1. 创建工作路径
mkdir -p /root/rpmbuild/{SOURCES,SPECS}
cp openssh-8.1p1.tar.gz /root/rpmbuild/SOURCES/
2. 下载源码包
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
3. 制作准备
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip
tar -zxf openssh-8.1p1.tar.gz
cp ./openssh-8.1p1/contrib/redhat/openssh.spec .
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
4. 制作rpm包
rpmbuild -ba openssh.spec
如果出现 错误:构建依赖失败: openssl-devel < 1.1 被 ?? 需要 解决方法:
vi openssh.spec 注释掉 BuildRequires: openssl-devel < 1.1 这一行
打包完成后
处理文件:openssh-server-8.1p1-1.el7.x86_64
Provides: config(openssh-server) = 8.1p1-1.el7 openssh-server = 8.1p1-1.el7 openssh-server(x86-64) = 8.1p1-1.el7
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib (PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/bash libc.so.6()(64bit) libc.so.6 (GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.16)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5) (64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6 (GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.6)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10() (64bit) libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit) libcrypto.so.10(OPENSSL_1.0.2)(64bit) libcrypto.so.10 (libcrypto.so.10)(64bit) libdl.so.2()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2 (gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) libz.so.1()(64bit) rtld (GNU_HASH)
Obsoletes: ssh-server
处理文件:openssh-debuginfo-8.1p1-1.el7.x86_64
Provides: openssh-debuginfo = 8.1p1-1.el7 openssh-debuginfo(x86-64) = 8.1p1-1.el7
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib (PayloadFilesHavePrefix) <= 4.0-1 rpmlib (CompressedFileNames) <= 3.0.4-1
检查未打包文件:/usr/lib/rpm/check-files /root/rpmbuild/ BUILDROOT/openssh-8.1p1-1.el7.x86_64
写道:/root/rpmbuild/SRPMS/openssh-8.1p1-1.el7.src.rpm
写道:/root/rpmbuild/RPMS/x86_64/ openssh-8.1p1-1.el7.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/ openssh-clients-8.1p1-1.el7.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/ openssh-server-8.1p1-1.el7.x86_64.rpm
写道:/root/rpmbuild/RPMS/x86_64/ openssh-debuginfo-8.1p1-1.el7.x86_64.rpm
执行(%clean): /bin/sh -e /var/tmp/rpm-tmp.0dMET2
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-8.1p1
+ rm -rf /root/rpmbuild/BUILDROOT/ openssh-8.1p1-1.el7.x86_64
+ exit 0
5. 安装包
cd /root/rpmbuild/RPMS/x86_64/
yum install ./openssh-* -y
chmod 400 /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
setenforece 0
vim /etc/ssh/sshd_config
设置UsePAM no
systemctl restart sshd
[root@localhost x86_64]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.2k-fips 26 Jan 2017
6. 可能出现的问题
sshd服务重启失败失败信息:
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
12月 06 15:31:02 localhost.localdomain sshd[19259]: It is required that your private key files are NOT accessible by oth12月 06 15:31:02 localhost.localdomain sshd[19259]: This private key will be ignored.
12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key "/etc/ssh/ ssh_host_ecdsa_key": bad permissio12月 06 15:31:02 localhost.localdomain sshd [19259]: Unable to load host key: /etc/ssh/ ssh_host_ecdsa_key
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
12月 06 15:31:02 localhost.localdomain sshd[19259]: It is required that your private key files are NOT accessible by oth12月 06 15:31:02 localhost.localdomain sshd[19259]: This private key will be ignored.
12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key "/etc/ssh/ ssh_host_ed25519_key": bad permiss12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
12月 06 15:31:02 localhost.localdomain sshd[19259]: sshd: no hostkeys available -- exiting.
12月 06 15:31:02 localhost.localdomain sshd[19259]: [失 败]
12月 06 15:31:02 localhost.localdomain systemd[1]: sshd.service: control process exited, code=exited status=1
12月 06 15:31:02 localhost.localdomain systemd[1]: Failed to start SYSV: OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/ listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
12月 06 15:31:02 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
12月 06 15:31:02 localhost.localdomain systemd[1]: sshd.service failed.
12月 06 15:31:02 localhost.localdomain polkitd[6249]: Unregistered Authentication Agent for unix-process:19253:222797 (slines 2125-2152/2152 (END)
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
12月 06 15:31:02 localhost.localdomain sshd[19259]: It is required that your private key files are NOT accessible by othe12月 06 15:31:02 localhost.localdomain sshd[19259]: This private key will be ignored.
12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key "/etc/ssh/ ssh_host_ecdsa_key": bad permission12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key: /etc/ssh/ ssh_host_ecdsa_key
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
12月 06 15:31:02 localhost.localdomain sshd[19259]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@
12月 06 15:31:02 localhost.localdomain sshd[19259]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
12月 06 15:31:02 localhost.localdomain sshd[19259]: It is required that your private key files are NOT accessible by othe12月 06 15:31:02 localhost.localdomain sshd[19259]: This private key will be ignored.
12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key "/etc/ssh/ ssh_host_ed25519_key": bad permissi12月 06 15:31:02 localhost.localdomain sshd[19259]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
12月 06 15:31:02 localhost.localdomain sshd[19259]: sshd: no hostkeys available -- exiting.
12月 06 15:31:02 localhost.localdomain sshd[19259]: [失 败]
12月 06 15:31:02 localhost.localdomain systemd[1]: sshd.service: control process exited, code=exited status=1
12月 06 15:31:02 localhost.localdomain systemd[1]: Failed to start SYSV: OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/ listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
解决方法
rm /etc/ssh/ssh_host_rsa_key
rm /etc/ssh/ssh_host_ecdsa_key
rm /etc/ssh/ssh_host_ed25519_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd
之后可能会出现密码正确却无法登录,或者直接无法连接
密码正确却无法登录解决方法:修改 /etc/pam.d/sshd 文件
vi /etc/pam.d/sshd
[root@localhost x86_64]# cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
## pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
无法登录:直接删掉用户目录下 .ssh/known_hosts
Windows 路径:C:\Users\(用户名)\.ssh\
Linux 路径: ~/.ssh/
7. 打包好的rpm
wget https://adbin.top/packages/openssh8.1p1.tar.gz
md5校验值:63D673CFF854F5FB1D77195E6F667D14