1
2
3
|
[root@localhost ~]
# wget http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
[root@localhost ~]
# tar -zxf openssh-6.6p1.tar.gz -C /usr/src/
[root@localhost ~]
# cd /usr/src/openssh-6.6p1
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
//512行左右
struct
passwd *pw;
struct
stat st;
int
status, devnull, p[2], i;
pid_t pid;
//char *username, errmsg[512]; 注释掉此行代码
char
*username, *fp, errmsg[512]; 添加此行代码
if
(options.authorized_keys_command == NULL ||
options.authorized_keys_command[0] !=
'/'
)
return
0;
//552行左右
if
(pipe(p) != 0) {
error(
"%s: pipe: %s"
, __func__,
strerror
(
errno
));
goto
out;
}
// debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"", 注释掉这行
// options.authorized_keys_command, user_pw->pw_name, pw->pw_name); 注释掉这行
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 添加这行
debug3(
"Running AuthorizedKeysCommand: \"%s %s %s\" as \"%s\""
,
options.authorized_keys_command, user_pw->pw_name, fp, pw->pw_name);
/*
* Don't want to call this in the child, where it can fatal() and
* run cleanup_exit() code.
*/
restore_uid();
switch
((pid = fork())) {
case
-1:
/* error */
//602行左右
/* stdin is pointed to /dev/null at this point */
if
(dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
error(
"%s: dup2: %s"
, __func__,
strerror
(
errno
));
_exit(1);
}
execl(options.authorized_keys_command,
// options.authorized_keys_command, user_pw->pw_name, NULL); 注释掉此行
options.authorized_keys_command, user_pw->pw_name, fp, NULL); 添加此行
error(
"AuthorizedKeysCommand %s exec failed: %s"
,
options.authorized_keys_command,
strerror
(
errno
));
_exit(127);
default
:
/* parent */
break
;
}
free
(fp); 添加此行
temporarily_use_uid(pw);
|
1
2
3
4
5
6
7
|
[root@localhost ~]
# cd /usr/src/openssh-6.6p1/contrib/redhat #本文系统为CentOS 6.5
[root@localhost ~]
# vim openssh.spec #更改spec文档,关闭一些用不到的参数
# Do we want to disable building of x11-askpass? (1=yes 0=no)
%define no_x11_askpass 1
#此处设置为1,不构建x11-askpass
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 1
#此处设置为1,不构建gnome-askpass
|
1
2
3
4
5
6
|
[root@localhost ~]
# cd /usr/src/
[root@localhost ~]
# tar -zcf openssh-6.6p1.tar.gz openssh-6.6p1/
注意:此处必须在
/usr/src/
目录下打包,否则制作rpm包时会报错,且文件名必须如上所示
[root@localhost ~]
# cd /usr/src/openssh-6.6p1/contrib/redhat
[root@localhost ~]
# rpmbuild -bb openssh.spec #开始制作rpm包
注意:制作rpm包的时候可能会遇到依赖包不全的问题,常见的有pam pam-devel glibc glibc-devel tcp_wrappers-devel openssl098e gcc等,此处不再一一赘述。
|
1
2
3
4
5
6
|
#AuthorizedKeysFile .ssh/authorized_keys //注释掉这一行
#AuthorizedPrincipalsFile none
AuthorizedKeysCommand
/bin/ssh-zhy
.sh
//
添加这一行,指定查找
ssh
-key的脚本
AuthorizedKeysCommandUser root
//
添加这一行,指定运行脚本的用户,必须是root
|