Rocky Linux 9.4 升级安装Openssh 9.7 ,使用 rpmbuild 将openssh源码包编译成rpm包来进行安装

https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/

openssh-9.7p1.tar.gz

注意：升级过程中ssh可能会断开连接和服务启动失败

一.安装所需依赖包


yum install wget tree openssl-devel libXt-devel imake gtk2-devel perl krb5-devel rpm-build rpmdevtools tar pam-devel zlib-devel gcc-c++ -y

二.RPM包制作

注：本页面操作在/root/下运行

# 生成目录结构

[root@localhost ~]# rpmdev-setuptree

# 源码及spec文件放入指定目录
mv openssh-9.7p1.tar.gz rpmbuild/SOURCES/

tar zxvf rpmbuild/SOURCES/openssh-9.7p1.tar.gz openssh-9.7p1/contrib/redhat/openssh.spec

mv openssh-9.7p1/contrib/redhat/openssh.spec rpmbuild/SPECS/

# 下载 ssh-askpass包
// wget -c 断点续传，-P 保存到指定的目录

wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz -c -P rpmbuild/SOURCES/

# 完成后目录结构
[root@localhost ~]# tree rpmbuild/
rpmbuild/
├── BUILD
├── RPMS
├── SOURCES
│   ├── openssh-9.7p1.tar.gz
│   └── x11-ssh-askpass-1.2.4.1.tar.gz
├── SPECS
│   └── openssh.spec
└── SRPMS

# 编译并生成rpm
cd ~/rpmbuild/SPECS
rpmbuild -ba openssh.spec

# 编译完成后的rpm包生成在rpmbuild/RPMS目录中
[root@localhost ~]# ls rpmbuild/RPMS/x86_64/
openssh-9.7p1-1.el9.x86_64.rpm                          openssh-clients-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-askpass-9.7p1-1.el9.x86_64.rpm                  openssh-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-askpass-debuginfo-9.7p1-1.el9.x86_64.rpm        openssh-debugsource-9.7p1-1.el9.x86_64.rpm
openssh-askpass-gnome-9.7p1-1.el9.x86_64.rpm            openssh-server-9.7p1-1.el9.x86_64.rpm
openssh-askpass-gnome-debuginfo-9.7p1-1.el9.x86_64.rpm  openssh-server-debuginfo-9.7p1-1.el9.x86_64.rpm
openssh-clients-9.7p1-1.el9.x86_64.rpm

三.备份源ssh配置

mkdir -p /backup/ssh_backup/pam.d
cp /etc/pam.d/sshd /backup/ssh_backup/pam.d/
cp -r /etc/ssh /backup/ssh_backup/

原pam配置文件信息，如果忘记备份可以复制粘贴内容

[root@localhost ~]# ll /etc/pam.d/sshd 
-rw-r--r--. 1 root root 727 Apr 18 10:51 /etc/pam.d/sshd
[root@localhost ~]# cat /etc/pam.d/sshd 
#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin

四.安装openssh (如果在其它rocky9中安装,可直接复制RPM包过去安装,需要注意的是会安装一些依赖包,如果在离线的情况下，需要手动下载提示的依赖包并安装)

yum localinstall openssh-*.rpm

五.还原配置文件

cp /backup/ssh_backup/pam.d/sshd /etc/pam.d/
chmod 400 /etc/ssh/ssh_host_*


# 修改配置文件sftp内容
sed -i 's?/usr/libexec/openssh/sftp-server?/usr/libexec/openssh/sftp-server -l INFO -f AUTH?g' /etc/ssh/sshd_config

# 修改配置文件 UsePAM
sed -i 's?#UsePAM no?UsePAM yes?g' /etc/ssh/sshd_config

systemctl restart sshd

六.查看服务状态

[root@localhost ~]# ssh -V
OpenSSH_9.7p1, without OpenSSL

Rocky Linux 9.4 升级安装Openssh 9.7 ,使用 rpmbuild 将openssh源码包编译成rpm包来进行安装

注意：升级过程中ssh可能会断开连接和服务启动失败

一.安装所需依赖包

二.RPM包制作

三.备份源ssh配置

四.安装openssh (如果在其它rocky9中安装,可直接复制RPM包过去安装,需要注意的是会安装一些依赖包,如果在离线的情况下，需要手动下载提示的依赖包并安装)

五.还原配置文件

六.查看服务状态

悦读