1、下载源码包
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
2、安装编译环境和依赖包
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make
3、初始化rpm制作环境
rpmbuild -ba openssh.spec
4、拷贝源码包到响应目录
cp openssh-9.0p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES
5、解压源码包 tar -zxvf openssh-9.0p1.tar.gz 拷贝openssh.spec文件
cp openssh-9.0p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
6、修改/root/rpmbuild/SPECS/openssh.spec 文件 屏蔽103行
#BuildRequires: openssl-devel < 1.1
7、制作rpm包
rpmbuild -ba /root/rpmbuild/SPECS/openssh.spec
8、待制作完成,生成的rpm包在目录/root/rpmbuild/RPMS/x86_64/
openssh-9.0p1-1.el7.centos.x86_64.rpm
openssh-askpass-9.0p1-1.el7.centos.x86_64.rpm
openssh-askpass-gnome-9.0p1-1.el7.centos.x86_64.rpm
openssh-clients-9.0p1-1.el7.centos.x86_64.rpm
openssh-debuginfo-9.0p1-1.el7.centos.x86_64.rpm
openssh-server-9.0p1-1.el7.centos.x86_64.rpm
9、备份删除 /etc/ssh 文件夹 再运行补丁升级安装脚本
./install_openssh.sh
10、查看升级是否成功
rpm -qa | grep openssh
ssh -V
11、注意事项
如果要使用密码和老的SSH客户端软件登录上服务器,需要在制作rpm包之前,修改或替换如下文件,再重新打包 tar -czvf openssh-9.0p1.tar.gz openssh-9.0p1 使用上述第4条命令执行。
a、 openssh-9.0p1/contrib/redhat/ sshd.pam
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
acc