制作RPM步骤

1、安装相关依赖

yum -y install rpm-build
yum -y install gcc make pcre-devel openssl-devel
yum -y install pam-devel
yum -y install krb5-devel

其他备用

yum -y install vim
yum -y install yum-utils

2、进入root用户目录，建立文件夹

cd /root
mkdir -pv rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}

3、将下载的openssh源码上传到 /root/rpmbuild/SOURCES/，然后解压

cd /root/rpmbuild/SOURCES/
tar -zxvf openssh-9.9p2.tar.gz

4、拷贝编译配置文件

#相对地址
cp openssh-9.9p2/contrib/redhat/openssh.spec  ../SPECS
#绝对地址（推荐）
cp /root/rpmbuild/SOURCES/openssh-9.9p2/contrib/redhat/openssh.spec  /root/rpmbuild/SPECS

5、修改配置文件，去除x11-askpass和gnome-askpass

vim /root/rpmbuild/SPECS/openssh.spec

#打开后更新如下信息

# Do we want to disable building of x11-askpass? (1=yes 0=no)

%define no_x11_askpass 1

# Do we want to disable building of gnome-askpass? (1=yes 0=no)

%define no_gnome_askpass 1

6、生成RPM文件

rpmbuild -bb /root/rpmbuild/SPECS/openssh.spec

生成文件目录/root/rpmbuild/RPMS/x86_64/
打包RPM

tar -zcvf /root/openssh-9.9p2_rpm_for_centos7.9.tar.gz /root/rpmbuild/RPMS/x86_64/*.rpm

相关下载如下
openssh-9.9p2_rpm_for_centos7.9.zip

安装升级步骤

1、备份原文件和目录

cp -a /etc/ssh /etc/ssh.bak
cp -a /etc/pam.d/sshd /etc/pam.d/sshd.bak

2、检查当前环境有无存在该压缩包没有的openssh相关包

rpm -qa | grep openssh

openssh-askpass-8.0p1-13.0.1.an8.x86_64
openssh-clients-8.0p1-13.0.1.an8.x86_64
openssh-8.0p1-13.0.1.an8.x86_64
openssh-server-8.0p1-13.0.1.an8.x86_64

需要卸载掉RPM压缩包中不包含的openssh-askpass

yum  remove openssh-askpass-8.0p1-13.0.1.an8.x86_64

3、进入openssh的RPM包目录，进行安装

cd /root/rpmbuild/RPMS/x86_64/

安装当前目录RPM包

yum  -y  localinstall  *.rpm

还原/etc/pam.d/sshd文件

cp -a /etc/pam.d/sshd.bak /etc/pam.d/sshd

4、配置sshd文件
开启root登录、PAM

sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g"    /etc/ssh/sshd_config
sed -i  -e  "s/#UsePAM no/UsePAM yes/g"  /etc/ssh/sshd_config

设定权限

chmod +x /etc/init.d/sshd
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

解决selinux严格模式问题

touch /.autorelabel

5、设置启动
手动添加自启动

chkconfig --add sshd
systemctl enable sshd
chkconfig sshd on

重启SSH

#Centos6
service sshd restart  #执行后SSH连接可能会自动中断，建议能到机房条件下或开启telnet下执行

#Centos7或者openEuler
systemctl daemon-reload
systemctl restart sshd

执行后SSH连接可能会自动中断，建议能到机房条件下或开启telnet下执行
升级后sshd服务不会自动添加到启动项，可执行chkconfig –list sshd查看启动信息。

参考https://blog.csdn.net/weixin_47054517/article/details/146225351