centos7 rpmbuild打包openssh8.0p1并升级

此文档提供方法为官方源码build成rpm后，用rpm进行升级，在Centos7.5.1804下实现，其余环境未经测试。

1．Rpmbuild打包

 

Rpmbuild环境要与目标环境同样（即在centos7.5.1804上编译）

 

#安装依赖

yum install rpm-build pam-devel zlib zlib-devel perl krb5-devel pam-devel gcc make wget libX11-devel xmkmf libXt-devel initscripts -y

yum install openssl openssl-devel -y

#建立编译目录

mkdir -p ~/rpmbuild/{SOURCES,SPECS} && cd ~/rpmbuild/SOURCES/

#下载源码包和依赖包

wget http://ftp.riken.jp/Linux/momonga/6/Everything/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz

wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

tar xf openssh-8.0p1.tar.gz

#拷贝配置文件

cp openssh-8.3p1/contrib/redhat/openssh.spec ~/rpmbuild/SPECS/

cd ~/rpmbuild/SPECS/

#修改配置文件

sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec

sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec

#编译

rpmbuild -ba openssh.spec

#若是编译过程当中报openssl-devel的问题，能够下面注释掉依赖

sed -i 's/BuildRequires: openssl-devel < 1.1/#BuildRequires: openssl-devel < 1.1/g' openssh.spec

2． 安装包说明

[root@testserver3 tmp]# ll

total 8300

-rw-r--r--. 1 root root 4034560 Jan  8 11:13 openssh-8.0p1-1.el7.offline.tar  #U盘携带包

-rw-r--r--. 1 root root 4464640 Jan  7 16:44 openssh-8.3p1-1.el7.offline.tar

[root@testserver3 tmp]# tar xf openssh-8.0p1-1.el7.offline.tar

[root@testserver3 tmp]# ll openssh-8.0p1-1.el7.offline

total 3936

-rw-r--r--. 1 root root  514232 Jan  8 11:12 openssh-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root  505616 Jan  8 11:12 openssh-clients-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root 2603832 Jan  8 11:12 openssh-debuginfo-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root  400260 Jan  8 11:12 openssh-server-8.0p1-1.el7.centos.x86_64.rpm

[root@testserver3 openssl-1.1.1i.el7.offline]#

 

注：以上rpm包为根据官方源码包openssh-8.0p1.tar.gz rpmbuild生成

 

3．安装

 

2．1．安装前查看状态

[root@testserver3 openssh-8.0p1-1.el7.offline]# rpm -qa |grep openssh

openssh-server-7.4p1-16.el7.x86_64

openssh-clients-7.4p1-16.el7.x86_64

openssh-7.4p1-16.el7.x86_64

2．2．执行升级

[root@testserver3 openssh-8.0p1-1.el7.offline]# ll

total 3936

-rw-r--r--. 1 root root  514232 Jan  8 11:12 openssh-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root  505616 Jan  8 11:12 openssh-clients-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root 2603832 Jan  8 11:12 openssh-debuginfo-8.0p1-1.el7.centos.x86_64.rpm

-rw-r--r--. 1 root root  400260 Jan  8 11:12 openssh-server-8.0p1-1.el7.centos.x86_64.rpm

[root@testserver3 openssh-8.0p1-1.el7.offline]# rpm -Uvh *.rpm

Preparing...                          ################################# [100%]

Updating / installing...

   1:openssh-8.0p1-1.el7.centos       ################################# [ 14%]

   2:openssh-clients-8.0p1-1.el7.cento################################# [ 29%]

   3:openssh-server-8.0p1-1.el7.centos################################# [ 43%]

   4:openssh-debuginfo-8.0p1-1.el7.cen################################# [ 57%]

Cleaning up / removing...

   5:openssh-server-7.4p1-16.el7      ################################# [ 71%]

   6:openssh-clients-7.4p1-16.el7     ################################# [ 86%]

   7:openssh-7.4p1-16.el7             ################################# [100%]

 

2．3．安装新版本及验证

[root@testserver3 openssh-8.0p1-1.el7.offline]# rpm -qa |grep openssh

openssh-clients-8.0p1-1.el7.centos.x86_64

openssh-debuginfo-8.0p1-1.el7.centos.x86_64

openssh-8.0p1-1.el7.centos.x86_64

openssh-server-8.0p1-1.el7.centos.x86_64

[root@testserver3 openssh-8.0p1-1.el7.offline]# ssh -V

OpenSSH_8.0p1, OpenSSL 1.0.2k-fips  26 Jan 2017

以上openssh的版本更新成功，但ssh没法启动，下面操做去解决。

2．4．更新下面3个sshd_config配置参数以下：

# grep -E 'PermitRootLogin|UsePAM|PasswordAuthentication' /etc/ssh/sshd_config |grep -Ev '^#'

PermitRootLogin yes

PasswordAuthentication yes

UsePAM no

2．5．重启sshd服务，验证SSH可正常登录

[root@testserver3 openssh-8.0p1-1.el7.offline]# systemctl restart sshd