在CentOS 7 下构建OpenSSH 8.x RPM安装包

一、 准备条件

1. openssh 8.x源码包

• 官方

curl -L https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz -o /root/openssh-8.8p1.tar.gz

• 本地

curl -L http://10.10.10.1/openssh-8.8p1.tar.gz -o /root/openssh-8.8p1.tar.gz

2. x11-ssh-askpass源码包

• 官方

curl -L https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz -o /root/x11-ssh-askpass-1.2.4.1.tar.gz

• 本地

curl -L http://10.10.10.1/x11-ssh-askpass-1.2.4.1.tar.gz -o /root/x11-ssh-askpass-1.2.4.1.tar.gz

3. RPM打包工具

yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel

二、构建配置

mkdir -p /root/rpmbuild/SOURCES
mkdir -p /root/rpmbuild/SPECS
cp /root/openssh-8.8p1.tar.gz /root/rpmbuild/SOURCES/
cp /root/x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
tar -zxf openssh-8.8p1.tar.gz -C /opt
cp /opt/openssh-8.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec 

/root/rpmbuild/SPECS/openssh.spec

...
%global no_x11_askpass 1 
%global no_gnome_askpass 1
...
#BuildRequires: openssl-devel < 1.1 
...

三、开始构建

cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec

四、开始验证

1. 备份配置文件

mkdir /etc/sshconfig_backup
cp /etc/ssh/sshd_config /etc/sshconfig_backup/
cp /etc/pam.d/sshd /etc/sshconfig_backup/pam.d_sshd

2. 手动升级

rpm -Uvh openssh*.rpm

3. 还原配置文件

cp /etc/sshconfig_backup/sshd_config /etc/ssh/sshd_config 
cp /etc/sshconfig_backup/pam.d_sshd /etc/pam.d/sshd
sed -i "s/#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep PermitRootLogin
rm -rf /etc/ssh/ssh_host_*
service sshd restart

4. 验证OPENSSH版本

ssh -V
rpm -qa | grep openssh