#軟件源碼下載
x11-ssh-askpass-1.2.4.1.tar.gz
#備份原有配置文件
cp /etc/pam.d/sshd{,.bak.`date +"%Y%m%d%H%M%S"`}
cp /etc/ssh/ssh_config{,.bak.`date +"%Y%m%d%H%M%S"`}
cp /etc/ssh/sshd_config{,.bak.`date +"%Y%m%d%H%M%S"`}
#安裝依賴軟件
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y
#准備生成環境
mkdir -p /root/rpmbuild/{SOURCES,SPECS}
cp openssh-8.3p1.tar.gz /root/rpmbuild/SOURCES
cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SOURCES
tar -xvf openssh-8.3p1.tar.gz
cp openssh-8.3p1/contrib/redhat/openssh.spec ../SPECS/
#生成spec文件
chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec
cp /root/rpmbuild/SPECS/openssh.spec /root/rpmbuild/SPECS/openssh.spec_def
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
#編輯openssh.spec,找到添加划線的兩行
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
#取消openssl依賴
cd /root/rpmbuild/SPECS/
vi openssh.spec
注釋掉 BuildRequires: openssl-devel < 1.1
#生成openssh軟件
rpmbuild -ba openssh.spec
#找到生成的軟件包
cd /root/rpmbuild/RPMS/x86_64
#安裝生產的軟件(升級操作確定有其他登錄方式,防止斷開無法登錄)
yum install openssh*.rpm
#修改key文件權限,重啟sshd
cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
systemctl restart sshd