centos7.6 升級openssh8.8

文檔配視頻，效果更佳哦---->視頻傳送門[視頻教程]https://edu.51cto.com/lecturer/14390454.html

使用源碼制作openssh 8.8 的rpm包
操作系統：centos 7 x86_64 minal
工具軟件：rpm-build
源碼文件：openssh-8.7p1.tar.gz  x11-ssh-askpass-1.2.4.1.tar.gz
安裝前的版本查看：
[root@web01 SPECS]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

#下載包文件
[root@web01 ~]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
 
[root@web01 ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
 
#安裝依賴包
 
[root@web01 ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel xmkmf libXt-devel gtk2-devel make libXt-devel imake gtk2-devel -y
 
#拷貝源碼包到響應目錄
mkdir -p /root/pmbuild/SOURCES
cp openssh-8.8p1.tar.gz  x11-ssh-askpass-1.2.4.1.tar.gz /root/pmbuild/SOURCES
 
#解壓源碼包 拷貝openssh.spec進行修改
tar xf openssh-8.8p1.tar.gz  
mkdir -p /root/rpmbuild/SPECS/
cp openssh-8.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@web01 ~]# cd /root/rpmbuild/SPECS/
[root@web01 SPECS]# vim openssh.spec 
....................
注釋#BuildRequires: openssl-devel < 1.1
 
#制作rpm包
[root@web01 ~]# cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
[root@web01 ~]# cp openssh-8.8p1.tar.gz /root/rpmbuild/SOURCES/
[root@web01 ~]# cd /root/rpmbuild/SPECS/
#初始化rpm制作環境
[root@web01 SPECS]# rpmbuild -ba openssh.spec

待制作完成，生成的rpm包在目錄/root/rpmbuild/RPMS/x86_64/
[root@web01 SPECS]# cd /root/rpmbuild/RPMS/x86_64/
[root@web01 x86_64]# ls -lt
total 4888
-rw-r--r-- 1 root root 3173128 Oct 27 21:43 openssh-debuginfo-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   25560 Oct 27 21:43 openssh-askpass-gnome-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   44320 Oct 27 21:43 openssh-askpass-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  461500 Oct 27 21:43 openssh-server-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  586992 Oct 27 21:43 openssh-clients-8.8p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  701516 Oct 27 21:43 openssh-8.8p1-1.el7.x86_64.rpm

#只需要三個包即可
openssh-server-8.8p1-1.el7.x86_64.rpm   
openssh-clients-8.8p1-1.el7.x86_64.rpm
openssh-8.8p1-1.el7.x86_64.rpm

• 升級（單台測試）

########安裝升級測試###################################################################
 
[root@web01 x86_64]# yum localinstall ./*.rpm
#重啟服務
[root@web01 x86_64]# systemctl restart sshd
 
#授權
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config  #允許root遠程登錄
 
#配置認證 (添加下列配置到文件中)
[root@web01 x86_64]# vim /etc/pam.d/sshd 
[root@web01 x86_64]# cat /etc/pam.d/sshd 
#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
### pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
### pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

 
#重啟服務
[root@web01 x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@web01 x86_64]# systemctl restart sshd && systemctl enable sshd
sshd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig sshd on

#查看版本
[root@web01 SPECS]# ssh -V
OpenSSH_8.8p1, OpenSSL 1.0.2k-fips  26 Jan 2017

• ansible批量服務器升級

#思路（挺簡單的）