热门标签
热门文章
- 1macos编写python_用Python编写macOS的基本键盘记录器
- 2企业微信 vue ios 出现 63002,INVALID SIGNATURE问题_ios应该怎么处理url 63002,invalid signature url
- 3安装anaconda并配置虚拟环境_anaconda虚拟环境
- 4Multiplexer and Demultiplexer(多路复用器和解复用器)_多输出解复用器
- 5怎么将tflite部署在安卓上_人工智能之手机端部署你的模型,让AI无处不在
- 68年测试经验,耗时一星期整理的40道自动化测试面试题(附精准答案),爆肝2W字.........._自动化专业面试问题及答案大全
- 7微信公众号、h5页面调用摄像头扫描二维码_微信公众号扫码要用摄像头
- 8【建议收藏】万字长文,教你发布鸿蒙(HarmonyOS)组件到Maven中央仓库,全网最全教程!_鸿蒙signout()如何引用
- 9TMS320F280049系列文章之第一章 获取相关组件(CCS软件及C2000Ware SDK)
- 10Java用正确的姿势写单元测试以及mock_java mock
当前位置: article > 正文
CentOS 5/6/7 基于开源项目制作openssh 9.6p1 rpm包—— 筑梦之路_centos6 openssh9.6rpm
作者:繁依Fanyi0 | 2024-03-22 06:12:14
赞
踩
centos6 openssh9.6rpm
背景介绍
开源项目地址:https://github.com/boypt/openssh-rpms.git
该项目主要支持了centos 5 、6、7版本,针对使用了比较老的操作系统进行openssh安全加固,还是不错的项目,使用简单、一件制作,欢迎大家去支持作者。这里我来使用试试,并将过程进行记录。
环境说明
操作系统:CentOS Linux release 7.3.1611 (Core)
CPU架构:x86
内核版本:3.10.0-514.26.2.el7.x86_64
准备工作
1. 准备源码
- # 准备源码
-
- wget --no-check-certificate https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz
-
- wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1w.tar.gz
-
- git clone https://github.com/boypt/openssh-rpms.git
-
- # 将源码下载放到downloads目录下
2. 准备编译打包环境
- yum groupinstall -y "Development Tools"
-
- yum install -y imake rpm-build pam-devel krb5-devel zlib-devel libXt-devel libX11-devel gtk2-devel
3. 修改开源脚本
- # 修改脚本pullsrc.sh
-
- # 第一处
-
- source version.env
-
- 改为
-
- source ./version.env
-
- # 第二处
-
- wget OPENSSLSRC
-
- wget OPENSSHSRC
-
- wget ASKPASSSRC
-
- 改为
-
- wget --no-check-certificate $OPENSSLMIR/$OPENSSLSRC
-
- wget --no-check-certificate $OPENSSHMIR/$OPENSSHSRC
-
- wget --no-check-certificate $ASKPASSMIR/$ASKPASSSRC
-
-
- 修改脚本compile.sh
-
- source version.env
-
- 改为
-
- source ./version.env
- # 添加ssh-copy-id命令
-
- cd el7/SPECS
-
- vim openssh.spec
-
- # 307 行后添加
-
- install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id
-
- # 390行后添加
-
- %attr(0755,root,root) %{_bindir}/ssh-copy-id
- # 修改版本openssl的版本 version.env
-
- OPENSSLSRC修改为openssl-1.1.1w.tar.gz
编译打包
cd openssh-rpms && ./compile.sh el7打包完成后二进制rpm包在目录openssh-rpms/el7/RPMS/x86_64下,源码包在openssh-rpms/el7/SRPMS/下,稍后我将放到我的资源中,若有需要的可自行下载。资源名称为:openssh9.6-centos7.3-x86-64.tgz,资源地址:https://download.csdn.net/download/qq_34777982/88668870
安装测试
- # 安装更新
-
- yum localinstall openssh-*.rpm
-
- # 授权
-
- chmod 600 /etc/ssh/ssh_host_*
-
- # 重启服务
-
- systemctl restart sshd && systemctl enable sshd --now
-
- # 检查服务状态
-
- systemctl status sshd
FAQ
1. 修改yum源
为什么要修改yum源,系统默认是最新的yum源,在安装依赖包的时候会升级版本和内核,而由于centos 7.3比较老,会出现诸多兼容性问题,因此我们需要将yum改为7.3的。
以下文件作为参考:
- cat /etc/yum.repos.d/CentOS-Vault.repo
- # CentOS Vault contains rpms from older releases in the CentOS-7
- # tree.
-
- #c7.3.1611
- [C7.3.1611-base]
- name=CentOS-7.3.1611 - Base
- baseurl=http://vault.centos.org/7.3.1611/os/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.3.1611-updates]
- name=CentOS-7.3.1611 - Updates
- baseurl=http://vault.centos.org/7.3.1611/updates/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.3.1611-extras]
- name=CentOS-7.3.1611 - Extras
- baseurl=http://vault.centos.org/7.3.1611/extras/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.3.1611-centosplus]
- name=CentOS-7.3.1611 - CentOSPlus
- baseurl=http://vault.centos.org/7.3.1611/centosplus/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.3.1611-fasttrack]
- name=CentOS-7.3.1611 - CentOSPlus
- baseurl=http://vault.centos.org/7.3.1611/fasttrack/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- # C7.1.1503
- [C7.1.1503-base]
- name=CentOS-7.1.1503 - Base
- baseurl=http://vault.centos.org/7.1.1503/os/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.1.1503-updates]
- name=CentOS-7.1.1503 - Updates
- baseurl=http://vault.centos.org/7.1.1503/updates/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=1
-
- [C7.1.1503-extras]
- name=CentOS-7.1.1503 - Extras
- baseurl=http://vault.centos.org/7.1.1503/extras/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.1.1503-centosplus]
- name=CentOS-7.1.1503 - CentOSPlus
- baseurl=http://vault.centos.org/7.1.1503/centosplus/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.1.1503-fasttrack]
- name=CentOS-7.1.1503 - CentOSPlus
- baseurl=http://vault.centos.org/7.1.1503/fasttrack/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- # C7.2.1511
- [C7.2.1511-base]
- name=CentOS-7.2.1511 - Base
- baseurl=http://vault.centos.org/7.2.1511/os/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.2.1511-updates]
- name=CentOS-7.2.1511 - Updates
- baseurl=http://vault.centos.org/7.2.1511/updates/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.2.1511-extras]
- name=CentOS-7.2.1511 - Extras
- baseurl=http://vault.centos.org/7.2.1511/extras/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.2.1511-centosplus]
- name=CentOS-7.2.1511 - CentOSPlus
- baseurl=http://vault.centos.org/7.2.1511/centosplus/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
-
- [C7.2.1511-fasttrack]
- name=CentOS-7.2.1511 - CentOSPlus
- baseurl=http://vault.centos.org/7.2.1511/fasttrack/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- enabled=0
2. 查看防火墙状态
在未关闭selinux、firewalld防火墙的情况下仍然可以正常连接。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/繁依Fanyi0/article/detail/285813
推荐阅读
相关标签
