跨境派

跨境派

跨境派,专注跨境行业新闻资讯、跨境电商知识分享!

当前位置:首页 > 卖家故事 > CentOS 5/6/7 基于开源项目制作openssh 9.6p1 rpm包—— 筑梦之路

CentOS 5/6/7 基于开源项目制作openssh 9.6p1 rpm包—— 筑梦之路

时间:2024-03-31 17:30:50 来源:网络cs 作者:峨乐 栏目:卖家故事 阅读:

标签: 项目 
阅读本书更多章节>>>>

背景介绍

开源项目地址:https://github.com/boypt/openssh-rpms.git

该项目主要支持了centos 5 、6、7版本,针对使用了比较老的操作系统进行openssh安全加固,还是不错的项目,使用简单、一件制作,欢迎大家去支持作者。这里我来使用试试,并将过程进行记录。

环境说明

操作系统:CentOS Linux release 7.3.1611 (Core)

CPU架构:x86

内核版本:3.10.0-514.26.2.el7.x86_64

准备工作

1. 准备源码

# 准备源码wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gzwget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1w.tar.gzgit clone https://github.com/boypt/openssh-rpms.git# 将源码下载放到downloads目录下

2. 准备编译打包环境

yum groupinstall -y "Development Tools"yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel

3. 修改开源脚本

# 修改脚本pullsrc.sh# 第一处source version.env改为source ./version.env# 第二处wget OPENSSLSRCwget OPENSSHSRCwget ASKPASSSRC改为wget --no-check-certificate $OPENSSLMIR/$OPENSSLSRC wget --no-check-certificate $OPENSSHMIR/$OPENSSHSRCwget --no-check-certificate $ASKPASSMIR/$ASKPASSSRC修改脚本compile.shsource version.env改为source ./version.env
# 添加ssh-copy-id命令cd el7/SPECSvim  openssh.spec# 307 行后添加install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id# 390行后添加%attr(0755,root,root) %{_bindir}/ssh-copy-id
# 修改版本openssl的版本 version.envOPENSSLSRC修改为openssl-1.1.1w.tar.gz

 编译打包

cd openssh-rpms && ./compile.sh el7

打包完成后二进制rpm包在目录openssh-rpms/el7/RPMS/x86_64下,源码包在openssh-rpms/el7/SRPMS/下,稍后我将放到我的资源中,若有需要的可自行下载。资源名称为:openssh9.6-centos7.3-x86-64.tgz,资源地址:https://download.csdn.net/download/qq_34777982/88668870

安装测试

# 安装更新yum localinstall openssh-*.rpm # 授权chmod 600 /etc/ssh/ssh_host_*# 重启服务systemctl  restart sshd && systemctl  enable sshd --now# 检查服务状态systemctl status sshd

FAQ

1. 修改yum源

为什么要修改yum源,系统默认是最新的yum源,在安装依赖包的时候会升级版本和内核,而由于centos 7.3比较老,会出现诸多兼容性问题,因此我们需要将yum改为7.3的。

以下文件作为参考:

cat /etc/yum.repos.d/CentOS-Vault.repo # CentOS Vault contains rpms from older releases in the CentOS-7 # tree.#c7.3.1611[C7.3.1611-base]name=CentOS-7.3.1611 - Basebaseurl=http://vault.centos.org/7.3.1611/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-updates]name=CentOS-7.3.1611 - Updatesbaseurl=http://vault.centos.org/7.3.1611/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-extras]name=CentOS-7.3.1611 - Extrasbaseurl=http://vault.centos.org/7.3.1611/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-centosplus]name=CentOS-7.3.1611 - CentOSPlusbaseurl=http://vault.centos.org/7.3.1611/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.3.1611-fasttrack]name=CentOS-7.3.1611 - CentOSPlusbaseurl=http://vault.centos.org/7.3.1611/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1# C7.1.1503[C7.1.1503-base]name=CentOS-7.1.1503 - Basebaseurl=http://vault.centos.org/7.1.1503/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.1.1503-updates]name=CentOS-7.1.1503 - Updatesbaseurl=http://vault.centos.org/7.1.1503/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=1[C7.1.1503-extras]name=CentOS-7.1.1503 - Extrasbaseurl=http://vault.centos.org/7.1.1503/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.1.1503-centosplus]name=CentOS-7.1.1503 - CentOSPlusbaseurl=http://vault.centos.org/7.1.1503/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.1.1503-fasttrack]name=CentOS-7.1.1503 - CentOSPlusbaseurl=http://vault.centos.org/7.1.1503/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0# C7.2.1511[C7.2.1511-base]name=CentOS-7.2.1511 - Basebaseurl=http://vault.centos.org/7.2.1511/os/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-updates]name=CentOS-7.2.1511 - Updatesbaseurl=http://vault.centos.org/7.2.1511/updates/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-extras]name=CentOS-7.2.1511 - Extrasbaseurl=http://vault.centos.org/7.2.1511/extras/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-centosplus]name=CentOS-7.2.1511 - CentOSPlusbaseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0[C7.2.1511-fasttrack]name=CentOS-7.2.1511 - CentOSPlusbaseurl=http://vault.centos.org/7.2.1511/fasttrack/$basearch/gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7enabled=0

2. 查看防火墙状态

在未关闭selinux、firewalld防火墙的情况下仍然可以正常连接。 

阅读本书更多章节>>>>

本文链接:https://www.kjpai.cn/gushi/2024-03-31/151683.html,文章来源:网络cs,作者:峨乐,版权归作者所有,如需转载请注明来源和作者,否则将追究法律责任!

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。

上一篇:JS中‘${}‘什么意思

下一篇:返回列表

文章评论