centos制作openssh 9.3p2 rpm包

标题使用源码制作openssh 9.3p2 的rpm包

准备：

操作系统：CentOS Linux release 7.4.1708 (Core) #测试发现rpm包要在什么系统安装需要就需要在什么系统上制作
工具软件：rpm-build
源码文件：openssh-9.3p2.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz

wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz 
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz

制作

1.安装依赖包

yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make -y

2.初始化rpm制作环境

rpmbuild -ba openssh.spec

3.拷贝源码包到响应目录

cp openssh-9.3p2.tar.gz  x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES

4.解压源码包 拷贝openssh.spec进行修改

tar -zxf  openssh-9.3p2.tar.gz
cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/

或者提取已有包的spec文件

rpmrebuild -e -p --notest-install xxx.rpm

执行命令，这时候会打开一个spec的vim文件，我们使用vim的另存为将它保存下来(shift+: w文件名)

注释#BuildRequires: openssl-devel < 1.1

#制作rpm包

/root/rpmbuild/SPECS && rpmbuild -ba openssh.spec

待制作完成，生成的rpm包在目录/root/rpmbuild/RPMS/x86_64/

-rw-r--r-- 1 root root  649732 Jul 26 09:18 openssh-9.3p2-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root   44492 Jul 26 09:18 openssh-askpass-9.3p2-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root   25752 Jul 26 09:18 openssh-askpass-gnome-9.3p2-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root  641772 Jul 26 09:18 openssh-clients-9.3p2-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 3409040 Jul 26 09:18 openssh-debuginfo-9.3p2-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root  472668 Jul 26 09:18 openssh-server-9.3p2-1.el7.centos.x86_64.rpm

#只需要三个包即可

openssh-server-9.3p2-1.el7.x86_64.rpm   
openssh-clients-9.3p2-1.el7.x86_64.rpm
openssh-9.3p2-1.an8.x86_64.rpm

安装升级

yum localinstall openssh-9.3p2-1.el7.centos.x86_64.rpm openssh-server-9.3p2-1.el7.centos.x86_64.rpm openssh-clients-9.3p2-1.el7.centos.x86_64.rpm 

#重启服务

systemctl restart sshd

标题FAQ:升级后无法登录：

chmod 600 /etc/ssh/ssh_host_rsa_key

#授权

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config  #允许root远程登录

#配置认证

vim /etc/pam.d/sshd

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
## pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

systemctl restart sshd 

所有版本源码下载地址：

https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/