华为欧拉openeuler 22.03 lts 制作openssh 9.1 rpm包 修复安全漏洞升级更新

1. 处理源码
 
tar -zxf openssh-9.1p1.tar.gz 
 
cd openssh-9.1p1/contrib/redhat/
 
cp -p sshd.pam sshd.pam.old
 
cp -p sshd.init sshd.init.old
 
cd ../../
 
#重新打包源码
 
tar -czf openssh-9.1p1.tar.gz openssh-9.1p1
 
2. 处理openssh.spec
 
注释的地方如下：
 
 94 #PreReq: initscripts >= 5.00
 
103 #BuildRequires: openssl-devel < 1.1
 
3. 手动创建目录
 
mkdir -p /root/rpmbuild/{SPECS,SOURCES}
 
4. 拷贝源码到目录
 
cp openssh-9.1p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
 
5.切换目录进行rpm包制作
 
cd rpmbuild/SPECS/
 
rpmbuild -ba openssh.spec
 
6.查看构建的成果
 
tree RPMS/x86_64/
RPMS/x86_64/
├── openssh-9.1p1-1.x86_64.rpm
├── openssh-askpass-9.1p1-1.x86_64.rpm
├── openssh-askpass-gnome-9.1p1-1.x86_64.rpm
├── openssh-clients-9.1p1-1.x86_64.rpm
├── openssh-debuginfo-9.1p1-1.x86_64.rpm
├── openssh-debugsource-9.1p1-1.x86_64.rpm
└── openssh-server-9.1p1-1.x86_64.rpm
 
tree SRPMS/
SRPMS/
└── openssh-9.1p1-1.src.rpm
 
7.安装测试
 
升级安装只需要三个包：
 
openssh-9.1p1-1.x86_64.rpm
openssh-clients-9.1p1-1.x86_64.rpm
openssh-server-9.1p1-1.x86_64.rpm
 
# 备份配置文件
cp -p /etc/ssh /etc/ssh-backup
cp -p /etc/pam.d/sshd /etc/pam.d/sshd-backup
 
# 升级安装
 
yum localinstall *.rpm
 
# 覆盖/etc/pam.d/sshd
cat /etc/pam.d/sshd
 
#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
## pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth
 
 
# 配置ssh
 
chmod 400 /etc/ssh/ssh_host_* 
echo 'UsePAM yes' >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
 
# 重启sshd服务
systemctl restaret sshd
 
# 验证测试连接即可
 
rpm -qa | grep openssh
 
openssh-server-9.1p1-1.x86_64
openssh-9.1p1-1.x86_64
openssh-clients-9.1p1-1.x86_64
 
ssh -V
OpenSSH_9.1p1, OpenSSL 1.1.1m  14 Dec 2021
 
systemctl status sshd | grep running
Active: active (running) since Fri 2022-10-21 10:59:17 CST; 11min ago
        └─2259192 grep --color=auto running
 
# selinux firewalld已关闭