Linux openssh rpm包制作

https://www.cnblogs.com/liweiming/p/11571841.html

https://blog.51cto.com/13654115/2452631?source=dra

制作6系統(tǒng)使用的包,在六系統(tǒng)上制作,制作7系統(tǒng)使用的包。在7系統(tǒng)上面制作,下載相關(guān)依賴包

yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y

yum install libXt* -y

yum install imake* -y

yum install gtk2* -y

mkdir -p /root/rpmbuild/{SOURCES,SPECS}

cd /root/rpmbuild/SOURCES

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

tar zxvf openssh-8.4p1.tar.gz? openssh-8.4p1/contrib/redhat/openssh.spec

mv openssh-8.4p1/contrib/redhat/openssh.spec ../SPECS/

chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec

cp /root/rpmbuild/SPECS/openssh.spec /root/rpmbuild/SPECS/openssh.spec_def

sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec

sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec

cd /root/rpmbuild/SPECS/

vi openssh.spec

注釋掉 BuildRequires: openssl-devel < 1.1 因?yàn)槟壳鞍惭b的版本都低于1.1

cd /root/rpmbuild/SPECS/

rpmbuild -ba openssh.spec

---需要修改ssh_config內(nèi)容

cp /etc/init.d/sshd /root/

cp /etc/pam.d/sshd /etc/pam.d/sshd.old

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old

cat /etc/pam.d/sshd.old > /etc/pam.d/sshd

cat /etc/ssh/sshd_config.old > /etc/ssh/sshd_config

ln -s /usr/lib64/libcrypto.so.1.0.1e? /usr/lib64/libcrypto.so.10

ln -s /usr/lib64/libcrypto.so.1.0.1e? /usr/lib64/libcrypto.so

ln -s /usr/lib64/libssl.so.1.0.1e /usr/lib64/libssl.so

ln -s /usr/lib64/libssl.so.1.0.1e /usr/lib64/libssl.so.10

ln -s libcrypto.so.1.0.1e? libcrypto.so

ln -s libssl.so.1.0.1e? libssl.so

rpm -Uvh *.rpm

rm -rf /etc/ssh/ssh_host_*key

/etc/init.d/sshd restart >/dev/null 2>&1

安裝注意:

########################################

Vi修改/etc/ssh/sshd_config文件,修改如下內(nèi)容:

#PermitRootLogin prohibit-password? 修改為PermitRootLogin yes

#UsePAM no 修改為? UsePAM yes

/etc/pam.d/sshd? 要覆蓋原來的文件? 不然密碼驗(yàn)證不通過

cp /etc/pam.d/sshd /etc/pam.d/sshdbak

https://www.openssl.org/source/

#!/bin/bash

##########################################################

##? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ##

## Script Name:install-openssh for Redhat-CenOS-6.0~7.6 ##

## By:Eren 2019-08-29? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ##

##? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ##

##########################################################

###

echo ---- config file copy ......Please Wait ----

cp /etc/pam.d/sshd /tmp/

cp /etc/ssh/sshd_config /tmp/

if [ $? == 1 ]

then

? ? echo "cp failed "? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?


? ? exit 0

fi

###

echo ---- install-openssh ......Please Wait ----

###

os=`cat /etc/redhat-release|sed -r 's/.* ([0-9]+)\..*/\1/'`

if [ $os == 6 ];then

? ? rpm -Uvh *el6*.rpm

else

? ? rpm -Uvh? *el7*.rpm

fi

echo ---- install-openssh installation is Complete ----

###

cat /tmp/sshd >? /etc/pam.d/sshd

cat /tmp/sshd_config > /etc/ssh/sshd_config

###

#sed -i '/#UsePAM no/a\UsePAM yes' /etc/ssh/sshd_config

###

rm -rf /etc/ssh/ssh_host_*key

/etc/init.d/sshd restart >/dev/null 2>&1

###

ssh -V

1 開始telnet

前期準(zhǔn)備,開啟telnet端口

mv /etc/securetty /etc/securetty.bak

vi /etc/xinetd.d/telnet

# disable? = yes

service xinetd restart

chkconfig --add sshd

chkconfig sshd on

chkconfig --list sshd

一、Failed to start SYSV: OpenSSH server daemon.

chmod 600 /etc/ssh/ssh_host_rsa_key

chmod 600 /etc/ssh/ssh_host_ecdsa_key

chmod 600 ssh_host_ed25519_key

二、經(jīng)過排查發(fā)現(xiàn)是ssh rpm 升級后會修改/etc/pam.d/sshd 文件,需要備份此文件,升級完還原此文件。還原后的文件內(nèi)容為:

https://blog.csdn.net/weixin_37565541/article/details/93488866

#%PAM-1.0

auth? ? ? required? ? pam_sepermit.so

auth? ? ? include? ? ? password-auth

account? ? required? ? pam_nologin.so

account? ? include? ? ? password-auth

password? include? ? ? password-auth

# pam_selinux.so close should be the first session rule

session? ? required? ? pam_selinux.so close

session? ? required? ? pam_loginuid.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session? ? required? ? pam_selinux.so open env_params

session? ? optional? ? pam_keyinit.so force revoke

session? ? include? ? ? password-auth

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容