当前位置: 首页 > 工具软件 > openauth.qa > 使用案例 >

华为欧拉openEuler制作openssh 9.1/9.2/9.3 p1 rpm——筑梦之路

葛玉堂
2023-12-01

环境说明:

操作系统:open Euler 22.03 lts 

平台架构:x86_64

安装选择:最小化安装

# 系统版本
cat /etc/openEuler-release 
openEuler release 22.03 LTS

# 默认ssh版本
ssh -V
OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021

# 内核

uname -a
Linux openEuler-200-32 5.10.0-60.18.0.50.oe2203.x86_64 #1 SMP Wed Mar 30 03:12:24 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

# 系统信息

cat /etc/os-release 
NAME="openEuler"
VERSION="22.03 LTS"
ID="openEuler"
VERSION_ID="22.03"
PRETTY_NAME="openEuler 22.03 LTS"
ANSI_COLOR="0;31"

华为欧拉操作系统下制作openssh 9.1 p1的过程和centos 6 下类似

可以参考:

https://blog.csdn.net/qq_34777982/article/details/123285874?csdn_share_tail=%7B%22type%22%3A%22blog%22%2C%22rType%22%3A%22article%22%2C%22rId%22%3A%22123285874%22%2C%22source%22%3A%22qq_34777982%22%7D

但由于是国产化系统,这里再将区别处记录一下。

1. 处理源码

tar -zxf openssh-9.1p1.tar.gz 

cd openssh-9.1p1/contrib/redhat/

cp -p sshd.pam sshd.pam.old

cp -p sshd.init sshd.init.old

cd ../../

#重新打包源码

tar -czf openssh-9.1p1.tar.gz openssh-9.1p1

2. 处理openssh.spec

注释的地方如下:

 94 #PreReq: initscripts >= 5.00

103 #BuildRequires: openssl-devel < 1.1

3. 手动创建目录

mkdir -p /root/rpmbuild/{SPECS,SOURCES}

4. 拷贝源码到目录

cp openssh-9.1p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/

5.切换目录进行rpm包制作

cd rpmbuild/SPECS/

rpmbuild -ba openssh.spec

6.查看构建的成果

tree RPMS/x86_64/
RPMS/x86_64/
├── openssh-9.1p1-1.x86_64.rpm
├── openssh-askpass-9.1p1-1.x86_64.rpm
├── openssh-askpass-gnome-9.1p1-1.x86_64.rpm
├── openssh-clients-9.1p1-1.x86_64.rpm
├── openssh-debuginfo-9.1p1-1.x86_64.rpm
├── openssh-debugsource-9.1p1-1.x86_64.rpm
└── openssh-server-9.1p1-1.x86_64.rpm

tree SRPMS/
SRPMS/
└── openssh-9.1p1-1.src.rpm

7.安装测试

升级安装只需要三个包:

openssh-9.1p1-1.x86_64.rpm
openssh-clients-9.1p1-1.x86_64.rpm
openssh-server-9.1p1-1.x86_64.rpm

# 备份配置文件
cp -p /etc/ssh /etc/ssh-backup
cp -p /etc/pam.d/sshd /etc/pam.d/sshd-backup

# 升级安装

yum localinstall *.rpm

# 覆盖/etc/pam.d/sshd
cat /etc/pam.d/sshd

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
## pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth


# 配置ssh

chmod 400 /etc/ssh/ssh_host_* 
echo 'UsePAM yes' >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

# 重启sshd服务
systemctl restaret sshd

# 验证测试连接即可

rpm -qa | grep openssh

openssh-server-9.1p1-1.x86_64
openssh-9.1p1-1.x86_64
openssh-clients-9.1p1-1.x86_64

ssh -V
OpenSSH_9.1p1, OpenSSL 1.1.1m  14 Dec 2021

systemctl status sshd | grep running
Active: active (running) since Fri 2022-10-21 10:59:17 CST; 11min ago
        └─2259192 grep --color=auto running

# selinux firewalld已关闭
默认openssh 8.8 源码包:

https://mirrors.aliyun.com/openeuler/openEuler-22.03-LTS/source/Packages/openssh-8.8p1-2.oe2203.src.rpm?spm=a2c6h.25603864.0.0.5af577788mpGLl

相关源码包和二进制rpm包,见我的资源

注意:请根据自己的环境测试验证后再上生产环境!!!!

openssh 9.2 版本rpm包制作过程一样,参考上面的步骤即可。 

 类似资料: