OpenSSH拒绝服务漏洞_CVE-2016-8858

1. 相关依赖
   You will need working installations of Zlib and libcrypto (LibreSSL / OpenSSL)
2. 下载相应源码
   1. Dropbear临时替代SSH
      • Dropbear https://matt.ucc.asn.au/dropbear/releases/
   2. Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems)
      • Zlib http://www.zlib.net/
   3. libcrypto (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0)
      • OpenSSL https://www.openssl.org/source/

        Note that because of API changes, OpenSSL 1.1.x is not currently supported.(2017/03/16更新)

      • LibreSSL https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
   4. OpenSSH
      • https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

3. 编译安装
   1. Dropbear

      tar xvf dropbear-2016.74.tar.bz2
      cd dropbear-2016.74/
      ./configure --prefix=/opt/dropbear --enable-pam
      make && make scp && sudo make install
      sudo /opt/dropbear/bin/dropbearkey -t rsa -f /opt/dropbear/dropbear_rsa_host_key -s 4096
      sudo /opt/dropbear/sbin/dropbear -p 12598 -r /opt/dropbear/dropbear_rsa_host_key

   2. Zlib

      tar -zxvf zlib-1.2.11.tar.gz
      cd zlib-1.2.11
      ./configure --shared
      make && make test && sudo make install

   3. OpenSSl

      tar xvf openssl-1.0.2k.tar.gz
      cd openssl-1.0.2k
      #./Configure --prefix=/usr shared
      ./config --prefix=/usr shared
      make && make test && sudo make install

   4. OpenSSH

      tar xvf openssh-7.4p1.tar.gz
      cd openssh-7.4p1
      ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-openssl-includes=/usr -with-ssl-dir=/usr/ssl --with-privsep-path=/var/myempty --with-privsep-user=sshd --with-zlib --with-ssl-engine --with-md5-passwords --with-pam --disable-etc-default-login && \
      make && \
      sudo mv /etc/ssh* /tmp/ && \
      sudo make install