CentOS8.2制作RPM包升级Openssh9.0p1

本文以网上找到 筑梦之路 的文章作为参考

客户漏洞扫描提示CentOS8.2自带的openssh8.0p1有漏洞需要升级，通过查询得知需要升级到8.8以上版本才行，目前最新版本为9.0p1，那就升级到最新版得了。

1.准备工作

•  由于CentOS官方源下线了，所以改用阿里源

mkdir /etc/yum.repos.d.bak
cp /etc/yum.repos.d/* /etc/yum.repos.d.bak/
rm -rf /etc/yum.repos.d/*
cd /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
yum makecache

2.安装依赖包和RPM包制作工具

mkdir /tmp/openssh
cd /tmp/openssh
dnf install -y rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl

wget http://www.rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/imake-1.0.7-11.el8.x86_64.rpm
rpm -ivh imake-1.0.7-11.el8.x86_64.rpm
#下载制作升级包的源文件

  wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

  wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

3.开始制作

#拷贝源文件到指定目录，只解压openssh-9.0p1的包
tar -zxf openssh-9.0p1.tar.gz
cp openssh-9.0p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES
cp openssh-9.0p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/

  cd /root/rpmbuild/SPECS/

  rpmbuild -ba openssh.spec

#生成的安装包在/root/rpmbuild/RPMS/x86_64/目录里
#安装生成的RPM包,安装完成后可用ssh -V验证版本

  cd /root/rpmbuild/RPMS/x86_64/

  dnf install ./*.rpm

  chmod 600 /etc/ssh/ssh_host*key

  echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

  echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config 

  systemctl restart sshd && systemctl enable sshd