Anolis8 制作OpenSSH9.4p1 RPM包🪬

Anolis8 制作OpenSSH9.4p1 RPM包🪬

---

1.下载源码包

下载OpenSSH9.4p1源码包

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# wget https://mirrors.tuna.tsinghua.edu.cn/OpenBSD/OpenSSH/portable/openssh-9.4p1.tar.gz

下载imake包

 

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# yum -y install imake

下载x11-ssh-askpass-1.2.4.1.tar.gz

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

2.安装基本环境

rpm-build 是一个工具集，用于构建和打包 RPM（Red Hat Package Manager）软件包。

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# yum -y install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel  libXt-devel gtk2-devel make perl 

3.使用rpm-build打包编译

rpmbuild基本配置

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# tar -xvf openssh-9.4p1.tar.gz 
[root@iZ2zeam23ltaxefr0nzhn0Z ~]# cd /root/openssh-9.4p1/contrib/redhat/
[root@iZ2zeam23ltaxefr0nzhn0Z redhat]# ll
total 48
-rw-r--r-- 1 1000 1000    58 Aug 10 09:10 gnome-ssh-askpass.csh
-rw-r--r-- 1 1000 1000    70 Aug 10 09:10 gnome-ssh-askpass.sh
-rw-r--r-- 1 1000 1000 30082 Aug 10 09:10 openssh.spec
-rwxr-xr-x 1 1000 1000  1721 Aug 10 09:10 sshd.init
-rw-r--r-- 1 1000 1000   277 Aug 10 09:10 sshd.pam
# 解压之后，可以先初始化生成/root/rpmbuild目录，不用管提示错误
[root@iZ2zeam23ltaxefr0nzhn0Z redhat]# rpmbuild -ba openssh.spec 
[root@iZ2zeam23ltaxefr0nzhn0Z redhat]# cp openssh.spec /root/rpmbuild/SPECS/
[root@iZ2zeam23ltaxefr0nzhn0Z ~]# cp /root/openssh-9.4p1.tar.gz /root/rpmbuild/SOURCES/
[root@iZ2zeam23ltaxefr0nzhn0Z ~]# cp /root/x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/

配置openssh.spec文件及权限

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# cd /root/rpmbuild/SPECS/
[root@iZ2zeam23ltaxefr0nzhn0Z SPECS]# ll
total 32
-rw-r--r-- 1 root root 30082 Sep 27 16:04 openssh.spec
[root@iZ2zeam23ltaxefr0nzhn0Z SPECS]# vim openssh.spec
找到openssl配置
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: openssl-devel < 1.1
# 修改为openssl-devel >= 1.1
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: openssl-devel >= 1.1
[root@iZ2zeam23ltaxefr0nzhn0Z SPECS]# chown -R sshd:sshd /root/rpmbuild/SPECS/openssh.spec 

使用rpmbuild打包

[root@iZ2zeam23ltaxefr0nzhn0Z SPECS]# rpmbuild -ba openssh.spec

4.打包压缩

生成的rpm包在/root/rpmbuild/RPMS/x86_64目录下

[root@iZ2zeam23ltaxefr0nzhn0Z ~]# cd /root/rpmbuild/RPMS/x86_64
[root@iZ2zeam23ltaxefr0nzhn0Z x86_64]# ll
total 6124
-rw-r--r-- 1 root root  707436 Sep 27 16:25 openssh-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root   50200 Sep 27 16:25 openssh-askpass-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root   60940 Sep 27 16:25 openssh-askpass-debuginfo-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root   31164 Sep 27 16:25 openssh-askpass-gnome-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root   42136 Sep 27 16:25 openssh-askpass-gnome-debuginfo-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  674916 Sep 27 16:25 openssh-clients-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1430232 Sep 27 16:25 openssh-clients-debuginfo-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root 1082976 Sep 27 16:25 openssh-debuginfo-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  765092 Sep 27 16:25 openssh-debugsource-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  496324 Sep 27 16:25 openssh-server-9.4p1-1.an8.x86_64.rpm
-rw-r--r-- 1 root root  907696 Sep 27 16:25 openssh-server-debuginfo-9.4p1-1.an8.x86_64.rpm

只需要打包这三个就行 
openssh-9.4p1-1.an8.x86_64.rpm 
openssh-clients-9.4p1-1.an8.x86_64.rpm 
openssh-server-9.4p1-1.an8.x86_64.rpm

[root@iZ2zeam23ltaxefr0nzhn0Z x86_64]# tar -zcvf openssh9.4p1.tar.gz openssh-9.4p1-1.an8.x86_64.rpm openssh-clients-9.4p1-1.an8.x86_64.rpm openssh-server-9.4p1-1.an8.x86_64.rpm

5.升级SSH版本

将打包好的压缩包上传到需要升级的服务器，需提前备份好/etc/pam.d/sshd文件，升级ssh版本会重置sshd文件。

备份sshd文件

 [root@iZ2zeam23ltaxefr0nzhn0Z ~]# cd /etc/pam.d/
 [root@iZ2zeam23ltaxefr0nzhn0Z pam.d]# cp sshd sshd.bak

升级

[root@iZ2zeam23ltaxefr0nzhn0Z x86_64]# cp openssh9.4p1.tar.gz /opt/
[root@iZ2zeam23ltaxefr0nzhn0Z x86_64]# cd /opt/
[root@iZ2zeam23ltaxefr0nzhn0Z opt]# ll
total 1784
-rw-r--r-- 1 root root 1823193 Sep 27 16:33 openssh9.4p1.tar.gz
[root@iZ2zeam23ltaxefr0nzhn0Z opt]# tar -xvf openssh9.4p1.tar.gz 
openssh-9.4p1-1.an8.x86_64.rpm
openssh-clients-9.4p1-1.an8.x86_64.rpm
openssh-server-9.4p1-1.an8.x86_64.rpm
[root@iZ2zeam23ltaxefr0nzhn0Z opt]# yum -y install ./*.rpm
[root@iZ2zeam23ltaxefr0nzhn0Z opt]# ssh -V
OpenSSH_9.4p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021

 [root@iZ2zeam23ltaxefr0nzhn0Z opt]# cat > /etc/pam.d/sshd <<EOF
#%PAM-1.0
auth substack password-auth
auth include postlogin
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so
session include password-auth
session include postlogin
EOF

重启sshd

[root@iZ2zeam23ltaxefr0nzhn0Z pam.d]# cd
[root@iZ2zeam23ltaxefr0nzhn0Z ~]# systemctl restart sshd
[root@iZ2zeam23ltaxefr0nzhn0Z ~]# ssh -V
OpenSSH_9.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021