openeuler 22.03 制作openssh9.3p1 rpm升级包和升级实战
一、背景说明
openeuler 22.03 默认安装的openssh 版本为8.8p1,经绿盟扫描,存在高危漏洞,需要升级到最新。
官网只提供编译安装包,而openeuler 22.03 为rpm方式安装。
为了方便升级,先通过编译安装包,制作rpm包,并进行升级
如下为做好的rpm升级包,可直接下载使用:
openssh 9.3p1 for bclinux euler& openeuler22.03版本,及升级指引
https://download.csdn.net/download/qyq88888/87767381https://download.csdn.net/download/qyq88888/87767381
1.1 系统版本查看 cat /etc/os-release
[root@localhost ~]# cat /etc/os-release
NAME="openEuler"
VERSION="22.03 LTS"
ID="openEuler"
VERSION_ID="22.03"
PRETTY_NAME="openEuler 22.03 LTS"
ANSI_COLOR="0;31"[root@localhost ~]#
二、rpm包制作
2.1、安装制作的工具
配置yum源
[root@localhost ~]# cat /etc/yum.repos.d/iso.repo
[iso]
name=iso
baseurl=file:///iso
enabled=1
gpgcheck=0
[root@localhost ~]#
安装依赖包
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
下载并安装imake
下载imake包
wget https://mirror.nju.edu.cn/openeuler/openEuler-22.03-LTS/everything/x86_64/Packages/imake-1.0.7-17.oe2203.x86_64.rpm[root@localhost iso]# ls
imake-1.0.7-17.oe2203.x86_64.rpm openEuler-22.03-LTS-SP1-x86_64-dvd.iso
[root@localhost iso]# yum localinstall -y imake-1.0.7-17.oe2203.x86_64.rpm
Last metadata expiration check: 0:13:48 ago on 2023年05月09日 星期二 14时40分01秒.
Dependencies resolved.
===================================================================================================================================================================================================================Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:imake x86_64 1.0.7-17.oe2203 @commandline 240 kTransaction Summary
===================================================================================================================================================================================================================
Install 1 PackageTotal size: 240 k
Installed size: 1.2 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : imake-1.0.7-17.oe2203.x86_64 1/1 Verifying : imake-1.0.7-17.oe2203.x86_64 1/1 Installed:imake-1.0.7-17.oe2203.x86_64 Complete!
[root@localhost iso]#
yum install imake
验证imake是否安装成功
[root@localhost iso]# rpm -qa|grep imake
imake-1.0.7-17.oe2203.x86_64
[root@localhost iso]#
mkdir -p /root/rpmbuild/
cd /root/rpmbuild
mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
2.3 下载openssh9.3p1和x11-ssh-askpass-1.2.4.1.tar.gz
#将下载的文件放入SOURCES文件夹下
cd /root/rpmbuild/SOURCES/
#下载openssh9.3p1
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz#下载x11-ssh-askpass-1.2.4.1.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz重新制作openssh压缩包
因为下载的包缺一个sshd.pam.old,需要将现在系统的/etc/pam.d/sshd,拷到编译的目录中。如果没有改文件,后续编译会报错。
tar -xvzf openssh-9.3p1.tar.gz
cd /root/rpmbuild/SOURCES/openssh-9.3p1
cp /etc/pam.d/sshd /root/rpmbuild/SOURCES/openssh-9.3p1/contrib/redhat/sshd.pam.old
#回到SOURCE目录,重新tar包
cd ..
tar -zcpf openssh-9.3p1.tar.gz openssh-9.3p1
2.4 修改openssh.spec配置
#将openssh.spec配置文件拷贝到,编译目录下cp /root/rpmbuild/SOURCES/openssh-9.3p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/cd /root/rpmbuild/SPECS#修改openssh.spec配置#1.不生成askpass包cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpasscat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpasssed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec#2.解决openssl-devel < 1.1报错
cat /root/rpmbuild/SPECS/openssh.spec | grep openssl-devel
sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec#3.解决PreReq报错
cat /root/rpmbuild/SPECS/openssh.spec | grep PreReq
sed -i '/PreReq/s/^/#/' openssh.spec#4.解决Obsoletes报错
cat /root/rpmbuild/SPECS/openssh.spec | grep Obsoletes
sed -i '/Obsoletes:/s/^/#/' openssh.spec
2.5 编译源码包,制作成rpm包
cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec
提示
......
处理文件:openssh-debugsource-9.3p1-1.x86_64
Provides: openssh-debugsource = 9.3p1-1 openssh-debugsource(x86-64) = 9.3p1-1
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
检查未打包文件:/usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p1-1.x86_64
已写至:/root/rpmbuild/SRPMS/openssh-9.3p1-1.src.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p1-1.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-9.3p1-1.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-debugsource-9.3p1-1.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-server-9.3p1-1.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p1-1.x86_64.rpm
正在执行(%clean):/bin/sh -e /var/tmp/rpm-tmp.buozEu
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p1
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p1-1.x86_64
+ RPM_EC=0
++ jobs -p
+ exit 0
[root@localhost SPECS]#
[root@localhost SPECS]#
#编译完成后的软件在,debug的包不用下载安装
[root@localhost SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/
总用量 5.8M
-rw-r--r-- 1 root root 622K 5月 9 15:53 openssh-clients-9.3p1-1.x86_64.rpm
-rw-r--r-- 1 root root 620K 5月 9 15:53 openssh-9.3p1-1.x86_64.rpm
-rw-r--r-- 1 root root 715K 5月 9 15:53 openssh-debugsource-9.3p1-1.x86_64.rpm
-rw-r--r-- 1 root root 448K 5月 9 15:53 openssh-server-9.3p1-1.x86_64.rpm
-rw-r--r-- 1 root root 3.4M 5月 9 15:53 openssh-debuginfo-9.3p1-1.x86_64.rpm
[root@localhost SPECS]#
三、升级openssh
下载制作好的rpm后,上传到其他主机升级openssh。
3.1 升级前检查
[root@localhost SPECS]# rpm -qa|grep openssh
openssh-clients-8.8p1-2.oe2203.x86_64
openssh-8.8p1-2.oe2203.x86_64
openssh-server-8.8p1-2.oe2203.x86_64
[root@localhost SPECS]#
只用了3个rpm包
3.2 备份openssh配置文件
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.20230509
3.3 升级openssh
yum localinstall -y openssh-clients-9.3p1-1.x86_64.rpm openssh-9.3p1-1.x86_64.rpm openssh-server-9.3p1-1.x86_64.rpm
3.4 检查sshd的配置文件是否正常。
[root@localhost x86_64]# sshd -t
/etc/ssh/sshd_config line 142: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 144: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config: line 159: Bad configuration option: GSSAPIKexAlgorithms
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[root@localhost x86_64]#
报错159行有问题,将/etc/ssh/sshd_config第159行配置注释掉。
[root@localhost x86_64]# cat -n /etc/ssh/sshd_config|grep GSSAPIKexAlgorithms159 #GSSAPIKexAlgorithms gss-group14-sha256-,gss-group16-sha512-,gss-curve25519-sha256-
[root@localhost x86_64]#
3.5 重启sshd服务。
systemctl restart sshd
测试ssh测试登陆是否正常。
[root@localhost x86_64]# sshd -t
/etc/ssh/sshd_config line 142: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 144: Deprecated option RhostsRSAAuthentication
[root@localhost x86_64]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemonLoaded: loaded (/etc/rc.d/init.d/sshd; generated)Active: active (running) since Tue 2023-05-09 16:09:35 CST; 13s agoDocs: man:systemd-sysv-generator(8)Process: 2753559 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)Main PID: 2753588 (sshd)Tasks: 53 (limit: 47386)Memory: 4.4GCGroup: /system.slice/sshd.service├─ 977240 "nginx: master process ./nginx"├─ 977241 "nginx: worker process"├─2309235 "sshd: sudoroot [priv]"├─2309237 "sshd: sudoroot@pts/0"├─2309238 -bash├─2309296 sudo -i├─2309297 -bash├─2310076 "sshd: sudoroot [priv]"├─2310090 "sshd: sudoroot@pts/1"├─2310091 -bash├─2310149 sudo -i├─2310150 -bash├─2311240 "sshd: sudoroot [priv]"├─2311242 "sshd: sudoroot@pts/2,pts/3"├─2311243 -bash├─2311336 sudo -i├─2311337 -bash├─2311786 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2312598 -bash├─2312656 sudo -i├─2312657 -bash├─2313421 "sshd: gms [priv]" "" "" "" ""├─2313706 "sshd: gms@notty" "" "" "" "" ""├─2313719 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2313779 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2313834 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2313889 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2313969 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2314077 /usr/libexec/openssh/sftp-server -l INFO -f AUTH├─2748096 iostat 1├─2753588 "sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups"├─2753651 systemctl status sshd├─2753652 less├─2830851 "./bin/redis-server 10.1.4.239:7001 [cluster]"├─2830853 "./bin/redis-server 10.1.4.239:7002 [cluster]"├─2830855 "./bin/redis-server 10.1.4.239:7004 [cluster]"├─2830856 "./bin/redis-server 10.1.4.239:7005 [cluster]"└─2830857 "./bin/redis-server 10.1.4.239:7006 [cluster]"5月 09 16:09:34 localhost.localdomain systemd[1]: sshd.service: Found left-over process 2830857 (redis-server) in control group while starting unit. Ignoring.
5月 09 16:09:34 localhost.localdomain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
5月 09 16:09:34 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...
5月 09 16:09:35 localhost.localdomain sshd[2753559]: Starting sshd:
5月 09 16:09:35 localhost.localdomain sshd[2753581]: /etc/ssh/sshd_config line 142: Deprecated option RSAAuthentication
5月 09 16:09:35 localhost.localdomain sshd[2753581]: /etc/ssh/sshd_config line 144: Deprecated option RhostsRSAAuthentication
5月 09 16:09:35 localhost.localdomain sshd[2753588]: Server listening on 0.0.0.0 port 22.
5月 09 16:09:35 localhost.localdomain sshd[2753588]: Server listening on :: port 22.
5月 09 16:09:35 localhost.localdomain sshd[2753559]: [ 确定 ]
5月 09 16:09:35 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
[root@localhost x86_64]#
openeuler 22.03 制作openssh9.3p1 rpm升级包和升级实战相关推荐
- Kubeadm 快速搭建 k8s v1.24.1 集群(openEuler 22.03 LTS)
kubeadm 简介 kubeadm 是 Kubernetes(以下简称 k8s)官方提供的用于快速安装部署 k8s 集群的工具,伴随 k8s 每个版本的发布都会同步更新,kubeadm 会对集群配置 ...
- OpenEuler 22.03 安装NextCloud
一.系统配置 1.1 系统重命名与更新 sudo hostnamectl set-hostname 主机名 sudo reboot sudo dnf -y update setenforce 0 &a ...
- 基于 openEuler 22.09 版本构建的 NestOS 全新发布
2022 年 9 月,在麒麟软件和欧拉开源社区开发者的共同努力下,基于 openEuler 22.09 版本构建的 NestOS 全新发布!大家可在 NestOS 官网获取镜像(nestos.open ...
- Centos7制作openssh9.0rpm包与升级
一.制作openssh9.0.rpm包 1.yum安装编译依赖的组件 yum install -y rpm-build gcc gcc-c++ glibc glibc-devel openssl-de ...
- 体验华为操作系统 openEuler 20.03 LTS linux
安装华为linux openEuler 20.03 LTS 一直在用centos ,但redhat马上不再对其支持更新了,刚好华为发行了社区版linux(ps:难道是centos倒下,华为openEu ...
- openEuler 22.09环境二进制安装Kubernetes(k8s) v1.26
本文档描述了如何在openEuler 22.09上以二进制模式部署高可用Kubernetes集群(适用k8s v1.26版本). 注意:本文档中的所有操作均使用root权限执行. 1 部署环境 1.1 ...
- 循序渐进丨在openEuler 20.03操作系统上安装部署MogDB 2.1.1数据库
关于MogDB MogDB是云和恩墨基于openGauss开源数据库的内核进行研发,推出的一款安稳易用的企业级关系型数据库,具备金融级高可用和全密态计算的极致安全.面向多核处理器的极致性能.AI自诊断 ...
- 制作 mysql的rpm文件_自制mysql.rpm安装包
RPM安装比源码更快更方便,更利于统一版本,省去了繁琐的编译过程,下面以制作mysql的rpm安装包为例. 编译环境 1. 安装rpm-build: 检查是否配置rpm环境 1 # sudo yum ...
- openEuler 20.03 LTS面向RK3399移植系列(4)—验证和问题分析openEuler 20.03 LTS面向Firefly RK3399的第一个版本
任务动机:验证openEuler 20.03 LTS面向Firefly RK3399的第一个版本(Linux kernel 4.4),分析现存问题,提炼下一步移植工作的需求. 任务描述:按照<o ...
最新文章
- LINUX PAM验证机制
- 连接黑屏_连接百度Carlife后,MMI黑屏了?
- JavaScript使用localStorage缓存Js和css文件
- livewriter写Blog 神秘失踪?
- 近期“速卖通母婴行业需求暴增”,带你了解母婴行业选品趋势
- 技术圈鄙视链形成的真实原因?
- MongoDB 分片的原理、搭建、应用
- 在你的 Android App 里接入支付宝
- aws lambda使用_如何使用AWS Lambda为发布/订阅消息选择最佳事件源
- python关系运算符实例_python编程中最常用的比较运算符实例
- java实现复原IP地址_LeetCode 力扣 93. 复原IP地址
- LayaAir destroy 销毁与 removeChild 移除节点
- 给大家分享10个值得关注的C语言开源项目
- 快速排序c语言实现,快速排序——C语言实现
- 解决Ubuntu22.04wps打不开的问题
- 求1!+2!+3!+.......20!
- 【博客126】( 二 ) 使用libgc库来帮你管理内存
- Linux远程桌面连接,Xmanager 5实现远程调用CentOS7图形化界面
- Launcher2 快捷方式图标的圆角处理及解析
- bcb获取计算机名称,win7老电脑共享打印机无法连接0x00000bcb错误的修复方法