gdb -core=core.25202
/usr/sbin/sshd
(gdb) print options
$1 = {num_ports = 1, ports_from_cmdline = 0, ports = {22, 0 &repeats 255 times&}, listen_addr = 0x0, listen_addrs = 0x7f1e39bcba40, address_family = 2, host_key_files = {0x7f1e39bcf760 "/etc/ssh/ssh_host_rsa_key",
0x7f1e39bcf790 "/etc/ssh/ssh_host_ecdsa_key", 0x0 &repeats 254 times&}, num_host_key_files = 2, host_cert_files = {0x0 &repeats 256 times&}, num_host_cert_files = 0, host_key_agent = 0x0,
pid_file = 0x7f1e38e413c8 "/var/run/sshd.pid", server_key_bits = 1024, login_grace_time = 120, key_regeneration_time = 3600, permit_root_login = 3, ignore_rhosts = 1, ignore_user_known_hosts = 0, print_motd = 1, print_lastlog = 1,
x11_forwarding = 1, x11_display_offset = 10, x11_use_localhost = 1, xauth_location = 0x7f1e38e413da "/usr/bin/xauth", strict_modes = 1, tcp_keep_alive = 1, ip_qos_interactive = 16, ip_qos_bulk = 8, ciphers = 0x0, macs = 0x0,
kex_algorithms = 0x0, protocol = 4, gateway_ports = 0, log_facility = SYSLOG_FACILITY_LOCAL0, log_level = SYSLOG_LEVEL_INFO, rhosts_rsa_authentication = 0, hostbased_authentication = 0, hostbased_uses_name_from_packet_only = 0,
rsa_authentication = 1, pubkey_authentication = 1, kerberos_authentication = 0, kerberos_or_local_passwd = 1, kerberos_ticket_cleanup = 1, kerberos_get_afs_token = 0, gss_authentication = 1, gss_keyex = 0, gss_cleanup_creds = 1,
gss_strict_acceptor = 1, gss_store_rekey = 0, password_authentication = 1, kbd_interactive_authentication = 0, challenge_response_authentication = 0, zero_knowledge_password_authentication = 0, permit_empty_passwd = 0,
permit_user_env = 0, use_login = 0, compression = 2, allow_tcp_forwarding = 3, allow_agent_forwarding = 1, num_allow_users = 0, allow_users = {0x0 &repeats 256 times&}, num_deny_users = 0, deny_users = {0x0 &repeats 256 times&},
num_allow_groups = 0, allow_groups = {0x0 &repeats 256 times&}, num_deny_groups = 0, deny_groups = {0x0 &repeats 256 times&}, num_subsystems = 1, subsystem_name = {0x7f1e39bcb9c0 "sftp", 0x0 &repeats 255 times&}, subsystem_command = {
0x7f1e39bcb9e0 "/usr/libexec/openssh/sftp-server", 0x0 &repeats 255 times&}, subsystem_args = {0x7f1e39bcba10 "/usr/libexec/openssh/sftp-server", 0x0 &repeats 255 times&}, num_accept_env = 16, accept_env = {0x7f1e39bcf7e0 "LANG",
0x7f1e39bcb7e0 "LC_CTYPE", 0x7f1e39bcb800 "LC_NUMERIC", 0x7f1e39bcb820 "LC_TIME", 0x7f1e39bcb840 "LC_COLLATE", 0x7f1e39bcb860 "LC_MONETARY", 0x7f1e39bcb880 "LC_MESSAGES", 0x7f1e39bcb8a0 "LC_PAPER", 0x7f1e39bcb8c0 "LC_NAME",
0x7f1e39bcb8e0 "LC_ADDRESS", 0x7f1e39bcb900 "LC_TELEPHONE", 0x7f1e39bcb920 "LC_MEASUREMENT", 0x7f1e39bcb940 "LC_IDENTIFICATION", 0x7f1e39bcb960 "LC_ALL", 0x7f1e39bcb980 "LANGUAGE", 0x7f1e39bcb9a0 "XMODIFIERS",
0x0 &repeats 240 times&}, max_startups_begin = 10, max_startups_rate = 30, max_startups = 100, max_authtries = 6, max_sessions = 10, banner = 0x0, show_patchlevel = 0, use_dns = 0, client_alive_interval = 0,
client_alive_count_max = 3, num_authkeys_files = 1, authorized_keys_files = {0x7f1e39bcf7c0 ".ssh/authorized_keys", 0x0 &repeats 255 times&}, adm_forced_command = 0x0, use_pam = 1, permit_tun = 0, num_permitted_opens = -1,
use_kuserok = 1, chroot_directory = 0x0, revoked_keys_file = 0x0, trusted_user_ca_keys = 0x0, authorized_principals_file = 0x0, authorized_keys_command = 0x0, authorized_keys_command_user = 0x0, rekey_limit = 0, rekey_interval = 0,
version_addendum = 0x7f1e39bcba90 "", num_auth_methods = 0, auth_methods = {0x0 &repeats 256 times&}}
在这里我们看到了当前sshd进程的配置。
max_startups_begin = 10, max_startups_rate = 30, max_startups = 100, max_authtries = 6, max_sessions = 10
我们看看修改配置后，重新dump看看是不是会发生变化修改前面使用strace跟踪到的配置文件
# vi /etc/ssh/sshd_config
MaxStartups 0
检查配置文件是否正确
使得配置文件生效
service sshd reload
kill -s SIGHUP $sshd_pid
// 从man sshd中得到的
sshd can be configured using command-line options or a configuration file (by default sshd_config(5));
command-line options override values specified in the configuration file.
sshd rereads its configuration file when it receives a hangup signal, SIGHUP,
by executing itself with the name and options it was started with, e.g. /usr/sbin/sshd.
我这里使用发信号的方式
kill -s SIGHUP 25202
# gcore 25202
# gdb -core=core.25202
/usr/sbin/sshd
(gdb) print options
$1 = {num_ports = 1, ports_from_cmdline = 0, ports = {22, 0 &repeats 255 times&}, listen_addr = 0x0, listen_addrs = 0x7f83e31d5a60, address_family = 2, host_key_files = {0x7f83e31d9770 "/etc/ssh/ssh_host_rsa_key",
0x7f83e31d97a0 "/etc/ssh/ssh_host_ecdsa_key", 0x0 &repeats 254 times&}, num_host_key_files = 2, host_cert_files = {0x0 &repeats 256 times&}, num_host_cert_files = 0, host_key_agent = 0x0,
pid_file = 0x7f83e229c3c8 "/var/run/sshd.pid", server_key_bits = 1024, login_grace_time = 120, key_regeneration_time = 3600, permit_root_login = 3, ignore_rhosts = 1, ignore_user_known_hosts = 0, print_motd = 1, print_lastlog = 1,
x11_forwarding = 1, x11_display_offset = 10, x11_use_localhost = 1, xauth_location = 0x7f83e229c3da "/usr/bin/xauth", strict_modes = 1, tcp_keep_alive = 1, ip_qos_interactive = 16, ip_qos_bulk = 8, ciphers = 0x0, macs = 0x0,
kex_algorithms = 0x0, protocol = 4, gateway_ports = 0, log_facility = SYSLOG_FACILITY_LOCAL0, log_level = SYSLOG_LEVEL_INFO, rhosts_rsa_authentication = 0, hostbased_authentication = 0, hostbased_uses_name_from_packet_only = 0,
rsa_authentication = 1, pubkey_authentication = 1, kerberos_authentication = 0, kerberos_or_local_passwd = 1, kerberos_ticket_cleanup = 1, kerberos_get_afs_token = 0, gss_authentication = 1, gss_keyex = 0, gss_cleanup_creds = 1,
gss_strict_acceptor = 1, gss_store_rekey = 0, password_authentication = 1, kbd_interactive_authentication = 0, challenge_response_authentication = 0, zero_knowledge_password_authentication = 0, permit_empty_passwd = 0,
permit_user_env = 0, use_login = 0, compression = 2, allow_tcp_forwarding = 3, allow_agent_forwarding = 1, num_allow_users = 0, allow_users = {0x0 &repeats 256 times&}, num_deny_users = 0, deny_users = {0x0 &repeats 256 times&},
num_allow_groups = 0, allow_groups = {0x0 &repeats 256 times&}, num_deny_groups = 0, deny_groups = {0x0 &repeats 256 times&}, num_subsystems = 1, subsystem_name = {0x7f83e31d59e0 "sftp", 0x0 &repeats 255 times&}, subsystem_command = {
0x7f83e31d5a00 "/usr/libexec/openssh/sftp-server", 0x0 &repeats 255 times&}, subsystem_args = {0x7f83e31d5a30 "/usr/libexec/openssh/sftp-server", 0x0 &repeats 255 times&}, num_accept_env = 16, accept_env = {0x7f83e31d57e0 "LANG",
0x7f83e31d5800 "LC_CTYPE", 0x7f83e31d5820 "LC_NUMERIC", 0x7f83e31d5840 "LC_TIME", 0x7f83e31d5860 "LC_COLLATE", 0x7f83e31d5880 "LC_MONETARY", 0x7f83e31d58a0 "LC_MESSAGES", 0x7f83e31d58c0 "LC_PAPER", 0x7f83e31d58e0 "LC_NAME",
0x7f83e31d5900 "LC_ADDRESS", 0x7f83e31d5920 "LC_TELEPHONE", 0x7f83e31d5940 "LC_MEASUREMENT", 0x7f83e31d5960 "LC_IDENTIFICATION", 0x7f83e31d5980 "LC_ALL", 0x7f83e31d59a0 "LANGUAGE", 0x7f83e31d59c0 "XMODIFIERS",
0x0 &repeats 240 times&}, max_startups_begin = 1000, max_startups_rate = 30, max_startups = 3000, max_authtries = 6, max_sessions = 10, banner = 0x0, show_patchlevel = 0, use_dns = 0, client_alive_interval = 0,
client_alive_count_max = 3, num_authkeys_files = 1, authorized_keys_files = {0x7f83e31d97d0 ".ssh/authorized_keys", 0x0 &repeats 255 times&}, adm_forced_command = 0x0, use_pam = 1, permit_tun = 0, num_permitted_opens = -1,
use_kuserok = 1, chroot_directory = 0x0, revoked_keys_file = 0x0, trusted_user_ca_keys = 0x0, authorized_principals_file = 0x0, authorized_keys_command = 0x0, authorized_keys_command_user = 0x0, rekey_limit = 0, rekey_interval = 0,
version_addendum = 0x7f83e31d5ab0 "", num_auth_methods = 0, auth_methods = {0x0 &repeats 256 times&}}
可以看到刚才修改的配置已生效
max_startups_begin = 1000, max_startups_rate = 30, max_startups = 3000
祝大家玩得开心，欢迎随时来 阿里云促膝长谈 业务需求 ，恭候光临。
阿里云的小伙伴们加油，努力做 最贴地气的云数据库 。
本文为云栖社区原创内容，未经允许不得转载，如需转载请发送邮件至yqeditor@list.；如果您发现本社区中有涉嫌抄袭的内容，欢迎发送邮件至：yqgroup@ 进行举报，并提供相关证据，一经查实，本社区将立刻删除涉嫌侵权内容。
用云栖社区APP，舒服~
【云栖快讯】数据库技术天团集体亮相，分享一线生产实践经验，告诉你踩过的坑、走过的路，都是老司机，靠谱！干货分享，不可错过！&&
云数据库HybridDB（ApsaraDB HybridDB）是一种在线MPP大规模并行处理数据仓库服务。云数据...
高速通道（ExpressConnect）是一款便捷高效的网络服务，用于在云上的不同网络环境间实现高速、稳定、安全...
阿里云针对移动应用推出的无线加速产品，旨在依托阿里云遍布全网的加速节点，海量带宽网络等优越的基础设施，为开发者提...
为您提供简单高效、处理能力可弹性伸缩的计算服务，帮助您快速构建更稳定、安全的应用，提升运维效率，降低 IT 成本...
Loading...热的完全不想动。
关于 iPhone 8 现在还留存有的最大疑问之一，莫过于它到底会不会延期发售了。传闻中我...
苹果2017年的产品阵容中和iPod nano最相似的产品就是Apple Watch。
在外观被认为已经几乎确定的情况下，软件层面的内容似乎开始逐渐被关注。
开发者又在HomePod固件中找到了新的信息。
过去，苹果也经常开通iTunes通道来接受各种捐款。
该店还将采用 2015 年苹果对零售店的全新设计。
Apple Pay的扩张，一直在进行中。
《卡牌怪兽》是国内的木七七工作室开发，腾讯方面负责运营的一款卡牌类游戏，本作属于...
游戏无论是从画面、玩法还是世界观上，基本上都和《精灵宝可梦》十分相似，不过游戏的...
《飞车黑猩猩 大奖赛（Nitro Chimp Grand Prix）》是Thumbspire发布的最新休闲游戏，...
两年后的现在，这款过气网红终于由国内发行商引进国内，正式上架中国区 App Store，中...
在这个喵星人的世界上，到处生活着的都是各种各样的猫，但是突然有一天龙族突然入侵了...
Oleg Beresnev 推出的《飞刀大挑战（Flippy Knife）》是一款非常有趣的休闲游戏，在游...
加足马力，朝着对手的车撞过去吧！只要速度够快，你就是最后的胜利者！
宜家的 Tradfri 智能照明系统涵盖了几乎所有类型的家用灯泡接口。
理想的 iPhone 保护壳应该是轻薄、坚固且价格实惠的。
你需要给自己的 Apple Watch 加上一些不一样的风格。
Sylvania 与飞利浦的智能灯泡 Hue 一样，可以设置为几种不同的颜色或是不同亮度的白光...
颜色尺寸的可选择性都很高，而且还有百年老店加持~
许多人认为 iPad Pro 的配件 Apple Pencil 没多大用处，或者将它定位为绘画工具，其实...
一直以来，微软的鼠标、键盘和其他配件都有不错的口碑。
Red Raven 摄像机具备 4K 视频拍摄能力，可实现 120fps 每秒传输帧数。
本主题需要才能查看，如没有账号，戳我！
威锋旗下产品
Hi~我是威威！
沪公网安备 29号　|　沪ICP备号-1
新三板上市公司威锋科技（836555）
增值电信业务经营许可证：
Powered by Discuz!标签：至少1个，最多5个
openssh upgrade to latest version
最近公司的系统被客户那边的一套扫描漏洞的设备扫出了关于 openssh 的几个漏洞，大概看了一下主要是因为 openssh 当前版本为 5.3，版本低了，本来觉得是个小问题，我自己的 distribution 是 centos 6.x， yum 最新的 openssh 也只是 5.3，没办法只能到 rpm 官网找新的包，找到最新的是 6.4，然后通过 yum localinstall 升级了，没想到第二天客户反映还存在 openssh 漏洞，要一个没有才能对外开放 22 端口。 懵逼，没办法，只能去openssh 官网找最新的 release，最新版本是 7.5，安装过程中遇到了一系列的坑，就不一一述说了，为了帮助大家避免这些坑，特记录下来仅供参考。
ssh 升级步骤
mkdir ssh_upgrade && cd ssh_upgrade
上传openssh安装包
查看当前openssh版本
卸载原有openssh
yum remove openssh -y
安装 gcc、openssl和zlib
yum install gcc openssl-devel zlib-devel
tar zxvf openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure
make && make install
拷贝ssh服务文件
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
修改SSHD服务文件
vim /etc/init.d/sshd
修改以下内容
SSHD=/usr/sbin/sshd 为 SSHD=/usr/local/sbin/sshd
/usr/sbin/ssh-keygen -A 为 /usr/local/bin/ssh-keygen -A
加入系统服务
chkconfig --add sshd
查看系统启动服务是否增加改项
chkconfig --list |grep sshd
允许root用户远程登录
cp sshd_config /etc/ssh/sshd_config
vim /etc/ssh/sshd_config 修改 PermitRootLogin yes,并去掉注释
配置允许root用户远程登录
这一操作很重要！很重要！很重要！重要的事情说三遍，因为openssh安装好默认是不执行sshd_config文件的，所以即使在sshd_config中配置允许root用户远程登录，但是不加上这句命令，还是不会生效！
vim /etc/init.d/sshd
在 ‘$SSHD $OPTIONS && success || failure’这一行上面加上一行 ‘OPTIONS="-f /etc/ssh/sshd_config"’
service sshd start
1 收藏&&|&&3
你可能感兴趣的文章
6 收藏，953
3 收藏，514
分享到微博？
你好！看起来你挺喜欢这个内容，但是你还没有注册帐号。 当你创建了帐号，我们能准确地追踪你关注的问题，在有新答案或内容的时候收到网页和邮件通知。还能直接向作者咨询更多细节。如果上面的内容有帮助，记得点赞 (????)? 表示感谢。
明天提醒我
我要该，理由是：