openssh rpm软件包制作
#备份
[root@localhost ~]# cp /etc/pam.d/sshd /etc/pam.d/sshd-bak
[root@localhost ~]# cp -r /etc/pam.d/system-auth /etc/pam.d/system-auth-bak
[root@localhost ~]# cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
[root@localhost ~]# cp -r /etc/ssh/ssh_config /etc/ssh/ssh_config-bak
#创建制作路径
[root@localhost ~]# mkdir -p /root/rpmbuild/{SOURCES,SPECS}
[root@localhost ~]# cd /root/rpmbuild/SOURCES
#下载制作包
[root@localhost SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
[root@localhost SOURCES]# wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
#安装所需依赖
[root@localhost ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make -y
#解压,指定解压出文件
[root@localhost SOURCES]# tar xf openssh-9.0p1.tar.gz openssh-9.0p1/contrib/redhat/openssh.spec
#复制官方提供的spec文件,rpm-build需要根据这个文件来制作rpm包
[root@localhost SOURCES]# cp openssh-9.0p1/contrib/redhat/openssh.spec ../SPECS/
#备份文件
[root@localhost SOURCES]# cp /root/rpmbuild/SPECS/openssh.spec /root/rpmbuild/SPECS/openssh.spec_bak
#关掉no_gnome_askpass no_x11_askpass这两个参数
[root@localhost SOURCES]# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
[root@localhost SOURCES]# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
#避免制作过程遇见以下错误,建议先注释
[root@localhost SOURCES]# cd /root/rpmbuild/SPECS/
[root@localhost SPECS]# vim openssh.spec
#BuildRequires: openssl-devel < 1.1 #大约在103行左右,将这行注释
#开始制作
[root@localhost SPECS]# rpmbuild -ba openssh.spec
...
检查未打包文件:/usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.0p1-1.el7.centos.x86_64
写道:/root/rpmbuild/SRPMS/openssh-9.0p1-1.el7.centos.src.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-9.0p1-1.el7.centos.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-clients-9.0p1-1.el7.centos.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-server-9.0p1-1.el7.centos.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-askpass-9.0p1-1.el7.centos.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-9.0p1-1.el7.centos.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.0p1-1.el7.centos.x86_64.rpm
执行(%clean): /bin/sh -e /var/tmp/rpm-tmp.n0ooAt
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.0p1
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.0p1-1.el7.centos.x86_64
+ exit 0
[root@localhost x86_64]# pwd
/root/rpmbuild/RPMS/x86_64
[root@localhost x86_64]# ll
总用量 5004
-rw-r--r-- 1 root root 665932 8月 9 14:44 openssh-9.0p1-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 44492 8月 9 14:44 openssh-askpass-9.0p1-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 25760 8月 9 14:44 openssh-askpass-gnome-9.0p1-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 655372 8月 9 14:44 openssh-clients-9.0p1-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 3252592 8月 9 14:44 openssh-debuginfo-9.0p1-1.el7.centos.x86_64.rpm
-rw-r--r-- 1 root root 465284 8月 9 14:44 openssh-server-9.0p1-1.el7.centos.x86_64.rpm
#拿出需要的
openssh-9.0p1-1.el7.centos.x86_64.rpm
openssh-clients-9.0p1-1.el7.centos.x86_64.rpm
openssh-server-9.0p1-1.el7.centos.x86_64.rpm安装后需要修改
#删除/etc/ssh/ssh*key,或者直接重启生成这些文件,或者手动生成
[root@localhost ~]# rm -f /etc/ssh/ssh*key
[root@localhost ~]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
[root@localhost ~]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
[root@localhost ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
[root@localhost ~]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
#允许root直接登录
[root@localhost ~]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost ~]# systemctl restart sshd- 遇见问题
1.如果重启后发现账号密码都对但是就是无法登录的请还原/etc/pam.d/sshd文件
[root@localhost ~]# mv /etc/pam.d/sshd /etc/pam.d/sshd-bak2
[root@localhost ~]# mv /etc/pam.d/sshd-bak /etc/pam.d/sshd2.重启失败
#更新key秘钥对权限
[root@localhost ~]# chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
[root@localhost ~]# systemctl restart sshd