制作openssh的rpm升级包
1. 检查本机openssh版本,查看yum源中最新的版本
ssh -V
yum info openssh
2. 建立目录下载源码包
cd /root
mkdir -pv rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz -O rpmbuild/SOURCES/openssh-8.2p1.tar.gz
3. 开始制作
解压拷贝文件
cd rpmbuild/SOURCES
tar xf openssh-8.2p1.tar.gz
cp openssh-8.2p1/contrib/redhat/openssh.spec ../SPECS
cd ../SPECS/
按需修改以下内容:
vi openssh.spec
# Do we want to disable building of x11-askpass? (1=yes 0=no)
%define no_x11_askpass 1
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 1
使用rpmbuild制作rpm包,完成后在RPMS下生成rpm安装包
rpmbuild -bb openssh.spec
如果提示缺乏依赖,执行下载所有依赖包,可以打包上传到服务器安装,这里以openssl-devel举例
yum install yum-utils -y
yumdownloader openssl-devel --resolve --destdir=../SRPMS
- 升级
mkdir /opt/backup
mv /etc/ssh /opt/backup
cp /etc/pam.d/sshd /opt/backup/sshd.pam
yum -y install ./openssh*.rpm
mv /etc/ssh/sshd_config{,.old_$(date '+%s')}
cat > /etc/ssh/sshd_config << SSHDEOF
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
Subsystem sftp /usr/libexec/openssh/sftp-server
SSHDEOF
mv /etc/pam.d/sshd{,.old_$(date '+%s')}
cp /opt/backup/sshd.pam /etc/pam.d/sshd
service sshd restart
- 验证
ssh -V
网友评论