当前位置：首页 > news >正文

平凉市建设局门户网站国内wordpress免费主题

news 2025/11/5 6:52:43

平凉市建设局门户网站,国内wordpress免费主题,网站建设猴王网络有实力,怎么出售友情链接目前OpenSSH版本已至9.4#xff0c;其作为操作系统底层管理平台软件#xff0c;需要保持更新以免遭受安全攻击#xff0c;编译生成rpm包是生产环境中批量升级的最佳途径。编译软件包时与当前的运行环境有较大关系#xff0c;请注意本安装包系在CentOS6.10原生系统纯净系统下… 目前OpenSSH版本已至9.4其作为操作系统底层管理平台软件需要保持更新以免遭受安全攻击编译生成rpm包是生产环境中批量升级的最佳途径。编译软件包时与当前的运行环境有较大关系请注意本安装包系在CentOS6.10原生系统纯净系统下编译完成的。一、准备编译环境 1、发布一台虚拟机最小化安装CentOS6.10查看系统信息如下 [rootlocalhost ~]# cat /etc/redhat-release CentOS release 6.10 (Final) 2、查看系统所带openssl的版本信息 [rootlocalhost ~]# rpm -qa|grep openssh openssh-5.3p1-123.el6_9.x86_64 openssh-server-5.3p1-123.el6_9.x86_64 [rootlocalhost ~]# rpm -qa|grep openssl openssl-1.0.1e-57.el6.x86_64 3、修改系统源为阿里源 [rootlocalhost ~]# cd /etc/yum.repos.d/ [rootlocalhost yum.repos.d]# rm CentOS-* -rf [rootlocalhost yum.repos.d]# vi http.repo [rootlocalhost yum.repos.d]# cat http.repo [os] nameos baseurlhttps://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/ gpgcheck0 enabled1 [rootlocalhost yum.repos.d]# cd ~ [rootlocalhost ~]# yum repolist 已加载插件fastestmirror Determining fastest mirrors os | 3.7 kB 00:00 os/primary_db | 4.7 MB 00:04 仓库标识仓库名称状态 os os 6,713 repolist: 6,7134、准备相关目录及工具 [rootlocalhost ~]# cd ~ [rootlocalhost ~]# mkdir -p rpmbuild/{SOURCES,SPECS} [rootlocalhost ~]# yum install wget tree -y 已加载插件fastestmirror 设置安装进程 Loading mirror speeds from cached hostfile 解决依赖关系 -- 执行事务检查 --- Package tree.x86_64 0:1.5.3-3.el6 will be 安装 --- Package wget.x86_64 0:1.12-10.el6 will be 安装 -- 完成依赖关系计算依赖关系解决软件包架构版本仓库大小正在安装:tree x86_64 1.5.3-3.el6 os 36 kwget x86_64 1.12-10.el6 os 484 k事务概要Install 2 Package(s)总下载量520 k Installed size: 1.9 M 下载软件包 (1/2): tree-1.5.3-3.el6.x86_64.rpm | 36 kB 00:00 (2/2): wget-1.12-10.el6.x86_64.rpm | 484 kB 00:00 --------------------------------------------------------------------------------------------------------------------------------------------------------- 总计 799 kB/s | 520 kB 00:00 运行 rpm_check_debug 执行事务测试事务测试成功执行事务正在安装 : tree-1.5.3-3.el6.x86_64 1/2 正在安装 : wget-1.12-10.el6.x86_64 2/2 Verifying : wget-1.12-10.el6.x86_64 1/2 Verifying : tree-1.5.3-3.el6.x86_64 2/2 已安装:tree.x86_64 0:1.5.3-3.el6 wget.x86_64 0:1.12-10.el6 完毕 5、准备源文件 [rootlocalhost ~]# cd rpmbuild/SOURCES/ [rootlocalhost SOURCES]# wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.4p1.tar.gz --no-check-certificate ... 2023-09-05 18:33:37 (69.2 KB/s) - 已保存 “openssh-9.4p1.tar.gz” [1845094/1845094]) [rootlocalhost SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz ... 2023-09-05 18:41:14 (114 KB/s) - 已保存 “x11-ssh-askpass-1.2.4.1.tar.gz” [29229/29229]) [rootlocalhost SOURCES]# wget https://www.openssl.org/source/openssl-1.1.1v.tar.gz --no-check-certificate ... 2023-09-06 21:56:18 (901 KB/s) - 已保存 “openssl-1.1.1v.tar.gz” [9893443/9893443])[rootlocalhost SOURCES]# vi sshd.pam.el6 #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth sshd.pam.el6 [New] 13L, 575C written [rootlocalhost SOURCES]# cat sshd.pam.el6 #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth [rootlocalhost SOURCES]# ll 总用量 11504 -rw-r--r--. 1 root root 1845094 8月 10 11:15 openssh-9.4p1.tar.gz -rw-r--r--. 1 root root 9893443 8月 1 22:09 openssl-1.1.1v.tar.gz -rw-r--r--. 1 root root 575 9月 6 19:38 sshd.pam.el6 -rw-r--r--. 1 root root 29229 6月 26 2004 x11-ssh-askpass-1.2.4.1.tar.gz 6、安装编译工具 [rootlocalhost SOURCES]# cd ../SPECS [rootlocalhost SPECS]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel -y ... 已安装:gcc.x86_64 0:4.4.7-23.el6 openssl-devel.x86_64 0:1.0.1e-57.el6 pam-devel.x86_64 0:1.1.1-24.el6 perl-devel.x86_64 4:5.10.1-144.el6 rpm-build.x86_64 0:4.8.0-59.el6 zlib-devel.x86_64 0:1.2.3-29.el6 作为依赖被安装:cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-23.el6 db4-cxx.x86_64 0:4.7.25-22.el6 db4-devel.x86_64 0:4.7.25-22.el6 elfutils.x86_64 0:0.164-2.el6 gdb.x86_64 0:7.2-92.el6 gdbm-devel.x86_64 0:1.8.0-39.el6 glibc-devel.x86_64 0:2.12-1.212.el6 glibc-headers.x86_64 0:2.12-1.212.el6 kernel-headers.x86_64 0:2.6.32-754.el6 keyutils-libs-devel.x86_64 0:1.4-5.el6 krb5-devel.x86_64 0:1.10.3-65.el6 libcom_err-devel.x86_64 0:1.41.12-24.el6 libgomp.x86_64 0:4.4.7-23.el6 libkadm5.x86_64 0:1.10.3-65.el6 libselinux-devel.x86_64 0:2.0.94-7.el6 libsepol-devel.x86_64 0:2.0.41-4.el6 mpfr.x86_64 0:2.4.1-6.el6 patch.x86_64 0:2.6-8.el6_9 perl.x86_64 4:5.10.1-144.el6 perl-ExtUtils-MakeMaker.x86_64 0:6.55-144.el6 perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-144.el6 perl-Module-Pluggable.x86_64 1:3.90-144.el6 perl-Pod-Escapes.x86_64 1:1.04-144.el6 perl-Pod-Simple.x86_64 1:3.13-144.el6 perl-Test-Harness.x86_64 0:3.17-144.el6 perl-libs.x86_64 4:5.10.1-144.el6 perl-version.x86_64 3:0.77-144.el6 ppl.x86_64 0:0.10.2-11.el6 redhat-rpm-config.noarch 0:9.0.3-51.el6.centos unzip.x86_64 0:6.0-5.el6 xz.x86_64 0:4.999.9-0.5.beta.20091007git.el6 xz-lzma-compat.x86_64 0:4.999.9-0.5.beta.20091007git.el6完毕 7、生成源spec文件 [rootlocalhost SPECS]# vi openssh.spec [rootlocalhost SPECS]# cat openssh.spec %{?!opensslver: %global opensslver 1.1.1v} %{?!opensshver: %global opensshver 9.4p1} %define static_openssl 1# wheather to build openssl %global no_build_openssl 0#if defined openssl_dir, dont build it %{?openssl_dir:%global no_build_openssl 1}%global ver %{?opensshver} %global rel %{?opensshpkgrel}%{?dist}# OpenSSH privilege separation requires a user group ID %global sshd_uid 74 %global sshd_gid 74# Version of ssh-askpass %global aversion 1.2.4.1# Do we want to disable building of x11-askpass? (1yes 0no) %global no_x11_askpass 1# Do we want to disable building of gnome-askpass? (1yes 0no) %global no_gnome_askpass 1# Do we want to link against a static libcrypto? (1yes 0no) %global static_libcrypto 0# Do we want smartcard support (1yes 0no) %global scard 0# Use GTK2 instead of GNOME in gnome-ssh-askpass %global gtk2 1# Use build6x options for older RHEL builds # RHEL 7 not yet supported %if 0%{?rhel} 6 %global build6x 0 %else %global build6x 1 %endif%if 0%{?fedora} 26 %global compat_openssl 1 %else %global compat_openssl 0 %endif# Do we want kerberos5 support (1yes 0no) %global kerberos5 1# Reserve options to override askpass settings with: # rpm -ba|--rebuild --define skip_xxx 1 %{?skip_x11_askpass:%global no_x11_askpass 1} %{?skip_gnome_askpass:%global no_gnome_askpass 1}# Add option to build without GTK2 for older platforms with only GTK. # RedHat 7.2 and Red Hat Advanced Server 2.1 are examples. # rpm -ba|--rebuild --define no_gtk2 1 %{?no_gtk2:%global gtk2 0}# Is this a build for RHL 6.x or earlier? %{?build_6x:%global build6x 1}# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. %if %{build6x} %global _sysconfdir /etc %endif# Options for static OpenSSL link: # rpm -ba|--rebuild --define static_openssl 1 %{?static_openssl:%global static_libcrypto 1}# Options for Smartcard support: (needs libsectok and openssl-engine) # rpm -ba|--rebuild --define smartcard 1 %{?smartcard:%global scard 1}# Is this a build for the rescue CD (without PAM, with MD5)? (1yes 0no) %global rescue 0 %{?build_rescue:%global rescue 1}# Turn off some stuff for resuce builds %if %{rescue} %global kerberos5 0 %endifSummary: The OpenSSH implementation of SSH protocol version 2. Name: openssh Version: %{ver} %if %{rescue} Release: %{rel}rescue %else Release: %{rel} %endif URL: https://www.openssh.com/portable.html Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz Source2: sshd.pam.el6 %if ! %{no_build_openssl} Source3: https://www.openssl.org/source/openssl-%{opensslver}.tar.gz %endif License: BSD Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot Obsoletes: ssh %if %{build6x} PreReq: initscripts 5.00 %else Requires: initscripts 5.20 %endif BuildRequires: perl #%if %{compat_openssl} #BuildRequires: compat-openssl10-devel #%else #BuildRequires: openssl-devel 1.0.1 #BuildRequires: openssl-devel 1.1 #%endif BuildRequires: /bin/login %if ! %{build6x} BuildRequires: glibc-devel, pam %else BuildRequires: /usr/include/security/pam_appl.h %endif %if ! %{no_x11_askpass} BuildRequires: /usr/include/X11/Xlib.h # Xt development tools BuildRequires: libXt-devel # Provides xmkmf BuildRequires: imake # Rely on relatively recent gtk %if %{gtk2} BuildRequires: gtk2-devel %endif %endif %if ! %{no_gnome_askpass} BuildRequires: pkgconfig %endif %if %{kerberos5} BuildRequires: krb5-devel BuildRequires: krb5-libs %endif%package clients Summary: OpenSSH clients. Requires: openssh %{version}-%{release} Group: Applications/Internet Obsoletes: ssh-clients%package server Summary: The OpenSSH server daemon. Group: System Environment/Daemons Obsoletes: ssh-server Requires: openssh %{version}-%{release}, chkconfig 0.9 %if ! %{build6x} Requires: /etc/pam.d/system-auth %endif%package askpass Summary: A passphrase dialog for OpenSSH and X. Group: Applications/Internet Requires: openssh %{version}-%{release} Obsoletes: ssh-extras%package askpass-gnome Summary: A passphrase dialog for OpenSSH, X, and GNOME. Group: Applications/Internet Requires: openssh %{version}-%{release} Obsoletes: ssh-extras%description SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.OpenSSH is OpenBSDs version of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries.This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.%description clients OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers. Youll also need to install the openssh package on OpenSSH clients.%description server OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed.%description askpass OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains an X11 passphrase dialog for OpenSSH.%description askpass-gnome OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop environment.%prep%if ! %{no_x11_askpass} %setup -q -a 1 %else %setup -q %endif%if ! %{no_build_openssl} %define openssl_dir %{_builddir}/%{name}-%{version}/openssl mkdir -p openssl tar xfz %{SOURCE3} --strip-components1 -C openssl pushd openssl ./config shared zlib -fPIC make %{?_smp_mflags} popd %endif%build %if %{rescue} CFLAGS$RPM_OPT_FLAGS -Os; export CFLAGS %endifexport LD_LIBRARY_PATH%{openssl_dir} %configure \--sysconfdir%{_sysconfdir}/ssh \--libexecdir%{_libexecdir}/openssh \--datadir%{_datadir}/openssh \--with-default-path/usr/local/bin:/bin:/usr/bin \--with-superuser-path/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \--with-privsep-path%{_var}/empty/sshd \--with-md5-passwords \--mandir%{_mandir} \--with-mantypeman \--disable-strip \--with-ssl-dir%{openssl_dir} \ %if %{scard}--with-smartcard \ %endif %if %{rescue}--without-pam \ %else--with-pam \ %endif %if %{kerberos5}--with-kerberos5$K5DIR \ %endif%if %{static_libcrypto} #perl -pi -e s|-lcrypto|%{_libdir}/libcrypto.a|g Makefile perl -pi -e s|-lcrypto|%{openssl_dir}/libcrypto.a -lpthread|g Makefile %endifmake %{?_smp_mflags}%if ! %{no_x11_askpass} pushd x11-ssh-askpass-%{aversion} %configure --libexecdir%{_libexecdir}/openssh xmkmf -a make -j popd %endif# Define a variable to toggle gnome1/gtk2 building. This is necessary # because RPM doesnt handle nested %if statements. %if %{gtk2}gtk2yes %elsegtk2no %endif%if ! %{no_gnome_askpass} pushd contrib if [ $gtk2 yes ] ; thenmake gnome-ssh-askpass2mv gnome-ssh-askpass2 gnome-ssh-askpass elsemake gnome-ssh-askpass1mv gnome-ssh-askpass1 gnome-ssh-askpass fi popd %endif%install rm -rf $RPM_BUILD_ROOT mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshdmake install DESTDIR$RPM_BUILD_ROOT echo -e PubkeyAcceptedAlgorithms ssh-rsa\nUsePAM yes\nPermitRootLogin yes\nUseDNS no $RPM_BUILD_ROOT/etc/ssh/sshd_config install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/rc.d/init.d install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd%if ! %{no_x11_askpass} install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass %endif%if ! %{no_gnome_askpass} install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass %endif%if ! %{scard}rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin %endif%if ! %{no_gnome_askpass} install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ %endifperl -pi -e s|$RPM_BUILD_ROOT||g $RPM_BUILD_ROOT%{_mandir}/man*/*%clean rm -rf $RPM_BUILD_ROOT%triggerun server -- ssh-server if [ $1 ! 0 -a -r /var/run/sshd.pid ] ; thentouch /var/run/sshd.restart fi%triggerun server -- openssh-server 2.5.0p1 # Count the number of HostKey and HostDsaKey statements we have. gawk BEGIN {IGNORECASE1}/^hostkey/ || /^hostdsakey/ {sawhostkey sawhostkey 1}END {exit sawhostkey} /etc/ssh/sshd_config # And if we only found one, we know the client was relying on the old default # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasnt # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying # one nullifies the default, which would have loaded both. if [ $? -eq 1 ] ; thenecho HostKey /etc/ssh/ssh_host_rsa_key /etc/ssh/sshd_configecho HostKey /etc/ssh/ssh_host_dsa_key /etc/ssh/sshd_config fi%triggerpostun server -- ssh-server if [ $1 ! 0 ] ; then/sbin/chkconfig --add sshdif test -f /var/run/sshd.restart ; thenrm -f /var/run/sshd.restart/sbin/service sshd start /dev/null 21 || :fi fi%pre server %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2/dev/null || : %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \-g sshd -M -r sshd 2/dev/null || :%post server /sbin/chkconfig --add sshd%postun server /sbin/service sshd condrestart /dev/null 21 || :%preun server if [ $1 0 ] then/sbin/service sshd stop /dev/null 21 || :/sbin/chkconfig --del sshd fi%files %defattr(-,root,root) %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %if ! %{rescue} %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0755,root,root) %{_bindir}/ssh-copy-id %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0755,root,root) %dir %{_libexecdir}/openssh %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8* %endif %if %{scard} %attr(0755,root,root) %dir %{_datadir}/openssh %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin %endif%files clients %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/ssh %attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %if ! %{rescue} %attr(2755,root,nobody) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add %attr(0755,root,root) %{_bindir}/ssh-keyscan %attr(0755,root,root) %{_bindir}/sftp %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* %attr(0644,root,root) %{_mandir}/man1/sftp.1* %endif%if ! %{rescue} %files server %defattr(-,root,root) %dir %attr(0111,root,root) %{_var}/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0644,root,root) %{_mandir}/man8/sshd.8* %attr(0644,root,root) %{_mandir}/man5/moduli.5* %attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd %attr(0755,root,root) %config /etc/rc.d/init.d/sshd %endif%if ! %{no_x11_askpass} %files askpass %defattr(-,root,root) %doc x11-ssh-askpass-%{aversion}/README %doc x11-ssh-askpass-%{aversion}/ChangeLog %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad %{_libexecdir}/openssh/ssh-askpass %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass %endif%if ! %{no_gnome_askpass} %files askpass-gnome %defattr(-,root,root) %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.* %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass %endif[rootlocalhost SPECS]# 二、编译 1、编译 [rootlocalhost SPECS]# rpmbuild -bb openssh.spec warning: line 108: prereq is deprecated: PreReq: initscripts 5.00 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.zWPwajumask 022cd /root/rpmbuild/BUILDLANGCexport LANGunset DISPLAYcd /root/rpmbuild/BUILDrm -rf openssh-9.4p1/bin/tar -xf -/usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssh-9.4p1.tar.gzSTATUS0[ 0 -ne 0 ]cd openssh-9.4p1 ... Obsoletes: ssh-server Processing files: openssh-debuginfo-9.4p1-.el6.x86_64 Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.4p1-.el6.x86_64 Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.4p1-.el6.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.4p1-.el6.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.4p1-.el6.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.4p1-.el6.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.qcMTW9umask 022cd /root/rpmbuild/BUILDcd openssh-9.4p1rm -rf /root/rpmbuild/BUILDROOT/openssh-9.4p1-.el6.x86_64exit 0 [rootlocalhost SPECS]# 看到“ exit 0”表示编译成功。三、测试验证 1、安装新编译的openssh RPM包 [rootlocalhost SPECS]# cd /root/rpmbuild/RPMS/x86_64/ [rootlocalhost x86_64]# ll 总用量 15132 -rw-r--r--. 1 root root 4817808 9月 6 19:58 openssh-9.4p1-.el6.x86_64.rpm -rw-r--r--. 1 root root 4849872 9月 6 19:58 openssh-clients-9.4p1-.el6.x86_64.rpm -rw-r--r--. 1 root root 4362628 9月 6 19:58 openssh-debuginfo-9.4p1-.el6.x86_64.rpm -rw-r--r--. 1 root root 1451744 9月 6 19:58 openssh-server-9.4p1-.el6.x86_64.rpm [rootlocalhost x86_64]# yum install * 已加载插件fastestmirror 设置安装进程诊断 openssh-9.4p1-.el6.x86_64.rpm: openssh-9.4p1-.el6.x86_64 openssh-9.4p1-.el6.x86_64.rpm 将作为 openssh-5.3p1-123.el6_9.x86_64 的更新 Loading mirror speeds from cached hostfile 诊断 openssh-clients-9.4p1-.el6.x86_64.rpm: openssh-clients-9.4p1-.el6.x86_64 openssh-clients-9.4p1-.el6.x86_64.rpm 将被安装诊断 openssh-debuginfo-9.4p1-.el6.x86_64.rpm: openssh-debuginfo-9.4p1-.el6.x86_64 openssh-debuginfo-9.4p1-.el6.x86_64.rpm 将被安装诊断 openssh-server-9.4p1-.el6.x86_64.rpm: openssh-server-9.4p1-.el6.x86_64 openssh-server-9.4p1-.el6.x86_64.rpm 将作为 openssh-server-5.3p1-123.el6_9.x86_64 的更新解决依赖关系 -- 执行事务检查 --- Package openssh.x86_64 0:5.3p1-123.el6_9 will be 升级 --- Package openssh.x86_64 0:9.4p1-.el6 will be an update --- Package openssh-clients.x86_64 0:9.4p1-.el6 will be 安装 --- Package openssh-debuginfo.x86_64 0:9.4p1-.el6 will be 安装 --- Package openssh-server.x86_64 0:5.3p1-123.el6_9 will be 升级 --- Package openssh-server.x86_64 0:9.4p1-.el6 will be an update -- 完成依赖关系计算依赖关系解决软件包架构版本仓库大小正在安装:openssh-clients x86_64 9.4p1-.el6 /openssh-clients-9.4p1-.el6.x86_64 12 Mopenssh-debuginfo x86_64 9.4p1-.el6 /openssh-debuginfo-9.4p1-.el6.x86_64 17 M 正在升级:openssh x86_64 9.4p1-.el6 /openssh-9.4p1-.el6.x86_64 12 Mopenssh-server x86_64 9.4p1-.el6 /openssh-server-9.4p1-.el6.x86_64 3.5 M事务概要Install 2 Package(s) Upgrade 2 Package(s)总文件大小44 M 确定吗[y/N]y 下载软件包运行 rpm_check_debug 执行事务测试事务测试成功执行事务正在升级 : openssh-9.4p1-.el6.x86_64 1/6 正在升级 : openssh-server-9.4p1-.el6.x86_64 2/6 正在安装 : openssh-clients-9.4p1-.el6.x86_64 3/6 正在安装 : openssh-debuginfo-9.4p1-.el6.x86_64 4/6 清理 : openssh-server-5.3p1-123.el6_9.x86_64 5/6 清理 : openssh-5.3p1-123.el6_9.x86_64 6/6 Verifying : openssh-debuginfo-9.4p1-.el6.x86_64 1/6 Verifying : openssh-server-9.4p1-.el6.x86_64 2/6 Verifying : openssh-9.4p1-.el6.x86_64 3/6 Verifying : openssh-clients-9.4p1-.el6.x86_64 4/6 Verifying : openssh-5.3p1-123.el6_9.x86_64 5/6 Verifying : openssh-server-5.3p1-123.el6_9.x86_64 6/6 已安装:openssh-clients.x86_64 0:9.4p1-.el6 openssh-debuginfo.x86_64 0:9.4p1-.el6 更新完毕:openssh.x86_64 0:9.4p1-.el6 openssh-server.x86_64 0:9.4p1-.el6 完毕 2、版本验证可以将/root/rpmbuild/RPMS/x86_64下的软件包进行拷贝分发或放到http服务器共享。至此rpm包制作完成。 3、注意事项 openssh升级后加密算法最低要求256位因此升级openssh后低版本的客户端和CRT都将无法连接报以下错误 Key exchange failed. No compatible key-exchange method. The server supports these methods: sntrup761x25519-sha512openssh.com,curve25519-sha256,curve25519-sha256libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 此时其它未升级openssh的centos6服务器都连不上更新服务器的不要以为升级失败了只需将需要连接本服务器的主机的openssh-client也升级了即可。 Windows连接请升级SecureCRT到8.*.*版本同时会话属性中仅启用256或512位算法即可正常连接。可以看到连接是没有任何问题的。

查看全文

http://www.pierceye.com/news/50261/