阿才的博客 首页时间线标签分类站点地图百度站点地图
Euler22.10构建OpenSSH RPM包
字数总计: 427|阅读时长: 2 分钟

基础环境配置

添加yum源

[extras]
name=extras
baseurl=https://mirrors.cmecloud.cn/bclinux/oe22.10/extras/x86_64/
gpgcheck=0
enabled=1
[epel]
name=epel
baseurl=https://mirrors.cmecloud.cn/epel/8/Everything/x86_64/
gpgcheck=0
enabled=1

安装依赖包

yum install rpm-build rpmrebuild

生成编译目录

rpmdev-setuptree

源码安装OpenSSL3

安装依赖包

sudo yum install zlib-devel

编译openssl3

wget https://github.com/openssl/openssl/releases/download/openssl-3.5.2/openssl-3.5.2.tar.gz
tar xf openssl-3.5.2.tar.gz
./config   --prefix=/usr/local/openssl3   --openssldir=/usr/local/openssl3/ssl   shared   zlib linux-x86_64
make -j$(nproc)
make install

配置ldconfig

cat > /etc/ld.so.conf.d/openssl-3.5.2.conf <<EOF
/usr/local/openssl3/lib64
EOF
ldconfig

验证openssl3版本

/usr/local/openssl3/bin/openssl version
OpenSSL 3.5.2 5 Aug 2025 (Library: OpenSSL 3.5.2 5 Aug 2025)

编译OpenSSH

安装依赖包

yum install libX11-devel gtk2-devel imake krb5-devel libXt-devel openssl-devel pam-devel

从源码获取openssh.spec

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.0p1.tar.gz
tar xf openssh-10.0p1.tar.gz
cp openssh-10.0p1/contrib/redhat/openssh.spec ~/rpmbuild/SPECS/
cp openssh-10.0p1.tar.gz /root/rpmbuild/SOURCES/
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/

检查依赖

yum builddep ~/rpmbuild/SPECS/openssh.spec

编译rpm包

rpmbuild -ba rpmbuild/SPECS/openssh.spec

升级OpenSSH10p1

备份sshd pam配置文件

cp /etc/pam.d/sshd /etc/pam.d/sshd.bak

安装openssl3

yum install openssl3

升级openssh10p1

yum install ./openssh-server-10.0p1-1.oe2203.bclinux.x86_64.rpm \
./openssh-clients-10.0p1-1.oe2203.bclinux.x86_64.rpm  \
./openssh-10.0p1-1.oe2203.bclinux.x86_64.rpm

修改文件权限

chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key

恢复sshd pam配置文件

cp /etc/pam.d/sshd.bak /etc/pam.d/sshd

重启sshd服务

systemctl restart sshd

验证openssh版本

ssh -V
OpenSSH_10.0p2, OpenSSL 3.2.2 4 Jun 2024

登陆节点观察/var/log/secure日志,检查是否有错误

文章作者: 慕容峻才
文章链接: https://www.acaiblog.top/Euler22-10构建OpenSSH-RPM包/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 阿才的博客
微信打赏
支付宝打赏