CentOS Stream 9
ssh -V
需要的RPM包
openssh-9.7p1-1.el9.x86_64.rpm
openssh-clients-9.7p1-1.el9.x86_64.rpm
openssh-server-9.7p1-1.el9.x86_64.rpm
编译openssh
openssh官方只提供源码包,我们选择自己将源码编译为rpm包来升级环境的openssh,需要安装的环境为 CentOS Stream release 9
https://www.openssl.org/source/
wget https://github.com/boypt/openssh-rpms/archive/refs/heads/main.zip
unzip main.zip
cd openssh-rpms-main/
compile.sh:编译脚本el5、el6、el7:对应CentOS5、6、7三个系统,编译相关的参数由SPECS目录下的openssh.spec控制。
编译好的rpm包放在RPMS目录下。
pullsrc.sh:openssh相关源码下载脚本
version.env:定义了openssh及openssl源码的版本信息
CentOS Stream release 9 可以使用 el7 的版本编译
编译成功
Wrote: /root/openssh-rpms-main/el7/SRPMS/openssh-9.7p1-1.el9.src.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-debuginfo-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-clients-debuginfo-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-server-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-debugsource-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-server-debuginfo-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-9.7p1-1.el9.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-clients-9.7p1-1.el9.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.pWvm6r
+ umask 022
+ cd /root/openssh-rpms-main/el7/BUILD
+ cd openssh-9.7p1
+ rm -rf /root/openssh-rpms-main/el7/BUILDROOT/openssh-9.7p1-1.el9.x86_64
+ RPM_EC=0
++ jobs -p
+ exit 0
~/openssh-rpms-main
修改openssl版本
# cat version.env
#OPENSSLSRC=openssl-3.0.11.tar.gz # 注释此版本
OPENSSLSRC=openssl-1.1.1v.tar.gz # 修改为1.1.1
OPENSSHSRC=openssh-9.7p1.tar.gz
ASKPASSSRC=x11-ssh-askpass-1.2.4.1.tar.gz
PKGREL=4OPENSSHVER=${OPENSSHSRC%%.tar.gz}
OPENSSHVER=${OPENSSHVER##openssh-}
OPENSSLVER=${OPENSSLSRC%%.tar.gz}
OPENSSLVER=${OPENSSLVER##openssl-}
修改openssh.spec文件
openssh源码中是没有ssh-copy-id相关参数的,如果直接编译安装,会发现安装后没有ssh-copy-id命令,因此如果需要用到该命令,需要修改编译参数控制文件openssh.spec
vim el7/SPECS/openssh.spec
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id
%attr(0755,root,root) %{_bindir}/ssh-copy-id
下载编译包gcc等
yum groupinstall -y "Development Tools"
yum install -y make rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel
yum install -y perl
编辑compile.sh,把el9版本的打包输出到el7的文件夹中
vim compile.sh
拉取源码
./pullsrc.sh
打包
./compile.sh
RPM包文件路径
ll el7/RPMS/x86_64/openssh-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-clients-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-server-9.7p1-1.el9.x86_64.rpm
openssh-debugsource-9.7p1-1.el9.x86_64.rpm
openssh-server-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-9.7p1-1.el9.x86_64.rpm
openssh-clients-9.7p1-1.el9.x86_64.rpm
升级openssh
##注释掉的根据实际情况处理
#查询原openssh8.9p1是否有安装openssh-askpass,若有需先删除
rpm -qa | grep openssh
rpm -e openssh-askpass-gnome-8.9p1#原有openssh配置文件备份
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
cp /etc/pam.d/sshd /etc/pam.d/sshd.backup
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.backup#安装依赖文件(如果需要)
#yum install -y libICE
#yum install -y libSM
#yum install -y libX11
#yum install -y libXt
#yum install -y atk
#yum install -y cairo
#yum install -y gdk-pixbuf2
#yum install -y gtk2#openssh9.7p1 RPM包文件目录执行安装
yum localinstall -y openssh-*.rpm#检查相应配置文件后,还原备份文件(可选)
#cp /etc/ssh/sshd_config.backup /etc/ssh/sshd_config
#cp /etc/pam.d/sshd.backup /etc/pam.d/sshd
#cp /etc/pam.d/system-auth.backup /etc/pam.d/system-auth#可能出现的报错 :Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
解决办法:权限变成600chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key#重启sshd服务
#systemctl enable sshd
systemctl restart sshd#检查SSH版本
ssh -V