rpm包制作

rm /dev/null
mknod /dev/null c 1 3
chmod 666 /dev/null

RHEL7内网编译升级openssh到7.9P1步骤

配置内网yum源
wget http://10.0.0.8/html/rhel7.repo
yum clean all
yum makecache
安装需要支持的依赖包
yum -y install pam-devel libX11 libX11-devel imake gtk2-devel tcp_wrappers-devel rpm-build

下载
wget http://10.0.0.8/html/openssh/openssh-7.9p1.tar.gz
wget http://10.0.0.8/html/openssh/x11-ssh-askpass-1.2.4.1.tar.gz

tar xf openssh-7.9p1.tar.gz
cd openssh-7.9p1/contrib/redhat/
cp /usr/src/openssh-7.9p1.tar.gz /root/rpmbuild/SOURCES/
cp /usr/src/x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/

编辑 openssh.spec
注释 #BuildRequires: openssl-devel < 1.1

执行 rpmbuild -bb openssh.spec

执行完成后 需要的rpm包就会在
/root/rpmbuild/RPMS/x86_64
cd /root/rpmbuild/RPMS/x86_64
cp /etc/pam.d/sshd /root/.etc-pam.d-sshd-${TD}
升级安装openssh
rpm -Uvh openssh-*.rpm
安装完成后需要做如下操作
cp /root/.etc-pam.d-sshd-${TD} /etc/pam.d/sshd
sed -i "37a\SyslogFacility AUTHPRIV" /etc/ssh/sshd_config
sed -i "44a\PermitRootLogin yes" /etc/ssh/sshd_config
sed -i "77a\ChallengeResponseAuthentication no" /etc/ssh/sshd_config
sed -i "84a\UsePAM yes" /etc/ssh/sshd_config
sed -i "88a\GSSAPICleanupCredentials no" /etc/ssh/sshd_config
如果使用非默认端口，请记得修改sshd_config 修改端口。
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd
最后先不要关闭session，新建连接登陆升级完成的设备看是否正常。
可以观察 tailf /var/log/secure 查看是否存在出错信息

RHEL7yum升级openssh7.9及回滚步骤
配置内网yum源
wget http://10.0.0.8/html/rhel7.repo
yum clean all
yum makecache
备份配置
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
安装更新openssh
yum install openssh openssh-server openssh-clients openssh-askpass openssh-askpass-gnome
更新完成后恢复配置
cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
cp /etc/pam.d/sshd.bak /etc/pam.d/sshd

chmod 600 /etc/ssh/ssh_host_*

重启 systemctl restart sshd

重启后别关闭当前session，验证是否登陆正常。
无法登陆的回滚步骤如下：
先删除当前的版本
yum remove openssh openssh-server openssh-clients openssh-askpass openssh-askpass-gnome

yum -y install openssh-7.4p1 openssh-clients-7.4p1 openssh-server-7.4p1 openssh-askpass-7.4p1

然后重启sshd服务 systemctl restart sshd