请选择 进入手机版 | 继续访问电脑版
 找回密码
 立即注册
搜索

本文来自

安全运维工具

安全运维工具

人已关注

请添加对本版块的简短描述

精选帖子

k8s apiserver --v  日志级别
k8s apiserver --v 日志级别
0阅读|225人阅读
阿里云CDN计费
阿里云CDN计费
0阅读|500人阅读
信用卡空当接龙
信用卡空当接龙
0阅读|530人阅读
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
3阅读|921人阅读

CentOS7升级安装openssh7.9p1

[复制链接]
360 abc 发表于 2019-11-18 19:15:50




文章目录

    备份文件
    安装依赖
    编译生成rpm包
    执行安装/升级
    安装包分发

备份文件

务必备份!最后会用得到!

mkdir -p ~/openssh-bak
cp -ar /etc/ssh ~/openssh-bak
cp -ar /etc/pam.d ~/openssh-bak
1
2
3
       
mkdir -p ~/openssh-bak
cp -ar /etc/ssh ~/openssh-bak
cp -ar /etc/pam.d ~/openssh-bak

安装依赖

yum install gcc rpm-build openssl-devel pam-devel perl-macros
1
       
yum install gcc rpm-build openssl-devel pam-devel perl-macros

编译生成rpm包

[root@localhost ~]# mkdir -p /usr/src/redhat/{SOURCES,SPECS}
[root@localhost ~]# cd /usr/src/redhat/SOURCES/
[root@localhost ~]# wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
[root@localhost ~]# cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/
[root@localhost SOURCES]# wget https://cdn.openbsd.org/pub/Open ... penssh-7.9p1.tar.gz
[root@localhost SOURCES]# tar -zvxf openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec
[root@localhost SOURCES]# mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/
[root@localhost SOURCES]# chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# cp /usr/src/redhat/SPECS/openssh.spec  /usr/src/redhat/SPECS/openssh.spec_def
[root@localhost SOURCES]# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# mkdir -p ~/rpmbuild/SOURCES/
[root@localhost SOURCES]# cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz ~/rpmbuild/SOURCES/
[root@localhost SOURCES]# cd /usr/src/redhat/SPECS/
[root@localhost SPECS]# rpmbuild -ba openssh.spec

[root@localhost SPECS]# ll /root/rpmbuild/RPMS/x86_64/openssh-*
-rw-r--r-- 1 root root  496204 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  548576 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-clients-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2508852 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  391696 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-server-7.9p1-1.el7.x86_64.rpm


参考:https://blog.csdn.net/qq_42609381/article/details/82855043
# 编译过程遇到的错误:
错误:构建依赖失败:  openssl-devel < 1.1 被 openssh-7.9p1-1.el7.x86_64 需要
解决:[root@localhost SPECS]# vim openssh.spec   注释掉  BuildRequires: openssl-devel < 1.1 这一行

错误:configure: error: PAM headers not found
RPM 构建错误: /var/tmp/rpm-tmp.OB3GHI (%build) 退出状态不好
解决: yum install pam-devel


错误:坏文件:/root/rpmbuild/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz: 没有那个文件或目录
解决:
wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
       
[root@localhost ~]# mkdir -p /usr/src/redhat/{SOURCES,SPECS}
[root@localhost ~]# cd /usr/src/redhat/SOURCES/
[root@localhost ~]# wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
[root@localhost ~]# cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/
[root@localhost SOURCES]# wget https://cdn.openbsd.org/pub/Open ... penssh-7.9p1.tar.gz
[root@localhost SOURCES]# tar -zvxf openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec
[root@localhost SOURCES]# mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/
[root@localhost SOURCES]# chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# cp /usr/src/redhat/SPECS/openssh.spec  /usr/src/redhat/SPECS/openssh.spec_def
[root@localhost SOURCES]# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
[root@localhost SOURCES]# mkdir -p ~/rpmbuild/SOURCES/
[root@localhost SOURCES]# cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz ~/rpmbuild/SOURCES/
[root@localhost SOURCES]# cd /usr/src/redhat/SPECS/
[root@localhost SPECS]# rpmbuild -ba openssh.spec

[root@localhost SPECS]# ll /root/rpmbuild/RPMS/x86_64/openssh-*
-rw-r--r-- 1 root root  496204 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  548576 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-clients-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2508852 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-7.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  391696 1月  17 13:31 /root/rpmbuild/RPMS/x86_64/openssh-server-7.9p1-1.el7.x86_64.rpm


参考:https://blog.csdn.net/qq_42609381/article/details/82855043
# 编译过程遇到的错误:
错误:构建依赖失败:  openssl-devel < 1.1 被 openssh-7.9p1-1.el7.x86_64 需要
解决:[root@localhost SPECS]# vim openssh.spec   注释掉  BuildRequires: openssl-devel < 1.1 这一行

错误:configure: error: PAM headers not found
RPM 构建错误: /var/tmp/rpm-tmp.OB3GHI (%build) 退出状态不好
解决: yum install pam-devel


错误:坏文件:/root/rpmbuild/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz: 没有那个文件或目录
解决:
wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/

以上操作可以保存为bash文件执行:

!#/bin/bash

mkdir -p /usr/src/redhat/{SOURCES,SPECS}
cd /usr/src/redhat/SOURCES/
wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/
wget https://cdn.openbsd.org/pub/Open ... penssh-7.9p1.tar.gz
tar -zvxf openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec
mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/
chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec
cp /usr/src/redhat/SPECS/openssh.spec  /usr/src/redhat/SPECS/openssh.spec_def
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
mkdir -p ~/rpmbuild/SOURCES/
cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz ~/rpmbuild/SOURCES/
cd /usr/src/redhat/SPECS/
rpmbuild -ba openssh.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
       
!#/bin/bash

mkdir -p /usr/src/redhat/{SOURCES,SPECS}
cd /usr/src/redhat/SOURCES/
wget http://ftp.riken.jp/Linux/momong ... pass-1.2.4.1.tar.gz
cp x11-ssh-askpass-1.2.4.1.tar.gz  /root/rpmbuild/SOURCES/
wget https://cdn.openbsd.org/pub/Open ... penssh-7.9p1.tar.gz
tar -zvxf openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec
mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/
chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec
cp /usr/src/redhat/SPECS/openssh.spec  /usr/src/redhat/SPECS/openssh.spec_def
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
mkdir -p ~/rpmbuild/SOURCES/
cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz ~/rpmbuild/SOURCES/
cd /usr/src/redhat/SPECS/
rpmbuild -ba openssh.spec

执行安装/升级

卸载当前版本的openssh

rpm -e `rpm -qa |grep openssh`
如果有依赖:
rpm -e `rpm -qa |grep openssh` --nodeps
1
2
3
       
rpm -e `rpm -qa |grep openssh`
如果有依赖:
rpm -e `rpm -qa |grep openssh` --nodeps

删除/etc/ssh/下所有文件(注意检查是否备份)

rm -rf /etc/ssh/*
1
       
rm -rf /etc/ssh/*

rpm安装openssh7.9p1

cd /root/rpmbuild/RPMS/x86_64/
rpm -iv --force --nodeps *.rpm
1
2
       
cd /root/rpmbuild/RPMS/x86_64/
rpm -iv --force --nodeps *.rpm

配置服务

设置开机启动:
chkconfig sshd on

编辑ssh配置文件:
vim /etc/ssh/sshd_config
配置:
UsePAM yes
如果要允许root用户ssh登录需要配置:PermitRootLogin yes

服务重启
service sshd restart

验证连接和版本
ssh -V
1
2
3
4
5
6
7
8
9
10
11
12
13
14
       
设置开机启动:
chkconfig sshd on

编辑ssh配置文件:
vim /etc/ssh/sshd_config
配置:
UsePAM yes
如果要允许root用户ssh登录需要配置:PermitRootLogin yes

服务重启
service sshd restart

验证连接和版本
ssh -V

由于升级后sshd会修改 /etc/pam.d/sshd 文件,用户将无法登录,报以下错误:

PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
PAM adding faulty module: /lib64/security/pam_stack.so
1
2
       
PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
PAM adding faulty module: /lib64/security/pam_stack.so

解决办法是需要将之前备份的该文件还原回去。
安装包分发

rpm包编译生成好了之后可以分发到其他的服务器上,执行以下指令打包即可,此外也可以通过scp指令进行分发。

cd /root/rpmbuild/RPMS/x86_64/
zip openssh.zip *
1
2
       
cd /root/rpmbuild/RPMS/x86_64/
zip openssh.zip *









参考连接:

https://www.cnblogs.com/liao-lin/p/10286722.html








https://johng.cn/install-openssh7-9p1-in-centos7/
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表