CentOS 5/6/7 基于开源项目制作openssh 9.6p1 rpm包—— 筑梦之路 ...

背景介绍

开源项目地点：https://github.com/boypt/openssh-rpms.git
该项目紧张支持了centos 5 、6、7版本，针对使用了比较老的操纵系统进行openssh安全加固，还是不错的项目，使用简单、一件制作，欢迎各人去支持作者。这里我来使用试试，并将过程进行记录。
环境阐明

操纵系统：CentOS Linux release 7.3.1611 (Core)
CPU架构：x86
内核版本：3.10.0-514.26.2.el7.x86_64
准备工作

1. 准备源码

1. # 准备源码
3. wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
5. wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1w.tar.gz
7. git clone https://github.com/boypt/openssh-rpms.git
9. # 将源码下载放到downloads目录下

复制代码

2. 准备编译打包环境

1. yum groupinstall -y "Development Tools"
3. yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel

复制代码

3. 修改开源脚本

1. # 修改脚本pullsrc.sh
3. # 第一处
5. source version.env
7. 改为
9. source ./version.env
11. # 第二处
13. wget OPENSSLSRC
15. wget OPENSSHSRC
17. wget ASKPASSSRC
19. 改为
21. wget --no-check-certificate $OPENSSLMIR/$OPENSSLSRC
23. wget --no-check-certificate $OPENSSHMIR/$OPENSSHSRC
25. wget --no-check-certificate $ASKPASSMIR/$ASKPASSSRC
28. 修改脚本compile.sh
30. source version.env
32. 改为
34. source ./version.env

复制代码

1. # 添加ssh-copy-id命令
3. cd el7/SPECS
5. vim  openssh.spec
7. # 307 行后添加
9. install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id
11. # 390行后添加
13. %attr(0755,root,root) %{_bindir}/ssh-copy-id

复制代码

1. # 修改版本openssl的版本 version.env
3. OPENSSLSRC修改为openssl-1.1.1w.tar.gz

复制代码

 编译打包

1. cd openssh-rpms && ./compile.sh el7

复制代码

打包完成后二进制rpm包在目次openssh-rpms/el7/RPMS/x86_64下，源码包在openssh-rpms/el7/SRPMS/下，稍后我将放到我的资源中，若有需要的可自行下载。资源名称为：openssh9.6-centos7.3-x86-64.tgz，资源地点：https://download.csdn.net/download/qq_34777982/88668870

安装测试

1. # 安装更新
3. yum localinstall openssh-*.rpm
5. # 授权
7. chmod 600 /etc/ssh/ssh_host_*
9. # 重启服务
11. systemctl  restart sshd && systemctl  enable sshd --now
13. # 检查服务状态
15. systemctl status sshd

复制代码

FAQ

1. 修改yum源

为什么要修改yum源，系统默认是最新的yum源，在安装依靠包的时间会升级版本和内核，而由于centos 7.3比较老，会出现诸多兼容性问题，因此我们需要将yum改为7.3的。
以下文件作为参考：

1. cat /etc/yum.repos.d/CentOS-Vault.repo
2. # CentOS Vault contains rpms from older releases in the CentOS-7
3. # tree.
5. #c7.3.1611
6. [C7.3.1611-base]
7. name=CentOS-7.3.1611 - Base
8. baseurl=http://vault.centos.org/7.3.1611/os/$basearch/
9. gpgcheck=1
10. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
11. enabled=1
13. [C7.3.1611-updates]
14. name=CentOS-7.3.1611 - Updates
15. baseurl=http://vault.centos.org/7.3.1611/updates/$basearch/
16. gpgcheck=1
17. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
18. enabled=1
20. [C7.3.1611-extras]
21. name=CentOS-7.3.1611 - Extras
22. baseurl=http://vault.centos.org/7.3.1611/extras/$basearch/
23. gpgcheck=1
24. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
25. enabled=1
27. [C7.3.1611-centosplus]
28. name=CentOS-7.3.1611 - CentOSPlus
29. baseurl=http://vault.centos.org/7.3.1611/centosplus/$basearch/
30. gpgcheck=1
31. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
32. enabled=1
34. [C7.3.1611-fasttrack]
35. name=CentOS-7.3.1611 - CentOSPlus
36. baseurl=http://vault.centos.org/7.3.1611/fasttrack/$basearch/
37. gpgcheck=1
38. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
39. enabled=1
41. # C7.1.1503
42. [C7.1.1503-base]
43. name=CentOS-7.1.1503 - Base
44. baseurl=http://vault.centos.org/7.1.1503/os/$basearch/
45. gpgcheck=1
46. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
47. enabled=1
49. [C7.1.1503-updates]
50. name=CentOS-7.1.1503 - Updates
51. baseurl=http://vault.centos.org/7.1.1503/updates/$basearch/
52. gpgcheck=1
53. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
54. enabled=1
56. [C7.1.1503-extras]
57. name=CentOS-7.1.1503 - Extras
58. baseurl=http://vault.centos.org/7.1.1503/extras/$basearch/
59. gpgcheck=1
60. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
61. enabled=0
63. [C7.1.1503-centosplus]
64. name=CentOS-7.1.1503 - CentOSPlus
65. baseurl=http://vault.centos.org/7.1.1503/centosplus/$basearch/
66. gpgcheck=1
67. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
68. enabled=0
70. [C7.1.1503-fasttrack]
71. name=CentOS-7.1.1503 - CentOSPlus
72. baseurl=http://vault.centos.org/7.1.1503/fasttrack/$basearch/
73. gpgcheck=1
74. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
75. enabled=0
77. # C7.2.1511
78. [C7.2.1511-base]
79. name=CentOS-7.2.1511 - Base
80. baseurl=http://vault.centos.org/7.2.1511/os/$basearch/
81. gpgcheck=1
82. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
83. enabled=0
85. [C7.2.1511-updates]
86. name=CentOS-7.2.1511 - Updates
87. baseurl=http://vault.centos.org/7.2.1511/updates/$basearch/
88. gpgcheck=1
89. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
90. enabled=0
92. [C7.2.1511-extras]
93. name=CentOS-7.2.1511 - Extras
94. baseurl=http://vault.centos.org/7.2.1511/extras/$basearch/
95. gpgcheck=1
96. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
97. enabled=0
99. [C7.2.1511-centosplus]
100. name=CentOS-7.2.1511 - CentOSPlus
101. baseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/
102. gpgcheck=1
103. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
104. enabled=0
106. [C7.2.1511-fasttrack]
107. name=CentOS-7.2.1511 - CentOSPlus
108. baseurl=http://vault.centos.org/7.2.1511/fasttrack/$basearch/
109. gpgcheck=1
110. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
111. enabled=0

复制代码

2. 检察防火墙状态

在未关闭selinux、firewalld防火墙的情况下仍旧可以正常连接。 

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。