Centos7编译openssh8.9p1

升级生产服务器的ssh版本，记录Centos7编译openssh8.9p1

一，编译源码，生成rpm包

$sudo yum install rpm-build gcc gcc-c++ glibc glibc-devel openssl-devel opensshl prce pcre-devel zlib zlib-devel make wget krb5-devel pam-devel libX11-devel xmkmf libXt-devel initscripts libXt-devel imake gtk2-devel lrzsz -y  //依赖

$sudo mkdir -pv /root/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}   //目录准备

$sudo wget http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz -O /root/rpmbuild/SOURCES/openssh-8.9p1.tar.gz   //下载源码包

解压spec编译文件

cd /root/rpmbuild/SOURCES/

tar -xvf openssh-8.9p1.tar.gz openssh-8.9p1/contrib/redhat/openssh.spec

mv openssh-8.9p1 /root/rpmbuild/SPECS/

配置spec编译文件

1.不生成askpass包

cd /root/rpmbuild/SPECS/openssh-8.9p1/contrib/redhat/

sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec

sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec

//如果生成askpass包，需要/root/rpmbuild/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz，下载链接Index of /repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz

2.解决openssl-devel < 1.1 报错

sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec

3.编译openssh源码

cd /root/rpmbuild/ && rpmbuild -bb /root/rpmbuild/SPECS/openssh-8.9p1/contrib/redhat/openssh.spec 

4.无报错示意编译成功

$sudo ll /root/rpmbuild/RPMS/x86_64/     //查看编译生成的rpm包

二，升级openssh

1.开启服务器的telnet，避免升级异常不能登录服务器

2.selinux设置宽松模式，或禁用。

3.备份sshd文件

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_7.4p1_bak

cp /etc/pam.d/sshd /etc/pam.d/sshd_7.4p1_pam_bak

4. 安装rpm

rpm -Uvh /root/rpmbuild/RPMS/x86_64/openssh-*.rpm --nodeps

5.更改ssh目录的key文件权限，避免重启ssh报错或重启不成功

chmod 600 /etc/ssh/ssh_host*key

sed -i "s/UsePAM yes/UsePAM no/" /etc/ssh/sshd_config

6.重启sshd，查看openssh版本

systemctl restart sshd

systemctl status sshd.service

strings /usr/sbin/sshd|grep OpenSSH

sshd -V

结束。