目录


 
环境
1、centos7.6
2、ssh7.4
image-1691499454597

1、安装相关依赖包

yum install wget rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip gcc-c++ libXt-devel imake gtk2-devel -y 

 

2、下载源码

mkdir -p /root/rpmbuild/{SOURCES,SPECS}
cd /root/rpmbuild/SOURCES
wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
tar zxvf openssh-8.6p1.tar.gz openssh-8.6p1/contrib/redhat/openssh.spec
mv openssh-8.0p1/contrib/redhat/openssh.spec ../SPECS/

 

3、修改配置文件

chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec 
cp /root/rpmbuild/SPECS/openssh.spec /root/rpmbuild/SPECS/openssh.spec_def
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec

 

4、打包安装

cd /root/rpmbuild/SPECS/
vi openssh.spec
#注释掉BuildRequires: openssl-devel < 1.1

rpmbuild -ba openssh.spec
cd /root/rpmbuild/RPMS/x86_64
rpm -Uvh *.rpm

 

5、修改配置文件,重启服务

vi  /etc/pam.d/sshd

修改为
#%PAM-1.0
auth    required   pam_sepermit.so
auth    include    password-auth
account   required   pam_nologin.so
account   include    password-auth
password  include    password-auth
## pam_selinux.so close should be the first session rule
session   required   pam_selinux.so close
session   required   pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session   required   pam_selinux.so open env_params
session   optional   pam_keyinit.so force revoke
session   include    password-auth

cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
systemctl restart sshd

 

6、升级完成

image-1691499478512

 
如若有错,烦请指出,感谢各位大佬。