CentOS8.2製作RPM包升級Openssh9.0p1
阿新 • • 發佈:2022-05-10
本文以網上找到 築夢之路 的文章作為參考
客戶漏洞掃描提示CentOS8.2自帶的openssh8.0p1有漏洞需要升級,通過查詢得知需要升級到8.8以上版本才行,目前最新版本為9.0p1,那就升級到最新版得了。
1.準備工作
- 由於CentOS官方源下線了,所以改用阿里源
mkdir /etc/yum.repos.d.bak cp /etc/yum.repos.d/* /etc/yum.repos.d.bak/ rm -rf /etc/yum.repos.d/* cd /etc/yum.repos.d/ wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
yum makecache
2.安裝依賴包和RPM包製作工具
mkdir /tmp/openssh
cd /tmp/openssh dnf install -y rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl wget http://www.rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/imake-1.0.7-11.el8.x86_64.rpm rpm -ivh imake-1.0.7-11.el8.x86_64.rpm
#下載製作升級包的原始檔
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
3.開始製作
#拷貝原始檔到指定目錄,只解壓openssh-9.0p1的包 tar -zxf openssh-9.0p1.tar.gz cp openssh-9.0p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES cp openssh-9.0p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec
#生成的安裝包在/root/rpmbuild/RPMS/x86_64/目錄裡
#安裝生成的RPM包,安裝完成後可用ssh -V驗證版本
cd /root/rpmbuild/RPMS/x86_64/
dnf install ./*.rpm
chmod 600 /etc/ssh/ssh_host*key
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
systemctl restart sshd && systemctl enable sshd