CentOS7编译生成OpenSSH的RPM包without OpenSSL 2025-03-25 linux 暂无评论 105 次阅读 #制作RPM步骤 1、安装相关依赖 ``` yum -y install rpm-build yum -y install gcc make pcre-devel openssl-devel yum -y install pam-devel yum -y install krb5-devel ``` 其他备用 ``` yum -y install vim yum -y install yum-utils ``` 2、进入root用户目录,建立文件夹 ``` cd /root mkdir -pv rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} ``` 3、将下载的openssh源码上传到 /root/rpmbuild/SOURCES/,然后解压 ``` cd /root/rpmbuild/SOURCES/ tar -zxvf openssh-9.9p2.tar.gz ``` 4、拷贝编译配置文件 ``` #相对地址 cp openssh-9.9p2/contrib/redhat/openssh.spec ../SPECS #绝对地址(推荐) cp /root/rpmbuild/SOURCES/openssh-9.9p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS ``` 5、修改配置文件,去除x11-askpass和gnome-askpass ``` vim /root/rpmbuild/SPECS/openssh.spec ``` ``` #打开后更新如下信息 # Do we want to disable building of x11-askpass? (1=yes 0=no) %define no_x11_askpass 1 # Do we want to disable building of gnome-askpass? (1=yes 0=no) %define no_gnome_askpass 1 ``` 6、生成RPM文件 ``` rpmbuild -bb /root/rpmbuild/SPECS/openssh.spec ``` 生成文件目录/root/rpmbuild/RPMS/x86_64/ 打包RPM ``` tar -zcvf /root/openssh-9.9p2_rpm_for_centos7.9.tar.gz /root/rpmbuild/RPMS/x86_64/*.rpm ``` 相关下载如下 [openssh-9.9p2_rpm_for_centos7.9.zip](https://blog.moper.net/usr/uploads/2025/03/292142158.zip) #安装升级步骤 1、备份原文件和目录 ``` cp -a /etc/ssh /etc/ssh.bak cp -a /etc/pam.d/sshd /etc/pam.d/sshd.bak ``` 2、检查当前环境有无存在该压缩包没有的openssh相关包 ``` rpm -qa | grep openssh ``` ``` openssh-askpass-8.0p1-13.0.1.an8.x86_64 openssh-clients-8.0p1-13.0.1.an8.x86_64 openssh-8.0p1-13.0.1.an8.x86_64 openssh-server-8.0p1-13.0.1.an8.x86_64 ``` 需要卸载掉RPM压缩包中不包含的openssh-askpass ``` yum remove openssh-askpass-8.0p1-13.0.1.an8.x86_64 ``` 3、进入openssh的RPM包目录,进行安装 ``` cd /root/rpmbuild/RPMS/x86_64/ ``` 安装当前目录RPM包 ``` yum -y localinstall *.rpm ``` 还原/etc/pam.d/sshd文件 ``` cp -a /etc/pam.d/sshd.bak /etc/pam.d/sshd ``` 4、配置sshd文件 开启root登录、PAM ``` sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config sed -i -e "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config ``` 设定权限 ``` chmod +x /etc/init.d/sshd chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ecdsa_key chmod 600 /etc/ssh/ssh_host_ed25519_key ``` 解决selinux严格模式问题 ``` touch /.autorelabel ``` 5、设置启动 手动添加自启动 ``` chkconfig --add sshd systemctl enable sshd chkconfig sshd on ``` 重启SSH ``` #Centos6 service sshd restart #执行后SSH连接可能会自动中断,建议能到机房条件下或开启telnet下执行 #Centos7或者openEuler systemctl daemon-reload systemctl restart sshd ``` 执行后SSH连接可能会自动中断,建议能到机房条件下或开启telnet下执行 升级后sshd服务不会自动添加到启动项,可执行`chkconfig –list sshd`查看启动信息。 参考https://blog.csdn.net/weixin_47054517/article/details/146225351 标签: rpm, openssl, openssh 本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。