#软件源码下载
x11-ssh-askpass-1.2.4.1.tar.gz
#备份原有配置文件
cp /etc/pam.d/sshd{,.bak.`date +"%Y%m%d%H%M%S"`}
cp /etc/ssh/ssh_config{,.bak.`date +"%Y%m%d%H%M%S"`}
cp /etc/ssh/sshd_config{,.bak.`date +"%Y%m%d%H%M%S"`}
#安装依赖软件
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y
#准备生成环境
mkdir -p /root/rpmbuild/{SOURCES,SPECS}
cp openssh-8.3p1.tar.gz /root/rpmbuild/SOURCES
cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SOURCES
tar -xvf openssh-8.3p1.tar.gz
cp openssh-8.3p1/contrib/redhat/openssh.spec ../SPECS/
#生成spec文件
chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec
cp /root/rpmbuild/SPECS/openssh.spec /root/rpmbuild/SPECS/openssh.spec_def
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
#编辑openssh.spec,找到添加划线的两行
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
#取消openssl依赖
cd /root/rpmbuild/SPECS/
vi openssh.spec
注释掉 BuildRequires: openssl-devel < 1.1
#生成openssh软件
rpmbuild -ba openssh.spec
#找到生成的软件包
cd /root/rpmbuild/RPMS/x86_64
#安装生产的软件(升级操作确定有其他登录方式,防止断开无法登录)
yum install openssh*.rpm
#修改key文件权限,重启sshd
cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
systemctl restart sshd