-
编译CentOS Stream 8系统的OpenSSHV9.4rpm安装包
目前OpenSSH版本已至9.4,其作为操作系统底层管理平台软件,需要保持更新以免遭受安全攻击,编译生成rpm包是生产环境中批量升级的最佳途径。编译软件包时与当前的运行环境有较大关系,请注意本安装包系在CentOS Stream 8原生系统纯净系统下编译完成的。实际本软件包可用于Anolis OS8.*/BClinux8U8等el8运行环境的Linux系统升级openssh。
一、准备编译环境:
1、发布一台虚拟机,最小化安装CentOS Stream 8,查看系统信息如下:
- [root@localhost ~]# cat /etc/os-release
- NAME="CentOS Stream"
- VERSION="8"
- ID="centos"
- ID_LIKE="rhel fedora"
- VERSION_ID="8"
- PLATFORM_ID="platform:el8"
- PRETTY_NAME="CentOS Stream 8"
- ANSI_COLOR="0;31"
- CPE_NAME="cpe:/o:centos:centos:8"
- HOME_URL="https://centos.org/"
- BUG_REPORT_URL="https://bugzilla.redhat.com/"
- REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
- REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
2、查看系统所带openssl的版本信息:
- [root@localhost ~]# ssh -V
- OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
- [root@localhost ~]# openssl version
- OpenSSL 1.1.1k FIPS 25 Mar 2021
- [root@localhost ~]# rpm -qa|grep openssh
- openssh-server-8.0p1-12.el8.x86_64
- openssh-8.0p1-12.el8.x86_64
- openssh-clients-8.0p1-12.el8.x86_64
3、查看系统源:
- [root@localhost ~]# cd /etc/yum.repos.d/
- [root@localhost yum.repos.d]# ll
- 总用量 44
- -rw-r--r--. 1 root root 713 1月 19 2022 CentOS-Stream-AppStream.repo
- -rw-r--r--. 1 root root 698 1月 19 2022 CentOS-Stream-BaseOS.repo
- -rw-r--r--. 1 root root 316 1月 19 2022 CentOS-Stream-Debuginfo.repo
- -rw-r--r--. 1 root root 698 1月 19 2022 CentOS-Stream-Extras.repo
- -rw-r--r--. 1 root root 734 1月 19 2022 CentOS-Stream-HighAvailability.repo
- -rw-r--r--. 1 root root 696 1月 19 2022 CentOS-Stream-Media.repo
- -rw-r--r--. 1 root root 683 1月 19 2022 CentOS-Stream-NFV.repo
- -rw-r--r--. 1 root root 718 1月 19 2022 CentOS-Stream-PowerTools.repo
- -rw-r--r--. 1 root root 690 1月 19 2022 CentOS-Stream-RealTime.repo
- -rw-r--r--. 1 root root 748 1月 19 2022 CentOS-Stream-ResilientStorage.repo
- -rw-r--r--. 1 root root 1771 1月 19 2022 CentOS-Stream-Sources.repo
- [root@localhost yum.repos.d]# mkdir old
- [root@localhost yum.repos.d]# mv *.repo old
- [root@localhost SOURCES]# mount /dev/cdrom /media
- mount: /media: WARNING: device write-protected, mounted read-only.
- [root@localhost SOURCES]# ll /media
- 总用量 30
- dr-xr-xr-x. 4 root root 2048 2月 15 2022 AppStream
- dr-xr-xr-x. 4 root root 2048 2月 15 2022 BaseOS
- dr-xr-xr-x. 3 root root 2048 2月 15 2022 EFI
- dr-xr-xr-x. 3 root root 2048 2月 15 2022 images
- dr-xr-xr-x. 2 root root 2048 2月 15 2022 isolinux
- -r--r--r--. 1 root root 18092 9月 14 2021 LICENSE
- -r--r--r--. 1 root root 88 2月 15 2022 media.repo
- -r--r--r--. 1 root root 883 2月 15 2022 TRANS.TBL
- [root@localhost SOURCES]# vi /etc/yum.repos.d/http.repo
- [root@localhost SOURCES]# cat /etc/yum.repos.d/http.repo
- [os]
- name=os
- baseurl=file:///media/BaseOS
- gpgcheck=0
- enabled=1
- [app]
- name=app
- baseurl=file:///media/AppStream
- gpgcheck=0
- enabled=1
- [root@localhost SOURCES]# dnf repolist
- 仓库 id 仓库名称
- app app
- os os
4、准备相关目录及工具
- [root@localhost ~]# cd ~
- [root@localhost ~]# mkdir -p rpmbuild/{SOURCES,SPECS}
- [root@localhost ~]# dnf install wget tree -y
- os 838 kB/s | 4.6 MB 00:05
- app 710 kB/s | 8.4 MB 00:12
- 上次元数据过期检查:0:00:01 前,执行于 2023年09月11日 星期一 04时02分54秒。
- 依赖关系解决。
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 安装:
- tree x86_64 1.7.0-15.el8 os 59 k
- wget x86_64 1.19.5-10.el8 app 734 k
- 安装依赖关系:
- libmetalink x86_64 0.1.3-7.el8 os 32 k
- 事务概要
- =========================================================================================================================================================
- 安装 3 软件包
- 总下载:825 k
- 安装大小:2.9 M
- 下载软件包:
- (1/3): libmetalink-0.1.3-7.el8.x86_64.rpm 116 kB/s | 32 kB 00:00
- (2/3): tree-1.7.0-15.el8.x86_64.rpm 192 kB/s | 59 kB 00:00
- (3/3): wget-1.19.5-10.el8.x86_64.rpm 532 kB/s | 734 kB 00:01
- ---------------------------------------------------------------------------------------------------------------------------------------------------------
- 总计 589 kB/s | 825 kB 00:01
- 运行事务检查
- 事务检查成功。
- 运行事务测试
- 事务测试成功。
- 运行事务
- 准备中 : 1/1
- 安装 : libmetalink-0.1.3-7.el8.x86_64 1/3
- 安装 : wget-1.19.5-10.el8.x86_64 2/3
- 运行脚本: wget-1.19.5-10.el8.x86_64 2/3
- 安装 : tree-1.7.0-15.el8.x86_64 3/3
- 运行脚本: tree-1.7.0-15.el8.x86_64 3/3
- 验证 : libmetalink-0.1.3-7.el8.x86_64 1/3
- 验证 : tree-1.7.0-15.el8.x86_64 2/3
- 验证 : wget-1.19.5-10.el8.x86_64 3/3
- 已安装:
- libmetalink-0.1.3-7.el8.x86_64 tree-1.7.0-15.el8.x86_64 wget-1.19.5-10.el8.x86_64
- 完毕!
5、 准备源文件
- [root@localhost ~]# cd rpmbuild/SOURCES/
- [root@localhost SOURCES]# wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.4p1.tar.gz --no-check-certificate
- --2023-09-11 04:04:04-- https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.4p1.tar.gz
- 正在解析主机 ftp.openbsd.org (ftp.openbsd.org)... 199.185.178.81
- 正在连接 ftp.openbsd.org (ftp.openbsd.org)|199.185.178.81|:443... 已连接。
- 已发出 HTTP 请求,正在等待回应... 200 OK
- 长度:1845094 (1.8M) [text/plain]
- 正在保存至: “openssh-9.4p1.tar.gz”
- openssh-9.4p1.tar.gz 100%[=========================================================================>] 1.76M 138KB/s 用时 16s
- 2023-09-11 04:04:22 (114 KB/s) - 已保存 “openssh-9.4p1.tar.gz” [1845094/1845094])
- [root@localhost SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
- --2023-09-11 04:04:24-- https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
- 正在解析主机 src.fedoraproject.org (src.fedoraproject.org)... 38.145.60.20, 38.145.60.21
- 正在连接 src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... 已连接。
- 已发出 HTTP 请求,正在等待回应... 200 OK
- 长度:29229 (29K) [application/x-gzip]
- 正在保存至: “x11-ssh-askpass-1.2.4.1.tar.gz”
- x11-ssh-askpass-1.2.4.1.tar.gz 100%[=========================================================================>] 28.54K 115KB/s 用时 0.2s
- 2023-09-11 04:04:26 (115 KB/s) - 已保存 “x11-ssh-askpass-1.2.4.1.tar.gz” [29229/29229])
- [root@localhost SOURCES]# cp /etc/pam.d/sshd sshd.pam.el8
- [root@localhost SOURCES]# ll
- 总用量 11504
- -rw-r--r--. 1 root root 1845094 8月 9 23:15 openssh-9.4p1.tar.gz
- -rw-r--r--. 1 root root 727 9月 11 04:04 sshd.pam.el8
- -rw-r--r--. 1 root root 29229 6月 25 2004 x11-ssh-askpass-1.2.4.1.tar.gz
- [root@localhost SOURCES]# cat sshd.pam.el8
- #%PAM-1.0
- auth substack password-auth
- auth include postlogin
- account required pam_sepermit.so
- account required pam_nologin.so
- account include password-auth
- password include password-auth
- # pam_selinux.so close should be the first session rule
- session required pam_selinux.so close
- session required pam_loginuid.so
- # pam_selinux.so open should only be followed by sessions to be executed in the user context
- session required pam_selinux.so open env_params
- session required pam_namespace.so
- session optional pam_keyinit.so force revoke
- session optional pam_motd.so
- session include password-auth
- session include postlogin
6、 安装编译工具
- [root@localhost SOURCES]# cd ../SPECS
- [root@localhost SPECS]# dnf install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel -y
- os 3.8 MB/s | 3.9 kB 00:00
- app 49 MB/s | 7.6 MB 00:00
- 依赖关系解决。
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 安装:
- gcc x86_64 8.5.0-10.el8 app 23 M
- openssl-devel x86_64 1:1.1.1k-5.el8_5 os 2.3 M
- pam-devel x86_64 1.3.1-16.el8 os 210 k
- perl-devel x86_64 4:5.26.3-421.el8 app 599 k
- rpm-build x86_64 4.14.3-21.el8 app 174 k
- zlib-devel x86_64 1.2.11-17.el8 os 58 k
- ...
- 已安装:
- annobin-10.29-3.el8.x86_64 binutils-2.30-113.el8.x86_64
- bzip2-1.0.6-26.el8.x86_64 cpp-8.5.0-10.el8.x86_64
- dwz-0.12-10.el8.x86_64 efi-srpm-macros-3-3.el8.noarch
- elfutils-0.186-1.el8.x86_64 gc-7.6.4-3.el8.x86_64
- gcc-8.5.0-10.el8.x86_64 gdb-headless-8.2-18.el8.x86_64
- ghc-srpm-macros-1.4.2-7.el8.noarch glibc-devel-2.28-189.el8.x86_64
- glibc-headers-2.28-189.el8.x86_64 go-srpm-macros-2-17.el8.noarch
- guile-5:2.0.14-7.el8.x86_64 isl-0.16.1-6.el8.x86_64
- kernel-headers-4.18.0-365.el8.x86_64 keyutils-libs-devel-1.5.10-9.el8.x86_64
- krb5-devel-1.18.2-14.el8.x86_64 libatomic_ops-7.6.2-3.el8.x86_64
- libbabeltrace-1.5.4-3.el8.x86_64 libcom_err-devel-1.45.6-3.el8.x86_64
- libipt-1.6.1-8.el8.x86_64 libkadm5-1.18.2-14.el8.x86_64
- libmpc-1.1.0-9.1.el8.x86_64 libpkgconf-1.4.2-1.el8.x86_64
- libselinux-devel-2.9-5.el8.x86_64 libsepol-devel-2.9-3.el8.x86_64
- libverto-devel-0.3.0-5.el8.x86_64 libxcrypt-devel-4.1.1-6.el8.x86_64
- ocaml-srpm-macros-5-4.el8.noarch openblas-srpm-macros-2-2.el8.noarch
- openssl-devel-1:1.1.1k-5.el8_5.x86_64 pam-devel-1.3.1-16.el8.x86_64
- patch-2.7.6-11.el8.x86_64 pcre2-devel-10.32-2.el8.x86_64
- pcre2-utf16-10.32-2.el8.x86_64 pcre2-utf32-10.32-2.el8.x86_64
- perl-CPAN-Meta-2.150010-396.el8.noarch perl-CPAN-Meta-Requirements-2.140-396.el8.noarch
- perl-CPAN-Meta-YAML-0.018-397.el8.noarch perl-Carp-1.42-396.el8.noarch
- perl-Data-Dumper-2.167-399.el8.x86_64 perl-Digest-1.17-395.el8.noarch
- perl-Digest-MD5-2.55-396.el8.x86_64 perl-Encode-4:2.97-3.el8.x86_64
- perl-Encode-Locale-1.05-10.module_el8.3.0+416+dee7bcef.noarch perl-Errno-1.28-421.el8.x86_64
- perl-Exporter-5.72-396.el8.noarch perl-ExtUtils-Command-1:7.34-1.el8.noarch
- perl-ExtUtils-Install-2.14-4.el8.noarch perl-ExtUtils-MakeMaker-1:7.34-1.el8.noarch
- perl-ExtUtils-Manifest-1.70-395.el8.noarch perl-ExtUtils-ParseXS-1:3.35-2.el8.noarch
- perl-File-Path-2.15-2.el8.noarch perl-File-Temp-0.230.600-1.el8.noarch
- perl-Getopt-Long-1:2.50-4.el8.noarch perl-HTTP-Tiny-0.074-1.el8.noarch
- perl-IO-1.38-421.el8.x86_64 perl-IO-Socket-IP-0.39-5.el8.noarch
- perl-IO-Socket-SSL-2.066-4.module_el8.4.0+517+be1595ff.noarch perl-JSON-PP-1:2.97.001-3.el8.noarch
- perl-MIME-Base64-3.15-396.el8.x86_64 perl-Math-BigInt-1:1.9998.11-7.el8.noarch
- perl-Math-Complex-1.59-421.el8.noarch perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch
- perl-Net-SSLeay-1.88-1.module_el8.4.0+517+be1595ff.x86_64 perl-PathTools-3.74-1.el8.x86_64
- perl-Pod-Escapes-1:1.07-395.el8.noarch perl-Pod-Perldoc-3.28-396.el8.noarch
- perl-Pod-Simple-1:3.35-395.el8.noarch perl-Pod-Usage-4:1.69-395.el8.noarch
- perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 perl-Socket-4:2.027-3.el8.x86_64
- perl-Storable-1:3.11-3.el8.x86_64 perl-Term-ANSIColor-4.06-396.el8.noarch
- perl-Term-Cap-1.17-395.el8.noarch perl-Test-Harness-1:3.42-1.el8.noarch
- perl-Text-ParseWords-3.30-395.el8.noarch perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch
- perl-Time-HiRes-4:1.9758-2.el8.x86_64 perl-Time-Local-1:1.280-1.el8.noarch
- perl-URI-1.73-3.el8.noarch perl-Unicode-Normalize-1.25-396.el8.x86_64
- perl-constant-1.33-396.el8.noarch perl-devel-4:5.26.3-421.el8.x86_64
- perl-interpreter-4:5.26.3-421.el8.x86_64 perl-libnet-3.11-3.el8.noarch
- perl-libs-4:5.26.3-421.el8.x86_64 perl-macros-4:5.26.3-421.el8.x86_64
- perl-parent-1:0.237-1.el8.noarch perl-podlators-4.11-1.el8.noarch
- perl-srpm-macros-1-25.el8.noarch perl-threads-1:2.21-2.el8.x86_64
- perl-threads-shared-1.58-2.el8.x86_64 perl-version-6:0.99.24-1.el8.x86_64
- pkgconf-1.4.2-1.el8.x86_64 pkgconf-m4-1.4.2-1.el8.noarch
- pkgconf-pkg-config-1.4.2-1.el8.x86_64 python-rpm-macros-3-41.el8.noarch
- python-srpm-macros-3-41.el8.noarch python3-pyparsing-2.1.10-7.el8.noarch
- python3-rpm-macros-3-41.el8.noarch qt5-srpm-macros-5.15.2-1.el8.noarch
- redhat-rpm-config-127-1.el8.noarch rpm-build-4.14.3-21.el8.x86_64
- rust-srpm-macros-5-2.el8.noarch systemtap-sdt-devel-4.6-4.el8.x86_64
- unzip-6.0-46.el8.x86_64 zip-3.0-23.el8.x86_64
- zlib-devel-1.2.11-17.el8.x86_64 zstd-1.4.4-1.el8.x86_64
- 完毕!
7、 生成源spec文件
- [root@localhost SPECS]# vi openssh.spec
- [root@localhost SPECS]# cat openssh.spec
- %global ver 9.4p1
- %global rel 1%{?dist}
- # OpenSSH privilege separation requires a user & group ID
- %global sshd_uid 74
- %global sshd_gid 74
- # Version of ssh-askpass
- %global aversion 1.2.4.1
- # Do we want to disable building of x11-askpass? (1=yes 0=no)
- %global no_x11_askpass 1
- # Do we want to disable building of gnome-askpass? (1=yes 0=no)
- %global no_gnome_askpass 1
- # Do we want to link against a static libcrypto? (1=yes 0=no)
- %global static_libcrypto 0
- # Do we want smartcard support (1=yes 0=no)
- %global scard 0
- # Use GTK2 instead of GNOME in gnome-ssh-askpass
- %global gtk2 1
- # Use build6x options for older RHEL builds
- # RHEL 7 not yet supported
- %if 0%{?rhel} > 6
- %global build6x 0
- %else
- %global build6x 1
- %endif
- %if 0%{?fedora} >= 26
- %global compat_openssl 1
- %else
- %global compat_openssl 0
- %endif
- # Do we want kerberos5 support (1=yes 0=no)
- %global kerberos5 1
- # Reserve options to override askpass settings with:
- # rpm -ba|--rebuild --define 'skip_xxx 1'
- %{?skip_x11_askpass:%global no_x11_askpass 1}
- %{?skip_gnome_askpass:%global no_gnome_askpass 1}
- # Add option to build without GTK2 for older platforms with only GTK+.
- # RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
- # rpm -ba|--rebuild --define 'no_gtk2 1'
- %{?no_gtk2:%global gtk2 0}
- # Is this a build for RHL 6.x or earlier?
- %{?build_6x:%global build6x 1}
- # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
- %if %{build6x}
- %global _sysconfdir /etc
- %endif
- # Options for static OpenSSL link:
- # rpm -ba|--rebuild --define "static_openssl 1"
- %{?static_openssl:%global static_libcrypto 1}
- # Options for Smartcard support: (needs libsectok and openssl-engine)
- # rpm -ba|--rebuild --define "smartcard 1"
- %{?smartcard:%global scard 1}
- # Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
- %global rescue 0
- %{?build_rescue:%global rescue 1}
- # Turn off some stuff for resuce builds
- %if %{rescue}
- %global kerberos5 0
- %endif
- Summary: The OpenSSH implementation of SSH protocol version 2.
- Name: openssh
- Version: %{ver}
- %if %{rescue}
- Release: %{rel}rescue
- %else
- Release: %{rel}
- %endif
- URL: https://www.openssh.com/portable.html
- Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
- Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
- Source2: sshd.pam.el8
- License: BSD
- Group: Applications/Internet
- BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
- Obsoletes: ssh
- %if %{build6x}
- PreReq: initscripts >= 5.00
- %else
- Requires: initscripts >= 5.20
- %endif
- BuildRequires: perl
- %if %{compat_openssl}
- BuildRequires: compat-openssl10-devel
- %else
- BuildRequires: openssl-devel >= 1.0.1
- #BuildRequires: openssl-devel < 1.1
- %endif
- BuildRequires: /bin/login
- %if ! %{build6x}
- BuildRequires: glibc-devel, pam
- %else
- BuildRequires: /usr/include/security/pam_appl.h
- %endif
- %if ! %{no_x11_askpass}
- BuildRequires: /usr/include/X11/Xlib.h
- # Xt development tools
- BuildRequires: libXt-devel
- # Provides xmkmf
- BuildRequires: imake
- # Rely on relatively recent gtk
- BuildRequires: gtk2-devel
- %endif
- %if ! %{no_gnome_askpass}
- BuildRequires: pkgconfig
- %endif
- %if %{kerberos5}
- BuildRequires: krb5-devel
- BuildRequires: krb5-libs
- %endif
- %package clients
- Summary: OpenSSH clients.
- Requires: openssh = %{version}-%{release}
- Group: Applications/Internet
- Obsoletes: ssh-clients
- %package server
- Summary: The OpenSSH server daemon.
- Group: System Environment/Daemons
- Obsoletes: ssh-server
- Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
- %if ! %{build6x}
- Requires: /etc/pam.d/system-auth
- %endif
- %package askpass
- Summary: A passphrase dialog for OpenSSH and X.
- Group: Applications/Internet
- Requires: openssh = %{version}-%{release}
- Obsoletes: ssh-extras
- %package askpass-gnome
- Summary: A passphrase dialog for OpenSSH, X, and GNOME.
- Group: Applications/Internet
- Requires: openssh = %{version}-%{release}
- Obsoletes: ssh-extras
- %description
- SSH (Secure SHell) is a program for logging into and executing
- commands on a remote machine. SSH is intended to replace rlogin and
- rsh, and to provide secure encrypted communications between two
- untrusted hosts over an insecure network. X11 connections and
- arbitrary TCP/IP ports can also be forwarded over the secure channel.
- OpenSSH is OpenBSD's version of the last free version of SSH, bringing
- it up to date in terms of security and features, as well as removing
- all patented algorithms to separate libraries.
- This package includes the core files necessary for both the OpenSSH
- client and server. To make this package useful, you should also
- install openssh-clients, openssh-server, or both.
- %description clients
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package includes
- the clients necessary to make encrypted connections to SSH servers.
- You'll also need to install the openssh package on OpenSSH clients.
- %description server
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package contains
- the secure shell daemon (sshd). The sshd daemon allows SSH clients to
- securely connect to your SSH server. You also need to have the openssh
- package installed.
- %description askpass
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package contains
- an X11 passphrase dialog for OpenSSH.
- %description askpass-gnome
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package contains
- an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
- environment.
- %prep
- %if ! %{no_x11_askpass}
- %setup -q -a 1
- %else
- %setup -q
- %endif
- %build
- %if %{rescue}
- CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
- %endif
- %configure \
- --sysconfdir=%{_sysconfdir}/ssh \
- --libexecdir=%{_libexecdir}/openssh \
- --datadir=%{_datadir}/openssh \
- --with-default-path=/usr/local/bin:/bin:/usr/bin \
- --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
- --with-privsep-path=%{_var}/empty/sshd \
- --mandir=%{_mandir} \
- --with-mantype=man \
- --disable-strip \
- %if %{scard}
- --with-smartcard \
- %endif
- %if %{rescue}
- --without-pam \
- %else
- --with-pam \
- %endif
- %if %{kerberos5}
- --with-kerberos5=$K5DIR \
- %endif
- %if %{static_libcrypto}
- perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
- %endif
- make
- %if ! %{no_x11_askpass}
- pushd x11-ssh-askpass-%{aversion}
- %configure --libexecdir=%{_libexecdir}/openssh
- xmkmf -a
- make
- popd
- %endif
- # Define a variable to toggle gnome1/gtk2 building. This is necessary
- # because RPM doesn't handle nested %if statements.
- %if %{gtk2}
- gtk2=yes
- %else
- gtk2=no
- %endif
- %if ! %{no_gnome_askpass}
- pushd contrib
- if [ $gtk2 = yes ] ; then
- make gnome-ssh-askpass2
- mv gnome-ssh-askpass2 gnome-ssh-askpass
- else
- make gnome-ssh-askpass1
- mv gnome-ssh-askpass1 gnome-ssh-askpass
- fi
- popd
- %endif
- %install
- rm -rf $RPM_BUILD_ROOT
- mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
- mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
- mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
- make install DESTDIR=$RPM_BUILD_ROOT
- install -d $RPM_BUILD_ROOT/etc/pam.d/
- install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
- install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
- %if %{build6x}
- install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
- %else
- install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
- install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/bin/ssh-copy-id
- %endif
- install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
- %if ! %{no_x11_askpass}
- install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
- ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
- %endif
- %if ! %{no_gnome_askpass}
- install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
- %endif
- %if ! %{scard}
- rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
- %endif
- %if ! %{no_gnome_askpass}
- install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
- install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
- install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
- %endif
- perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
- %clean
- rm -rf $RPM_BUILD_ROOT
- %triggerun server -- ssh-server
- if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
- touch /var/run/sshd.restart
- fi
- %triggerun server -- openssh-server < 2.5.0p1
- # Count the number of HostKey and HostDsaKey statements we have.
- gawk 'BEGIN {IGNORECASE=1}
- /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
- END {exit sawhostkey}' /etc/ssh/sshd_config
- # And if we only found one, we know the client was relying on the old default
- # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
- # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
- # one nullifies the default, which would have loaded both.
- if [ $? -eq 1 ] ; then
- echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
- echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
- fi
- %triggerpostun server -- ssh-server
- if [ "$1" != 0 ] ; then
- /sbin/chkconfig --add sshd
- if test -f /var/run/sshd.restart ; then
- rm -f /var/run/sshd.restart
- /sbin/service sshd start > /dev/null 2>&1 || :
- fi
- fi
- %pre server
- %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
- %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
- -g sshd -M -r sshd 2>/dev/null || :
- %post server
- /sbin/chkconfig --add sshd
- sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
- sed -i -e "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
- echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1" >>/etc/ssh/sshd_config
- chmod 600 /etc/ssh/ssh_*_key
- %postun server
- /sbin/service sshd condrestart > /dev/null 2>&1 || :
- %preun server
- if [ "$1" = 0 ]
- then
- /sbin/service sshd stop > /dev/null 2>&1 || :
- /sbin/chkconfig --del sshd
- fi
- %files
- %defattr(-,root,root)
- %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
- %attr(0755,root,root) %{_bindir}/scp
- %attr(0644,root,root) %{_mandir}/man1/scp.1*
- %attr(0755,root,root) %dir %{_sysconfdir}/ssh
- %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
- %if ! %{rescue}
- %attr(0755,root,root) %{_bindir}/ssh-keygen
- %attr(0755,root,root) %{_bindir}/ssh-copy-id
- %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
- %attr(0755,root,root) %dir %{_libexecdir}/openssh
- %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
- %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
- %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
- %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
- %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
- %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
- %endif
- %if %{scard}
- %attr(0755,root,root) %dir %{_datadir}/openssh
- %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
- %endif
- %files clients
- %defattr(-,root,root)
- %attr(0755,root,root) %{_bindir}/ssh
- %attr(0644,root,root) %{_mandir}/man1/ssh.1*
- %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
- %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
- %if ! %{rescue}
- %attr(2755,root,nobody) %{_bindir}/ssh-agent
- %attr(0755,root,root) %{_bindir}/ssh-add
- %attr(0755,root,root) %{_bindir}/ssh-keyscan
- %attr(0755,root,root) %{_bindir}/sftp
- %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
- %attr(0644,root,root) %{_mandir}/man1/sftp.1*
- %endif
- %if ! %{rescue}
- %files server
- %defattr(-,root,root)
- %dir %attr(0111,root,root) %{_var}/empty/sshd
- %attr(0755,root,root) %{_sbindir}/sshd
- %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
- %attr(0644,root,root) %{_mandir}/man8/sshd.8*
- %attr(0644,root,root) %{_mandir}/man5/moduli.5*
- %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
- %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
- %attr(0755,root,root) %dir %{_sysconfdir}/ssh
- %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
- %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
- %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
- %endif
- %if ! %{no_x11_askpass}
- %files askpass
- %defattr(-,root,root)
- %doc x11-ssh-askpass-%{aversion}/README
- %doc x11-ssh-askpass-%{aversion}/ChangeLog
- %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
- %{_libexecdir}/openssh/ssh-askpass
- %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
- %endif
- %if ! %{no_gnome_askpass}
- %files askpass-gnome
- %defattr(-,root,root)
- %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
- %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
- %endif
- [root@localhost SPECS]# tree ..
- ..
- ├── SOURCES
- │ ├── openssh-9.4p1.tar.gz
- │ ├── sshd.pam.el8
- │ └── x11-ssh-askpass-1.2.4.1.tar.gz
- └── SPECS
- └── openssh.spec
- 2 directories, 4 files
二、编译
1、编译
- [root@localhost SPECS]# rpmbuild -bb openssh.spec
- 警告:展开行 113 注释中的宏:%{compat_openssl}
- 错误:构建依赖失败:
- perl 被 openssh-9.4p1-.el8.x86_64 需要
- [root@localhost SPECS]# dnf install perl
- 上次元数据过期检查:0:04:29 前,执行于 2023年09月11日 星期一 04时17分36秒。
- 依赖关系解决。
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 安装:
- perl x86_64 4:5.26.3-421.el8 app 73 k
- 安装依赖关系:
- make x86_64 1:4.2.1-
- ...
- 已安装:
- make-1:4.2.1-11.el8.x86_64 perl-4:5.26.3-421.el8.x86_64
- perl-Algorithm-Diff-1.1903-9.el8.noarch perl-Archive-Tar-2.30-1.el8.noarch
- perl-Archive-Zip-1.60-3.el8.noarch perl-Attribute-Handlers-0.99-421.el8.noarch
- perl-B-Debug-1.26-2.el8.noarch perl-CPAN-2.18-397.el8.noarch
- perl-Compress-Bzip2-2.26-6.el8.x86_64 perl-Compress-Raw-Bzip2-2.081-1.el8.x86_64
- perl-Compress-Raw-Zlib-2.081-1.el8.x86_64 perl-Config-Perl-V-0.30-1.el8.noarch
- perl-DB_File-1.842-1.el8.x86_64 perl-Data-OptList-0.110-6.el8.noarch
- perl-Data-Section-0.200007-3.el8.noarch perl-Devel-PPPort-3.36-5.el8.x86_64
- perl-Devel-Peek-1.26-421.el8.x86_64 perl-Devel-SelfStubber-1.06-421.el8.noarch
- perl-Devel-Size-0.81-2.el8.x86_64 perl-Digest-SHA-1:6.02-1.el8.x86_64
- perl-Encode-devel-4:2.97-3.el8.x86_64 perl-Env-1.04-395.el8.noarch
- perl-ExtUtils-CBuilder-1:0.280230-2.el8.noarch perl-ExtUtils-Embed-1.34-421.el8.noarch
- perl-ExtUtils-MM-Utils-1:7.34-1.el8.noarch perl-ExtUtils-Miniperl-1.06-421.el8.noarch
- perl-File-Fetch-0.56-2.el8.noarch perl-File-HomeDir-1.002-4.el8.noarch
- perl-File-Which-1.22-2.el8.noarch perl-Filter-2:1.58-2.el8.x86_64
- perl-Filter-Simple-0.94-2.el8.noarch perl-IO-Compress-2.081-1.el8.noarch
- perl-IO-Zlib-1:1.10-421.el8.noarch perl-IPC-Cmd-2:1.02-1.el8.noarch
- perl-IPC-SysV-2.07-397.el8.x86_64 perl-IPC-System-Simple-1.25-17.el8.noarch
- perl-Locale-Codes-3.57-1.el8.noarch perl-Locale-Maketext-1.28-396.el8.noarch
- perl-Locale-Maketext-Simple-1:0.21-421.el8.noarch perl-MRO-Compat-0.13-4.el8.noarch
- perl-Math-BigInt-FastCalc-0.500.600-6.el8.x86_64 perl-Math-BigRat-0.2614-1.el8.noarch
- perl-Memoize-1.03-421.el8.noarch perl-Module-Build-2:0.42.24-5.el8.noarch
- perl-Module-CoreList-1:5.20181130-1.el8.noarch perl-Module-CoreList-tools-1:5.20181130-1.el8.noarch
- perl-Module-Load-1:0.32-395.el8.noarch perl-Module-Load-Conditional-0.68-395.el8.noarch
- perl-Module-Loaded-1:0.08-421.el8.noarch perl-Module-Metadata-1.000033-395.el8.noarch
- perl-Net-Ping-2.55-421.el8.noarch perl-Package-Generator-1.106-11.el8.noarch
- perl-Params-Check-1:0.38-395.el8.noarch perl-Params-Util-1.07-22.el8.x86_64
- perl-Perl-OSType-1.010-396.el8.noarch perl-PerlIO-via-QuotedPrint-0.08-395.el8.noarch
- perl-Pod-Checker-4:1.73-395.el8.noarch perl-Pod-Html-1.22.02-421.el8.noarch
- perl-Pod-Parser-1.63-396.el8.noarch perl-SelfLoader-1.23-421.el8.noarch
- perl-Software-License-0.103013-2.el8.noarch perl-Sub-Exporter-0.987-15.el8.noarch
- perl-Sub-Install-0.928-14.el8.noarch perl-Sys-Syslog-0.35-397.el8.x86_64
- perl-TermReadKey-2.37-7.el8.x86_64 perl-Test-1.30-421.el8.noarch
- perl-Test-Simple-1:1.302135-1.el8.noarch perl-Text-Balanced-2.03-395.el8.noarch
- perl-Text-Diff-1.45-2.el8.noarch perl-Text-Glob-0.11-4.el8.noarch
- perl-Text-Template-1.51-1.el8.noarch perl-Thread-Queue-3.13-1.el8.noarch
- perl-Time-Piece-1.31-421.el8.x86_64 perl-Unicode-Collate-1.25-2.el8.x86_64
- perl-autodie-2.29-396.el8.noarch perl-bignum-0.49-2.el8.noarch
- perl-encoding-4:2.22-3.el8.x86_64 perl-experimental-0.019-2.el8.noarch
- perl-inc-latest-2:0.500-9.el8.noarch perl-libnetcfg-4:5.26.3-421.el8.noarch
- perl-local-lib-2.000024-2.el8.noarch perl-open-1.11-421.el8.noarch
- perl-perlfaq-5.20180605-1.el8.noarch perl-utils-5.26.3-421.el8.noarch
- 完毕!
- [root@localhost SPECS]# rpmbuild -bb openssh.spec
- 正在执行(%prep):/bin/sh -e /var/tmp/rpm-tmp.01StAO
- + umask 022
- + cd /root/rpmbuild/BUILD
- + cd /root/rpmbuild/BUILD
- + rm -rf openssh-9.4p1
- + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssh-9.4p1.tar.gz
- + /usr/bin/tar -xof -
- + STATUS=0
- + '[' 0 -ne 0 ']'
- + cd openssh-9.4p1
- + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
- + exit 0
- 正在执行(%build):/bin/sh -e /var/tmp/rpm-tmp.3OTjIN
- + umask 022
- + cd /root/rpmbuild/BUILD
- + cd openssh-9.4p1
- ...
- Recommends: openssh-debugsource(x86-64) = 9.4p1-1.el8
- 检查未打包文件:/usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.4p1-1.el8.x86_64
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-clients-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-server-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-debugsource-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-clients-debuginfo-9.4p1-1.el8.x86_64.rpm
- 已写至:/root/rpmbuild/RPMS/x86_64/openssh-server-debuginfo-9.4p1-1.el8.x86_64.rpm
- 正在执行(%clean):/bin/sh -e /var/tmp/rpm-tmp.umYllQ
- + umask 022
- + cd /root/rpmbuild/BUILD
- + cd openssh-9.4p1
- + rm -rf /root/rpmbuild/BUILDROOT/openssh-9.4p1-1.el8.x86_64
- + exit 0
看到“+ exit 0”表示编译成功。
三、测试验证
1、安装新编译的openssh RPM包
- [root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64/
- [root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64
- [root@localhost x86_64]# dnf update *
- 上次元数据过期检查:1:26:58 前,执行于 2023年09月11日 星期一 04时17分36秒。
- 软件包 openssh-clients-debuginfo 未安装,无法更新。
- 未找到匹配的参数: openssh-clients-debuginfo-9.4p1-1.el8.x86_64.rpm
- 软件包 openssh-debuginfo 未安装,无法更新。
- 未找到匹配的参数: openssh-debuginfo-9.4p1-1.el8.x86_64.rpm
- 软件包 openssh-debugsource 未安装,无法更新。
- 未找到匹配的参数: openssh-debugsource-9.4p1-1.el8.x86_64.rpm
- 软件包 openssh-server-debuginfo 未安装,无法更新。
- 未找到匹配的参数: openssh-server-debuginfo-9.4p1-1.el8.x86_64.rpm
- 依赖关系解决。
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 升级:
- openssh x86_64 9.4p1-1.el8 @commandline 680 k
- openssh-clients x86_64 9.4p1-1.el8 @commandline 644 k
- openssh-server x86_64 9.4p1-1.el8 @commandline 469 k
- 事务概要
- =========================================================================================================================================================
- 升级 3 软件包
- 总计:1.8 M
- 确定吗?[y/N]: y
- 下载软件包:
- 运行事务检查
- 事务检查成功。
- 运行事务测试
- 事务测试成功。
- 运行事务
- 准备中 : 1/1
- 运行脚本: openssh-9.4p1-1.el8.x86_64 1/1
- 升级 : openssh-9.4p1-1.el8.x86_64 1/6
- 升级 : openssh-clients-9.4p1-1.el8.x86_64 2/6
- 运行脚本: openssh-server-9.4p1-1.el8.x86_64 3/6
- 升级 : openssh-server-9.4p1-1.el8.x86_64 3/6
- 运行脚本: openssh-server-9.4p1-1.el8.x86_64 3/6
- 运行脚本: openssh-server-8.0p1-12.el8.x86_64 4/6
- 清理 : openssh-server-8.0p1-12.el8.x86_64 4/6
- 运行脚本: openssh-server-8.0p1-12.el8.x86_64 4/6
- 清理 : openssh-clients-8.0p1-12.el8.x86_64 5/6
- 清理 : openssh-8.0p1-12.el8.x86_64 6/6
- 运行脚本: openssh-8.0p1-12.el8.x86_64 6/6
- 验证 : openssh-9.4p1-1.el8.x86_64 1/6
- 验证 : openssh-8.0p1-12.el8.x86_64 2/6
- 验证 : openssh-clients-9.4p1-1.el8.x86_64 3/6
- 验证 : openssh-clients-8.0p1-12.el8.x86_64 4/6
- 验证 : openssh-server-9.4p1-1.el8.x86_64 5/6
- 验证 : openssh-server-8.0p1-12.el8.x86_64 6/6
- 已升级:
- openssh-9.4p1-1.el8.x86_64 openssh-clients-9.4p1-1.el8.x86_64 openssh-server-9.4p1-1.el8.x86_64
- 完毕!
- [root@localhost x86_64]# systemctl restart sshd
- [root@localhost x86_64]# systemctl status sshd
- ● sshd.service - SYSV: OpenSSH server daemon
- Loaded: loaded (/etc/rc.d/init.d/sshd; generated)
- Active: active (running) since Mon 2023-09-11 05:44:45 EDT; 7s ago
- Docs: man:systemd-sysv-generator(8)
- Process: 111506 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
- Main PID: 111516 (sshd)
- Tasks: 1 (limit: 24686)
- Memory: 924.0K
- CGroup: /system.slice/sshd.service
- └─111516 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
- 9月 11 05:44:45 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...
- 9月 11 05:44:45 localhost.localdomain sshd[111513]: /sbin/restorecon: lstat(/etc/ssh/ssh_host_dsa_key.pub) failed: No such file or directory
- 9月 11 05:44:45 localhost.localdomain sshd[111516]: Server listening on 0.0.0.0 port 22.
- 9月 11 05:44:45 localhost.localdomain sshd[111516]: Server listening on :: port 22.
- 9月 11 05:44:45 localhost.localdomain sshd[111506]: Starting sshd:[ 确定 ]
- 9月 11 05:44:45 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
2、版本验证:
- Last login: Mon Sep 11 05:45:02 2023 from 192.168.80.1
- [root@localhost ~]# ssh -V
- OpenSSH_9.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
- [root@localhost ~]# sshd -V
- OpenSSH_9.4, OpenSSL 1.1.1k FIPS 25 Mar 2021
- [root@localhost ~]# rpm -qa |grep openssh
- openssh-9.4p1-1.el8.x86_64
- openssh-server-9.4p1-1.el8.x86_64
- openssh-clients-9.4p1-1.el8.x86_64
- [root@localhost ~]#
可以将/root/rpmbuild/RPMS/x86_64下的软件包进行拷贝分发或放到http服务器共享。至此,rpm包制作完成。
3、注意事项
openssh升级到9.*后加密算法最低要求256位,因此升级openssh后低版本的客户端和CRT都将无法连接,报以下错误:
Key exchange failed.
No compatible key-exchange method. The server supports these methods: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256此时其它未升级openssh的centos6服务器都连不上更新服务器的,不要以为升级失败了,只需将需要连接本服务器的主机的openssh-client也升级了即可。
Windows连接请升级SecureCRT到8.*.*版本,同时会话属性中仅启用256或512位算法,即可正常连接。
可以看到连接是没有任何问题的。
本人编译的成品包下载地址:openssh9.4p1 for el8
-
相关阅读:
LabVIEW通信-CAN
Redis技术
jedis实现分布式锁案例:
修改huggingface的缓存路径
HEVC参考帧技术
vue多级路由,实现前台,后台,登录注册界面同级
DXF读写:标注样式组码中文说明
Salesforce-Visualforce-1.概要(Get Started with Visualforce)
python+django车辆违章信息查询管理系统pycharm项目
javascript 赋值运算符、一元运算符、运算优先级详细解析与代码实例
- 原文地址:https://blog.csdn.net/forestqq/article/details/132800035