Loading... > 转载文章,排版可能出现错误,建议到原文阅读:[CentOS通过yum升级Openssh8.x - 别来无恙- - 博客园 (cnblogs.com)](https://www.cnblogs.com/yanjieli/p/14220914.html) > [CentOS7&麒麟V10通过rpm包升级openssh - zerlong - 博客园 (cnblogs.com)](https://www.cnblogs.com/zerlong/articles/15845757.html) # 制作 RPM 包[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%88%B6%E4%BD%9C-rpm-%E5%8C%85) ## 安装相关依赖[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%AE%89%E8%A3%85%E7%9B%B8%E5%85%B3%E4%BE%9D%E8%B5%96) ```bash highlighter-hljs hljs hljsln ln-hide # yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y ``` ## 创建所需目录[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%88%9B%E5%BB%BA%E6%89%80%E9%9C%80%E7%9B%AE%E5%BD%95) ```bash highlighter-hljs hljs hljsln ln-hide # mkdir -p /root/rpmbuild/{SOURCES,SPECS} # cd /root/rpmbuild/SOURCES ``` ## 下载源码包[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E4%B8%8B%E8%BD%BD%E6%BA%90%E7%A0%81%E5%8C%85) > 下载地址: > > [http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/](http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/) > > [https://src.fedoraproject.org/repo/pkgs/openssh/](https://src.fedoraproject.org/repo/pkgs/openssh/) ```bash highlighter-hljs hljs hljsln ln-hide # wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz # wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz # tar -xvzf openssh-8.4p1.tar.gz # tar -xvzf x11-ssh-askpass-1.2.4.1.tar.gz ``` ## 修改配置文件[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6) ```bash highlighter-hljs hljs hljsln ln-hide # cp openssh-8.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/ # cd /root/rpmbuild/SPECS/ # sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec # sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec ``` ## 构建[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E6%9E%84%E5%BB%BA) ```bash highlighter-hljs hljs hljsln ln-hide # rpmbuild -ba openssh.spec 构建成功结果如下: Wrote: /root/rpmbuild/SRPMS/openssh-8.4p1-1.el7.src.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-8.4p1-1.el7.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-8.4p1-1.el7.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-8.4p1-1.el7.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-8.4p1-1.el7.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-8.4p1-1.el7.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.pshj6r + umask 022 + cd /root/rpmbuild/BUILD + cd openssh-8.4p1 + rm -rf /root/rpmbuild/BUILDROOT/openssh-8.4p1-1.el7.x86_64 + exit 0 ``` ## 验证软件包[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E9%AA%8C%E8%AF%81%E8%BD%AF%E4%BB%B6%E5%8C%85) ```bash highlighter-hljs hljs hljsln ln-hide # ls /root/rpmbuild/RPMS/x86_64/ openssh-8.4p1-1.el7.x86_64.rpm openssh-clients-8.4p1-1.el7.x86_64.rpm openssh-askpass-8.4p1-1.el7.x86_64.rpm openssh-debuginfo-8.4p1-1.el7.x86_64.rpm openssh-askpass-gnome-8.4p1-1.el7.x86_64.rpm openssh-server-8.4p1-1.el7.x86_64.rpm ``` ## 构建过程报错解决[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E6%9E%84%E5%BB%BA%E8%BF%87%E7%A8%8B%E6%8A%A5%E9%94%99%E8%A7%A3%E5%86%B3) > 错误1: > > `error: Failed build dependencies: openssl-devel < 1.1 is needed by openssh-8.4p1-1.el7.x86_64` > > 解决办法: > > 注释`BuildRequires: openssl-devel < 1.1`这一行 ```bash highlighter-hljs hljs hljsln ln-hide # sed -i 's/BuildRequires: openssl-devel < 1.1/#&/' openssh.spec ``` > 错误2: > > `error: Failed build dependencies: /usr/include/X11/Xlib.h is needed by openssh-8.4p1-1.el7.x86_64` > > 解决办法: > > 安装`libXt-devel imake gtk2-devel openssl-libs` ```bash highlighter-hljs hljs hljsln ln-hide # yum install libXt-devel imake gtk2-devel openssl-libs -y ``` # 开始升级[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%BC%80%E5%A7%8B%E5%8D%87%E7%BA%A7) ## 备份配置文件[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%A4%87%E4%BB%BD%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6) ```bash highlighter-hljs hljs hljsln ln-hide # cp /etc/pam.d/{sshd,sshd.bck} # cp /etc/ssh/{sshd_config,sshd_config.bck} ``` ## 安装telnet[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%AE%89%E8%A3%85telnet) > 避免 `openssh` 升级识别无法登陆,安装`telnet`(同时开启两个窗口) ```bash highlighter-hljs hljs hljsln ln-hide # yum install telnet-server xinetd -y # systemctl enable --now xinetd.service # systemctl enable --now telnet.socket ``` > 配置 `telnet` 登陆 ```bash highlighter-hljs hljs hljsln ln-hide //注释auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so这一行 # sed -i 's/^auth \[user_unknown=/#&/' /etc/pam.d/login # cat >> /etc/securetty <<EOF pts/1 pts/2 EOF //测试登陆 [C:\~]$ telnet 192.168.3.179 Trying 192.168.3.179... Connected to 192.168.3.179. Escape character is '^]'. Kernel 3.10.0-957.27.2.el7.x86_64 on an x86_64 localhost0 login: root Password: Last login: Thu Dec 31 15:28:23 from 192.168.3.144 [root@localhost0 ~]# ``` ## 安装新版本[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%AE%89%E8%A3%85%E6%96%B0%E7%89%88%E6%9C%AC) > 更新`openssh`版本 ```bash highlighter-hljs hljs hljsln ln-hide # yum update ./openssh* -y ``` ## 启动ssh服务[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%90%AF%E5%8A%A8ssh%E6%9C%8D%E5%8A%A1) > 恢复备份的配置文件,并重启sshd ```bash highlighter-hljs hljs hljsln ln-hide # \mv /etc/ssh/sshd_config.bck /etc/ssh/sshd_config # \mv /etc/pam.d/sshd.bck /etc/pam.d/sshd # sed -i '/.*PermitRootLogin.*/d' /etc/ssh/sshd_config # echo -e '\nPermitRootLogin yes' >> /etc/ssh/sshd_config # sed -i '/.*PasswordAuthentication.*/d' /etc/ssh/sshd_config # echo -e '\nPasswordAuthentication yes' >> /etc/ssh/sshd_config # chmod 600 /etc/ssh/* # systemctl restart sshd ``` ## 验证登陆[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E9%AA%8C%E8%AF%81%E7%99%BB%E9%99%86) > 新开窗口连接登陆测试,没有问题后再进行下面的关闭`telnet`步骤。 > > **注意:** 请勿关闭当前窗口,另外新开窗口连接没问题,再关闭。 ## 关闭 telnet[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E5%85%B3%E9%97%AD-telnet) > 注意:开启`telnet`的`root`远程登录极度不安全,账号密码都是明文传输,尤其在公网,所以一般只限于在某些情况下内网中ssh无法使用时,临时调测,使用完后,将相关配置复原,彻底关闭`telnet`服务! ```bash highlighter-hljs hljs hljsln ln-hide # systemctl stop telnet.socket && systemctl disable telnet.socket # systemctl stop xinetd.service && systemctl disable xinetd.service ``` ## 验证当前版本[#](https://www.cnblogs.com/yanjieli/p/14220914.html#%E9%AA%8C%E8%AF%81%E5%BD%93%E5%89%8D%E7%89%88%E6%9C%AC) ```bash highlighter-hljs hljs hljsln ln-hide # ssh -V OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 ``` # build脚本[#](https://www.cnblogs.com/yanjieli/p/14220914.html#build%E8%84%9A%E6%9C%AC) > 该脚本用于制作`openssh rpm`包 > > 使用方法:`rpmbuild_openssh.sh 8.4` ```bash highlighter-hljs hljs hljsln ln-hide #!/usr/bin/env bash # @Date :2021/1/1 15:13 # @Author :ives # @Email :381347268@qq.com # @File :rpmbuild_openssh.sh # @Desc :制作openssh rpm软件包,通过tar包build openssh_version=$1 #判断是否传入正确的软件包 if [ "${openssh_version}" ] ;then echo -e "\033[41;37m当前build的openssh版本为: ${openssh_version}\033[0m" else echo "常用版本有:8.0, 8.1, 8.2, 8.3, 8.4" echo echo -e " 请输入需要build的openssh版本号 示例: \033[36;1m$0 8.4\033[0m" exit 1 fi # 安装依赖 function install_dependency() { yum install -y wget rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel openssl-libs >> /dev/null && sleep 3 } # 下载软件包 function download_package() { mkdir -p /root/rpmbuild/{SOURCES,SPECS} cd /root/rpmbuild/SOURCES echo -e "\033[34;1m开始下载软件包:openssh-${openssh_version}p1.tar.gz \033[0m" wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${openssh_version}p1.tar.gz >> /dev/null && echo "openssh-${version}p1.tar.gz下载成功..." if [ $? -ne 0 ]; then echo "openssh-${openssh_version}p1.tar.gz下载失败...请检查网络环境或版本是否存在" exit 2 else echo -e "\033[34;1m开始下载软件包:x11-ssh-askpass-1.2.4.1.tar.gz \033[0m" wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz >> /dev/null && echo "x11-ssh-askpass-1.2.4.1.tar.gz下载成功..." && sleep 3 if [ $? -ne 0 ]; then echo "x11-ssh-askpass-1.2.4.1.tar.gz下载失败...请检查网络环境是否正常" exit 2 else tar -xf openssh-8.4p1.tar.gz && tar -xf x11-ssh-askpass-1.2.4.1.tar.gz fi fi } # 修改配置文件和build function config_and_build() { cp openssh-8.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/ sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec sed -i 's/BuildRequires: openssl-devel < 1.1/#&/' /root/rpmbuild/SPECS/openssh.spec cd /root/rpmbuild/SPECS echo -e "\033[34;1m开始制作 openssh${openssh_version} 相关rpm软件包 \033[0m" rpmbuild -ba openssh.spec if [ $? -eq 0 ]; then echo -e "\033[34;1mopenssh${openssh_version} 相关rpm软件包制作成功,生成的软件包信息如下: \033[0m" echo echo -e "\033[33;1m软件包存放路径:/root/rpmbuild/RPMS/x86_64/ \033[0m" && ls /root/rpmbuild/RPMS/x86_64/ else echo -e "\033[33;1mopenssh${openssh_version} 相关rpm软件包制作失败,请根据报错信息进行解决,再重新进行编译 \033[0m" fi } function main() { install_dependency download_package config_and_build } main ``` 最后修改:2023 年 02 月 20 日 12 : 04 PM © 转载自他站 赞赏 要多恰饭才能长胖 赞赏作者 支付宝微信