Before:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Prepare:
1.1 downoad file:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2.tar.gz
http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
http://prdownloads.sourceforge.net/libpng/zlib-1.2.11.tar.gz?download
1.2 compile from source:
tar -xzvf zlib-1.2.11.tar.gzcd zlib-1.2.11 ./configure --prefix=/usr/local/zlib-12.11 --disable-asm make && make installcdlibressl-3.4.2./configure--prefix=/usr/localmake && makeinstallvim /etc/ld.so.conf.d/local.conf/usr/local/lib
tar zxvf openssh-8.8p1.tar.gz
cd openssh-8.8p1
./configure –prefix=/usr/local/openssh-8.8p1 –sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/ –with-zlib=/usr/local/zlib-1.2.11/ –with-pam
make && make install
1.4 setup start script
cp redhat/sshd.init /etc/init.d/sshd
vi /etc/init.d/sshd
SSHD=/usr/local/openssh-8.8p1/sbin/sshd
/usr/local/openssh-8.8p1/bin/ssh-keygen -A
chkconfig –add sshd
chkconfig sshd on
chkconfig –list sshd
service sshd restart
vim /etc/profile
export PATH=/usr/local/openssh-8.8p1/bin:/usr/local/openssh-8.8p1/sbin:$PATH
service sshd restart
1.5 update sssd
yum install sssd sssd-tools
vi /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
[pam]
[domain/LDAP]
ldap_id_use_start_tls = False
ldap_schema = ad
ldap_default_authtok_type = obfuscated_password
cache_credentials = False
id_provider = ldap
auth_provider = ldap
ldap_default_bind_dn = test
ldap_uri = ldap://192.168.100.1
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_group_object_class = group
ldap_group_name = cn
override_gid = 513
ldap_idmap_range_min = 100000
#ldap_user_principal=userPrincipalName
override_homedir = /home/%u
default_shell = /bin/bash
1.5.1 setup bind user and crendentinal
sss_obfuscate -d LDAP
1.5.2 enable sssd
authconfig –enablesssd –enablesssdauth –enablemkhomedir –enablepamaccess –update
1.6 Windows 2012 R2 setup
1.6.1 promote OS to Active domain
1.6.2 install certificate service