CentOS 7 升级 openssh 8.4p1

升级之后的问题和解决办法：

老客户端连不上

配置文件增加

KexAlgorithms=+diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

兼容老的密钥交换算法

root 连不上

PermitRootLogin yes

## 安装 dropbear 万一失败后可以远程ssh上
yum install -y dropbear

echo OPTIONS=\' -w -R -p 44444 \' | sudo tee /etc/sysconfig/dropbear

systemctl enable dropbear
systemctl restart dropbear


$ wget -c https://vault.centos.org/7.9.2009/os/Source/SPackages/openssh-7.4p1-21.el7.src.rpm
rpm -i openssh-7.4p1-21.el7.src.rpm

openssh8.4p1 下载地址:ftp://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
/x11-ssh-askpass 下载地址：http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-1.2.4.1.tar.gz


## 编译 rpm 
$ sudo yum install gtk2-devel libX11-devel openldap-devel autoconf automake audit-libs-devel groff pam-devel tcp_wrappers-devel fipscheck-devel systemd-devel libedit-devel xauth libXt-devel imake


####  以下所有操作都是在普通用户下进行，不能使用 root 
mkdir -p ~/rpmbuild/{SOURCES,SPECS,SRPMS}
cp openssh-8.4p1.tar.gz ~/rpmbuild/SOURCES
cp x11-ssh-askpass-1.2.4.1.tar.gz ~/rpmbuild/SOURCES

cd ~/rpmbuild/SOURCES
tar zxf openssh-8.4p1.tar.gz
cp ~/rpmbuild/SOURCES/openssh-8.4p1/contrib/redhat/openssh.spec ~/rpmbuild/SPECS/

cd ~/rpmbuild/SPECS

sed -i -e "s/_askpass 0/_askpass 1/g" openssh.spec 
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec 
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/BuildRequires: openssl-devel < 1.1/#BuildRequires: openssl-devel < 1.1/g"  openssh.spec

# %pre server 后面加  cp -r /etc/ssh /etc/ssh_bak
sed -i '/%pre server/acp -r /etc/pam.d/sshd /etc/pam.d/sshd.bak'  openssh.spec 
sed -i '/%pre server/acp -r /etc/ssh /etc/ssh_bak'  openssh.spec 

# %post server 后面加  chmod  600  /etc/ssh/ssh_host_*_key
sed -i '/%post server/achmod  600  /etc/ssh/ssh_host_*_key'  openssh.spec

# 默认的 pam.sshd 有问题，会覆盖 /etc/pam.d/ssh 导致无法登录

cat > ~/rpmbuild/SOURCES/sshd.pam <

参考： https://blog.csdn.net/u011394161/article/details/108995428