[CentOS7]升级SSH9.0p1

SSH9.0 RPM安装包制作

cat  > 01-ssh9.0-upgrade.sh << 'EOF'
#!/bin/bash
# 1. 安装依赖
yum install -y rpm-build gcc gcc-c++ glibc glibc-devel openssl-devel openssl prce pcre-devel zlib zlib-devel make wget krb5-devel pam-devel libX11-devel xmkmf libXt-devel initscripts libXt-devel imake gtk2-devel lrzsz

# 2. 创建安装目录
mkdir -pv /root/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}

# 3. 下载源码包
curl -O https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz \
&& mv openssh-9.0p1.tar.gz /root/rpmbuild/SOURCES

# 4. 解压配置文件
tar zxvf /root/rpmbuild/SOURCES/openssh-9.0p1.tar.gz -C /root/rpmbuild/SOURCES/
mv /root/rpmbuild/SOURCES/openssh-9.0p1 /root/rpmbuild/SPECS

# 5. 配置spec编译文件
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh-9.0p1/contrib/redhat/openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh-9.0p1/contrib/redhat/openssh.spec
sed -i '/openssl-devel < 1.1/s/^/#/' /root/rpmbuild/SPECS/openssh-9.0p1/contrib/redhat/openssh.spec

# 6. 编译RPM
rpmbuild -bb /root/rpmbuild/SPECS/openssh-9.0p1/contrib/redhat/openssh.spec
ll /root/rpmbuild/RPMS/x86_64/

# 7. 备份ssh
mkdir /etc/sshconfig_backup
cp /etc/ssh/sshd_config /etc/sshconfig_backup/
cp /etc/pam.d/sshd /etc/sshconfig_backup/pam.d_sshd
cp -a /root/.ssh /etc/sshconfig_backup

# 8. 升级SSH
rpm -Uvh /root/rpmbuild/RPMS/x86_64/openssh*.rpm

# 9. 恢复配置
\cp /etc/sshconfig_backup/sshd_config /etc/ssh/sshd_config
\cp /etc/sshconfig_backup/pam.d_sshd /etc/pam.d/sshd
# 9.1 并加上PermitRootLogin yes允许root用户登录
sed -i "s/#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
# 9.2
chmod 600 -R /etc/ssh/*

# 10. 重启服务
rm -rf /root/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
systemctl restart sshd
netstat -nltap | grep 22
EOF

bash 01-ssh9.0-upgrade.sh

RPM包CSDN 免费下载地址