centos7.6 升级openssh8.8

文档配视频，效果更佳哦---->视频传送门[视频教程]https://edu.51cto.com/lecturer/14390454.html

使用源码制作openssh 8.8 的rpm包
操作系统：centos 7 x86_64 minal
工具软件：rpm-build
源码文件：openssh-8.7p1.tar.gz  x11-ssh-askpass-1.2.4.1.tar.gz
安装前的版本查看：
[root@web01 SPECS]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

#下载包文件
[root@web01 ~]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
 
[root@web01 ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
 
#安装依赖包
 
[root@web01 ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make libXt-devel imake gtk2-devel -y
 
#拷贝源码包到响应目录
mkdir -p /root/pmbuild/SOURCES
cp openssh-8.8p1.tar.gz  x11-ssh-askpass-1.2.4.1.tar.gz /root/pmbuild/SOURCES
 
#解压源码包 拷贝openssh.spec进行修改
tar xf openssh-8.8p1.tar.gz  
mkdir -p /root/rpmbuild/SPECS/
cp openssh-8.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@web01 ~]# cd /root/rpmbuild/SPECS/
[root@web01 SPECS]# vim openssh.spec 
....................
注释#BuildRequires: openssl-devel < 1.1
 
#制作rpm包
[root@web01 ~]# cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
[root@web01 ~]# cp openssh-8.8p1.tar.gz /root/rpmbuild/SOURCES/
[root@web01 ~]# cd /root/rpmbuild/SPECS/
#初始化rpm制作环境
[root@web01 SPECS]# rpmbuild -ba openssh.spec

待制作完成，生成的rpm包在目录/root/rpmbuild/RPMS/x86_64/
[root@web01 SPECS]# cd /root/rpmbuild/RPMS/x86_64/
[root@web01 x86_64]# ls -lt
total 4888
-rw-r--r-- 1 root root 3173128 Oct 27 21:43 openssh-debuginfo-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   25560 Oct 27 21:43 openssh-askpass-gnome-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   44320 Oct 27 21:43 openssh-askpass-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  461500 Oct 27 21:43 openssh-server-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  586992 Oct 27 21:43 openssh-clients-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  701516 Oct 27 21:43 openssh-8.8p1-1.el7.x86_64.rpm

#只需要三个包即可
openssh-server-8.8p1-1.el7.x86_64.rpm   
openssh-clients-8.8p1-1.el7.x86_64.rpm
openssh-8.8p1-1.el7.x86_64.rpm

• 升级（单台测试）

########安装升级测试###################################################################
 
[root@web01 x86_64]# yum localinstall ./*.rpm
#重启服务
[root@web01 x86_64]# systemctl restart sshd
 
#授权
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config  #允许root远程登录
 
#配置认证 (添加下列配置到文件中)
[root@web01 x86_64]# vim /etc/pam.d/sshd 
[root@web01 x86_64]# cat /etc/pam.d/sshd 
#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
### pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
### pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

 
#重启服务
[root@web01 x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@web01 x86_64]# systemctl restart sshd && systemctl enable sshd
sshd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig sshd on

#查看版本
[root@web01 SPECS]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017

• ansible批量服务器升级

#思路（挺简单的）