1) 升级OpenSSL
[code]# cd /usr/local/src
# wget http://download.discuz.net/env/openssl-0.9.7j.tar.gz
# wget http://download.discuz.net/env/openssh-4.2p1.tar.gz
# tar xzvf openssl-0.9.7j.tar.gz
# cd openssl-0.9.7j
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..[/code]
2) 升级OpenSSH
[code]# tar xzvf openssh-4.2p1.tar.gz
# cd openssh-4.2p1
# ./configure --prefix=/usr --with-pam --with-zlib --with-ssl- dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man
# make
# make install[/code]
3)禁止root直接登录,此处先建立一个普通系统用户:
[code]# useradd username
# passwd username
# vi /etc/passwd (将passwd文件中username的登录shell改为/bin/sh)
# vi /etc/ssh/sshd_config (将#protocol 1,2一行改为protocol 2)
# vi /etc/ssh/sshd_config (将#PermitRootLogin yes一行改为PermitRootLogin no)
# vi /usr/etc/sshd_config (将#protocol 1,2一行改为protocol 2)
# vi /usr/etc/sshd_config (将#PermitRootLogin yes一行改为PermitRootLogin no)
# /etc/rc.d/init.d/sshd restart[/code]
丁丁 于 2006-08-21 12:36:48发表:
恩!!试试