CentOS7/RHEL7最小化安装系统并制作openssh8.4p1的RPM安装包

使用rpmbuild将tar包打成rpm包，不喜欢编译升级的，使用RPM升级就方便多了。

1，安装依赖环境

[root@centos7-31 ~]#  yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y

[root@centos7-31 ~]#  mkdir -p /root/rpmbuild/{SOURCES,SPECS}

[root@centos7-31 ~]#  cd /root/rpmbuild/SOURCES/

2，下载相关软件。

[root@centos7-31 ~]#  wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

[root@centos7-31 ~]#    tar zxvf openssh-8.4p1.tar.gz

[root@centos7-31 ~]#   cd openssh-8.4p1/

3，修改源码包的ssh配置文件，以免系统中安装RPM后还要再修改配置文件。

[root@centos7-31 ~]#   vi sshd_config

PermitRootLogin yes

PasswordAuthentication yes

4，将pam信息写到源码包中。

[root@centos7-31 ~]#    cat /etc/pam.d/sshd > contrib/redhat/sshd.pam

[root@centos7-31 ~]#   cat /etc/pam.d/sshd > contrib/redhat/sshd.pam.old

5，重新打包ssh软件，然后修改spec文件。

[root@centos7-31 ~]#   tar cvf openssh-8.4p1.tar.gz openssh-8.4p1/

[root@centos7-31 ~]#   cp /root/openssh-8.4p1/contrib/redhat/openssh.spec   /root/rpmbuild/SPECS/

[root@centos7-31 ~]#   sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec

[root@centos7-31 ~]#    sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/

6，

第一个报错: openssl-devel < 1.1 被 openssh-8.3p1-1.el7.x86_64 需要

构建依赖失败：openssl-devel < 1.1 被 openssh-8.3p1-1.el7.x86_64 需要 解决方法：

[root@localhost SPECS]# vim openssh.spec 

注释掉 BuildRequires: openssl-devel < 1.1 

第二个报错：RPM build errors:
Installed (but unpackaged) file(s) found:

RPM build errors:
	Installed (but unpackaged) file(s) found:
	/usr/libexec/openssh/ssh-sk-helper
	/usr/share/man/man8/ssh-sk-helper.8.gz

解决方法：

vi /usr/lib/rpm/macros

#%__check_files %{_rpmconfigdir}/check-files %{buildroot}

注释改行

[root@centos7-31 ~]#    rpmbuild -ba openssh.spec

7，打包成功后，删除原来的软件，并删除配置目录，安装新软件包。

 [root@centos7-31 ~]#    rpm -e `rpm -qa |grep openssh` --nodeps

[root@centos7-31 ~]#    rm -rf /etc/ssh

[root@centos7-31 ~]#    rpm -ivh *.rpm

8，RPM安装包下载

 Centos7-RHEL7-openssh8.4p1.zip

Centos6-RHEL6_openssh8.4.zip

2.异常处理：

CRT7.0.0由于sshd升级弱算法将不采用

Key exchange failed.No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256No compatible hostkey. The server supports these methods: ssh-ed25519

centos 7 增加配置

cat >>/etc/ssh/sshd_config <<-EOF
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
EOF

systemctl restart sshd

centos 6增加配置

cat >>/etc/ssh/sshd_config <<-EOF
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,curve25519-sha256,curve25519-sha256@libssh.org
EOF

service sshd restart