CentOS 5/6/7 基于开源项目制作openssh 9.6p1 rpm包—— 筑梦之路
时间:2024-03-31 17:30:50 来源:网络cs 作者:峨乐 栏目:卖家故事 阅读:
背景介绍
开源项目地址:https://github.com/boypt/openssh-rpms.git
该项目主要支持了centos 5 、6、7版本,针对使用了比较老的操作系统进行openssh安全加固,还是不错的项目,使用简单、一件制作,欢迎大家去支持作者。这里我来使用试试,并将过程进行记录。
环境说明
操作系统:CentOS Linux release 7.3.1611 (Core)
CPU架构:x86
内核版本:3.10.0-514.26.2.el7.x86_64
准备工作
1. 准备源码
# 准备源码wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gzwget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1w.tar.gzgit clone https://github.com/boypt/openssh-rpms.git# 将源码下载放到downloads目录下
2. 准备编译打包环境
yum groupinstall -y "Development Tools"yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel
3. 修改开源脚本
# 修改脚本pullsrc.sh# 第一处source version.env改为source ./version.env# 第二处wget OPENSSLSRCwget OPENSSHSRCwget ASKPASSSRC改为wget --no-check-certificate $OPENSSLMIR/$OPENSSLSRC wget --no-check-certificate $OPENSSHMIR/$OPENSSHSRCwget --no-check-certificate $ASKPASSMIR/$ASKPASSSRC修改脚本compile.shsource version.env改为source ./version.env
# 添加ssh-copy-id命令cd el7/SPECSvim openssh.spec# 307 行后添加install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id# 390行后添加%attr(0755,root,root) %{_bindir}/ssh-copy-id
# 修改版本openssl的版本 version.envOPENSSLSRC修改为openssl-1.1.1w.tar.gz
编译打包
cd openssh-rpms && ./compile.sh el7
打包完成后二进制rpm包在目录openssh-rpms/el7/RPMS/x86_64下,源码包在openssh-rpms/el7/SRPMS/下,稍后我将放到我的资源中,若有需要的可自行下载。资源名称为:openssh9.6-centos7.3-x86-64.tgz,资源地址:https://download.csdn.net/download/qq_34777982/88668870
安装测试
# 安装更新yum localinstall openssh-*.rpm # 授权chmod 600 /etc/ssh/ssh_host_*# 重启服务systemctl restart sshd && systemctl enable sshd --now# 检查服务状态systemctl status sshd
FAQ
1. 修改yum源
为什么要修改yum源,系统默认是最新的yum源,在安装依赖包的时候会升级版本和内核,而由于centos 7.3比较老,会出现诸多兼容性问题,因此我们需要将yum改为7.3的。
以下文件作为参考:
cat /etc/yum.repos.d/CentOS-Vault.repo # CentOS Vault contains rpms from older releases in the CentOS-7 # tree.#c7.3.1611[C7.3.1611-base]name=CentOS-7.3.1611 - Basebaseurl=http://vault.centos.org/7.3.1611/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-updates]name=CentOS-7.3.1611 - Updatesbaseurl=http://vault.centos.org/7.3.1611/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-extras]name=CentOS-7.3.1611 - Extrasbaseurl=http://vault.centos.org/7.3.1611/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-centosplus]name=CentOS-7.3.1611 - CentOSPlusbaseurl=http://vault.centos.org/7.3.1611/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-fasttrack]name=CentOS-7.3.1611 - CentOSPlusbaseurl=http://vault.centos.org/7.3.1611/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1# C7.1.1503[C7.1.1503-base]name=CentOS-7.1.1503 - Basebaseurl=http://vault.centos.org/7.1.1503/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.1.1503-updates]name=CentOS-7.1.1503 - Updatesbaseurl=http://vault.centos.org/7.1.1503/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.1.1503-extras]name=CentOS-7.1.1503 - Extrasbaseurl=http://vault.centos.org/7.1.1503/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.1.1503-centosplus]name=CentOS-7.1.1503 - CentOSPlusbaseurl=http://vault.centos.org/7.1.1503/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.1.1503-fasttrack]name=CentOS-7.1.1503 - CentOSPlusbaseurl=http://vault.centos.org/7.1.1503/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0# C7.2.1511[C7.2.1511-base]name=CentOS-7.2.1511 - Basebaseurl=http://vault.centos.org/7.2.1511/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-updates]name=CentOS-7.2.1511 - Updatesbaseurl=http://vault.centos.org/7.2.1511/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-extras]name=CentOS-7.2.1511 - Extrasbaseurl=http://vault.centos.org/7.2.1511/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-centosplus]name=CentOS-7.2.1511 - CentOSPlusbaseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-fasttrack]name=CentOS-7.2.1511 - CentOSPlusbaseurl=http://vault.centos.org/7.2.1511/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0
2. 查看防火墙状态
在未关闭selinux、firewalld防火墙的情况下仍然可以正常连接。
阅读本书更多章节>>>>本文链接:https://www.kjpai.cn/gushi/2024-03-31/151683.html,文章来源:网络cs,作者:峨乐,版权归作者所有,如需转载请注明来源和作者,否则将追究法律责任!
上一篇:JS中‘${}‘什么意思
下一篇:返回列表