通过openssh-rpms制作工具,完成rpm升级包的制作,大佬的工具非常强大。可以现实多操作系统版本的升级操作
- CentOS 5/6/7/8/Stream 8/9
- Amazon Linux 1/2/2023
- UnionTech OS Server 20
- openEuler 22.03 (LTS-SP1)
- AnolisOS 7.9/8.6
- Rocky Linux 8/9
实战CentOS7.9升级openssh到9.9版本
准备升级需要的文件
openssh-rpms-main.zip 制作程序的安装包
openssh-9.9p1.tar.gz openssh的源码包
openssl-1.1.1w.tar.gz openssl的源码包
x11-ssh-askpass-1.2.4.1.tar.gz openssh的依赖包
环境准备#
查看当前版本
[root@centos7 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@centos7 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@centos7 ~]# openssl version -a
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic
[root@centos7 ~]# /usr/sbin/sshd -V
unknown option -- V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
[root@centos7 ~]#下载安装包
解压openssh-rpms-main.zip
[root@centos7 ~]# unzip openssh-rpms-main.zip
Archive: openssh-rpms-main.zip
87327de45b536a0d61d89cf8736f4e4af9b9fa1b
creating: openssh-rpms-main/
creating: openssh-rpms-main/.github/
creating: openssh-rpms-main/.github/workflows/
inflating: openssh-rpms-main/.github/workflows/build-images.yml
inflating: openssh-rpms-main/.github/workflows/create-amd64-release.yml
inflating: openssh-rpms-main/.github/workflows/create-arm64-release.yml
inflating: openssh-rpms-main/.gitignore
inflating: openssh-rpms-main/README.md
creating: openssh-rpms-main/amzn1/
creating: openssh-rpms-main/amzn1/BUILD/
。。。省略
creating: openssh-rpms-main/el6/SPECS/
inflating: openssh-rpms-main/el6/SPECS/openssh.spec
creating: openssh-rpms-main/el6/SRPMS/
extracting: openssh-rpms-main/el6/SRPMS/.keep
creating: openssh-rpms-main/el7/
creating: openssh-rpms-main/el7/BUILD/
extracting: openssh-rpms-main/el7/BUILD/.keep
creating: openssh-rpms-main/el7/RPMS/
extracting: openssh-rpms-main/el7/RPMS/.keep
creating: openssh-rpms-main/el7/SOURCES/
inflating: openssh-rpms-main/el7/SOURCES/sshd.pam.el7
creating: openssh-rpms-main/el7/SPECS/
inflating: openssh-rpms-main/el7/SPECS/openssh.spec
creating: openssh-rpms-main/el7/SRPMS/
extracting: openssh-rpms-main/el7/SRPMS/.keep
inflating: openssh-rpms-main/pullsrc.sh
inflating: openssh-rpms-main/version.env
[root@centos7 ~]#把三个源码包放到downloads目录下
[root@centos7 ~]# mv openssh-9.9p1.tar.gz openssl-1.1.1w.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/openssh-rpms-main/downloads
mv: overwrite â/root/openssh-rpms-main/downloads/x11-ssh-askpass-1.2.4.1.tar.gzâ? y
[root@centos7 ~]# ls -lh /root/openssh-rpms-main/downloads
total 12M
-rw-r--r-- 1 root root 1.9M Jan 26 14:58 openssh-9.9p1.tar.gz
-rw-r--r-- 1 root root 9.5M Jan 26 15:24 openssl-1.1.1w.tar.gz
-rw-r--r-- 1 root root 29K Jan 26 15:24 x11-ssh-askpass-1.2.4.1.tar.gz
[root@centos7 ~]#安装依赖#
[root@centos7 ~]# yum groupinstall -y "Development Tools"
Loaded plugins: fastestmirror, langpacks
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package autoconf.noarch 0:2.69-11.el7 will be installed
--> Processing Dependency: m4 >= 1.4.14 for package: autoconf-2.69-11.el7.noarch
---> Package automake.noarch 0:1.13.4-3.el7 will be installed
--> Processing Dependency: perl(Thread::Queue) for package: automake-1.13.4-3.el7.noarch
--> Processing Dependency: perl(TAP::Parser) for package: automake-1.13.4-3.el7.noarch
---> Package bison.x86_64 0:3.0.4-2.el7 will be installed
。。。省略
Installed:
autoconf.noarch 0:2.69-11.el7 automake.noarch 0:1.13.4-3.el7 bison.x86_64 0:3.0.4-2.el7 byacc.x86_64 0:1.9.20130304-3.el7 cscope.x86_64 0:15.8-10.el7 ctags.x86_64 0:5.8-13.el7 diffstat.x86_64 0:1.57-4.el7
doxygen.x86_64 1:1.8.5-4.el7 flex.x86_64 0:2.5.37-6.el7 gcc.x86_64 0:4.8.5-44.el7 gcc-c++.x86_64 0:4.8.5-44.el7 gcc-gfortran.x86_64 0:4.8.5-44.el7 indent.x86_64 0:2.2.11-13.el7 intltool.noarch 0:0.50.2-7.el7
libtool.x86_64 0:2.4.2-22.el7_3 patch.x86_64 0:2.7.1-12.el7_7 patchutils.x86_64 0:0.3.3-5.el7_9 rcs.x86_64 0:5.9.0-7.el7 redhat-rpm-config.noarch 0:9.1.0-88.el7.centos rpm-build.x86_64 0:4.11.3-48.el7_9 rpm-sign.x86_64 0:4.11.3-48.el7_9
subversion.x86_64 0:1.7.14-16.el7 swig.x86_64 0:2.0.10-5.el7 systemtap.x86_64 0:4.0-13.el7
Dependency Installed:
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7_9.1 cpp.x86_64 0:4.8.5-44.el7 dwz.x86_64 0:0.11-3.el7 gettext-common-devel.noarch 0:0.19.8.1-3.el7 gettext-devel.x86_64 0:0.19.8.1-3.el7
glibc-devel.x86_64 0:2.17-326.el7_9.3 glibc-headers.x86_64 0:2.17-326.el7_9.3 kernel-debug-devel.x86_64 0:3.10.0-1160.119.1.el7 kernel-headers.x86_64 0:3.10.0-1160.119.1.el7 libgfortran.x86_64 0:4.8.5-44.el7 libquadmath.x86_64 0:4.8.5-44.el7
libquadmath-devel.x86_64 0:4.8.5-44.el7 libstdc++-devel.x86_64 0:4.8.5-44.el7 m4.x86_64 0:1.4.16-10.el7 perl-Test-Harness.noarch 0:3.28-3.el7 perl-Thread-Queue.noarch 0:3.02-2.el7 perl-XML-Parser.x86_64 0:2.41-10.el7
perl-srpm-macros.noarch 0:1-8.el7 python-srpm-macros.noarch 0:3-34.el7 subversion-libs.x86_64 0:1.7.14-16.el7 systemtap-client.x86_64 0:4.0-13.el7 systemtap-devel.x86_64 0:4.0-13.el7
Dependency Updated:
glibc.x86_64 0:2.17-326.el7_9.3 glibc-common.x86_64 0:2.17-326.el7_9.3
Complete!
[root@centos7 ~]# yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel perl perl-IPC-Cmd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Package rpm-build-4.11.3-48.el7_9.x86_64 already installed and latest version
Package 4:perl-5.16.3-299.el7_9.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package gtk2-devel.x86_64 0:2.24.31-1.el7 will be installed
--> Processing Dependency: pango-devel >= 1.20.0-1 for package: gtk2-devel-2.24.31-1.el7.x86_64
--> Processing Dependency: glib2-devel >= 2.28.0-1 for package: gtk2-devel-2.24.31-1.el7.x86_64
。。。省略
Updated:
libX11-devel.x86_64 0:1.6.7-5.el7_9
Dependency Updated:
expat.x86_64 0:2.1.0-15.el7_9 krb5-libs.x86_64 0:1.15.1-55.el7_9 libX11.x86_64 0:1.6.7-5.el7_9 libX11-common.noarch 0:1.6.7-5.el7_9 zlib.x86_64 0:1.2.7-21.el7_9
Complete!
[root@centos7 ~]#修改version.env变量#
把OPENSSLSRC和OPENSSHSRC修改成相应版本信息
[root@centos7 ~]# cat /root/openssh-rpms-main/version.env
# custom defined components
OPENSSLSRC=openssl-1.1.1w.tar.gz
OPENSSHSRC=openssh-9.9p1.tar.gz
PKGREL=1
ASKPASSSRC=x11-ssh-askpass-1.2.4.1.tar.gz
# for EL5 only
PERLSRC=perl-5.38.2.tar.gz
# version numbers extracting
OPENSSHVER=${OPENSSHSRC%%.tar.gz}
OPENSSHVER=${OPENSSHVER##openssh-}
OPENSSLVER=${OPENSSLSRC%%.tar.gz}
OPENSSLVER=${OPENSSLVER##openssl-}
PERLVER=${PERLSRC%%.tar.gz}
PERLVER=${PERLVER##perl-}
# Github Proxy, this arg is very useful for Chinese users.
# You can try this: https://github.akams.cn/
GH_PROXY=""
[root@centos7 ~]#开始编译生成安装包#
进入openssh-rpms-main程序目录使用compile.sh命令生成安装包,最后echo $?查看是否返回0正确
[root@centos7 ~]# cd openssh-rpms-main/
[root@centos7 openssh-rpms-main]# ./compile.sh el7
~/openssh-rpms-main/el7 ~/openssh-rpms-main
â/root/openssh-rpms-main/downloads/openssh-9.9p1.tar.gzâ -> â./SOURCES/openssh-9.9p1.tar.gzâ
â/root/openssh-rpms-main/downloads/openssl-1.1.1w.tar.gzâ -> â./SOURCES/openssl-1.1.1w.tar.gzâ
â/root/openssh-rpms-main/downloads/x11-ssh-askpass-1.2.4.1.tar.gzâ -> â./SOURCES/x11-ssh-askpass-1.2.4.1.tar.gzâ
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.Y0T3Io
+ umask 022
+ cd /root/openssh-rpms-main/el7/BUILD
+ cd /root/openssh-rpms-main/el7/BUILD
+ rm -rf openssh-9.9p1
+ /usr/bin/gzip -dc /root/openssh-rpms-main/el7/SOURCES/openssh-9.9p1.tar.gz
+ /usr/bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd openssh-9.9p1
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ mkdir -p openssl
+ tar xfz /root/openssh-rpms-main/el7/SOURCES/openssl-1.1.1w.tar.gz --strip-components=1 -C openssl
+ pushd openssl
~/openssh-rpms-main/el7/BUILD/openssh-9.9p1/openssl ~/openssh-rpms-main/el7/BUILD/openssh-9.9p1
+ ./config shared zlib -fPIC
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1w (0x1010117fL) for linux-x86_64
。。。省略
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/openssh-rpms-main/el7/BUILDROOT/openssh-9.9p1-1.el7.x86_64
Wrote: /root/openssh-rpms-main/el7/SRPMS/openssh-9.9p1-1.el7.src.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-9.9p1-1.el7.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-clients-9.9p1-1.el7.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-server-9.9p1-1.el7.x86_64.rpm
Wrote: /root/openssh-rpms-main/el7/RPMS/x86_64/openssh-debuginfo-9.9p1-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.9RqveV
+ umask 022
+ cd /root/openssh-rpms-main/el7/BUILD
+ cd openssh-9.9p1
+ rm -rf /root/openssh-rpms-main/el7/BUILDROOT/openssh-9.9p1-1.el7.x86_64
+ exit 0
~/openssh-rpms-main
[root@centos7 openssh-rpms-main]# echo $?
0
[root@centos7 openssh-rpms-main]#检查rpm升级包#
[root@centos7 openssh-rpms-main]# cd /root/openssh-rpms-main/el7/RPMS/x86_64/
[root@centos7 x86_64]# ls -lh
total 18M
-rw-r--r-- 1 root root 4.9M Jan 26 15:35 openssh-9.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 5.1M Jan 26 15:35 openssh-clients-9.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 4.5M Jan 26 15:35 openssh-debuginfo-9.9p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2.7M Jan 26 15:35 openssh-server-9.9p1-1.el7.x86_64.rpm
[root@centos7 x86_64]#备份配置文件#
[root@centos7 ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%Y%m%d)
[root@centos7 ~]# cp /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.$(date +%Y%m%d)
[root@centos7 ~]# cp /etc/pam.d/sshd /etc/pam.d/sshd.$(date +%Y%m%d)
[root@centos7 ~]#RPM升级#
[root@centos7 x86_64]# cd /root/openssh-rpms-main/el7/RPMS/x86_64
[root@centos7 x86_64]# rpm -ivh --force --nodeps --replacepkgs --replacefiles openssh-*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:openssh-9.9p1-1.el7 ################################# [ 25%]
2:openssh-clients-9.9p1-1.el7 ################################# [ 50%]
3:openssh-server-9.9p1-1.el7 ################################# [ 75%]
4:openssh-debuginfo-9.9p1-1.el7 ################################# [100%]
[root@centos7 x86_64]#修改ssh目录文件权限#
[root@centos7 x86_64]# ls -lh /etc/ssh
total 568K
-rw------- 1 root root 530K Jan 26 15:35 moduli
-rw-r--r-- 1 root root 1.6K Jan 26 15:35 ssh_config
-rw------- 1 root root 3.6K Jan 26 15:35 sshd_config
-rw------- 1 root root 3.9K Jan 26 16:13 sshd_config.20250126
-rw-r-----. 1 root ssh_keys 227 Mar 7 2023 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Mar 7 2023 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 387 Mar 7 2023 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 Mar 7 2023 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys 1.7K Mar 7 2023 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Mar 7 2023 ssh_host_rsa_key.pub
[root@centos7 x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@centos7 x86_64]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@centos7 x86_64]# chmod 600 /etc/ssh/ssh_host_ed25519_key
[root@centos7 x86_64]# ls -lh /etc/ssh
total 568K
-rw------- 1 root root 530K Jan 26 15:35 moduli
-rw-r--r-- 1 root root 1.6K Jan 26 15:35 ssh_config
-rw------- 1 root root 3.6K Jan 26 15:35 sshd_config
-rw------- 1 root root 3.9K Jan 26 16:13 sshd_config.20250126
-rw-------. 1 root ssh_keys 227 Mar 7 2023 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Mar 7 2023 ssh_host_ecdsa_key.pub
-rw-------. 1 root ssh_keys 387 Mar 7 2023 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 Mar 7 2023 ssh_host_ed25519_key.pub
-rw-------. 1 root ssh_keys 1.7K Mar 7 2023 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Mar 7 2023 ssh_host_rsa_key.pub
[root@centos7 x86_64]#重启服务并测试#
[root@centos7 x86_64]# systemctl restart sshd
[root@centos7 x86_64]#
[C:\~]$ ssh 192.168.17.70
#开启xshell客户端进行连接测试
Connecting to 192.168.17.70:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Sun Jan 26 15:31:03 2025 from 192.168.17.1
[root@centos7 ~]# ssh -V
OpenSSH_9.9p1, OpenSSL 1.1.1w 11 Sep 2023
[root@centos7 ~]# openssl version -a
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic
[root@centos7 ~]# /usr/sbin/sshd -V
OpenSSH_9.9p1, OpenSSL 1.1.1w 11 Sep 2023
[root@centos7 ~]#