openeuler2203升级openssh9.4p1解决漏洞问题
openeuler2203升级openssh9.4p1解决漏洞问题
1,解决漏洞方法
使用rpmbuild将tar包打成rpm包,不喜欢编译升级的,使用RPM升级就方便多了。
想使用openssh的源码包编译安装的,参考这里:
OpenSSH-9.4p1 (linuxfromscratch.org)
2,准备编译环境
[root@centos7-31 ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
[root@centos7-31 ~]# dnf install imake -y
[root@centos7-31 ~]# mkdir -p /root/rpmbuild/
[root@centos7-31 ~]# cd /root/rpmbuild
[root@centos7-31 ~]# mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
3,下载软件包
[root@centos7-31 ~]# cd SOURCES/
[root@centos7-31 ~]# wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.4p1.tar.gz
[root@centos7-31 ~]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
4,解压软件包,修改相关配置文件,再重新打包
[root@centos7-31 ~]# tar zxvf openssh-9.4p1.tar.gz
[root@centos7-31 ~]# cd openssh-9.4p1/
[root@centos7-31 ~]# cp /etc/pam.d/sshd contrib/redhat/sshd.pam.old
注意这里还需要修改/root/rpmbuild/SOURCES/openssh-9.4p1/sshd_config文件内容,这样升级后就不修改系统的sshd_config的配置内容。
根据自己情况修改。
[root@centos7-31 ~]# cd /root/rpmbuild/SOURCES/
[root@centos7-31 ~]# tar -zcpf openssh-9.4p1.tar.gz openssh-9.4p1
5,修改打包配置文件。
#将openssh.spec配置文件拷贝到,编译目录下
cp /root/rpmbuild/SOURCES/openssh-9.4p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
cd /root/rpmbuild/SPECS
#修改openssh.spec配置
#1.不生成askpass包
cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpass
cat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpass
sed -i -e “s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g” openssh.spec
sed -i -e “s/%global no_x11_askpass 0/%global no_x11_askpass 1/g” openssh.spec
#2.解决openssl-devel < 1.1报错
cat /root/rpmbuild/SPECS/openssh.spec | grep openssl-devel
sed -i ‘/openssl-devel < 1.1/s/^/#/’ openssh.spec
#3.解决PreReq报错
cat /root/rpmbuild/SPECS/openssh.spec | grep PreReq
sed -i ‘/PreReq/s/^/#/’ openssh.spec
#4.解决Obsoletes报错
cat /root/rpmbuild/SPECS/openssh.spec | grep Obsoletes
sed -i ‘/Obsoletes:/s/^/#/’ openssh.spec
6,打包软件
[root@centos7-31 ~]# rpmbuild -ba openssh.spec
7,删除旧版软件,并安装openssh9.4p1
[root@centos7-31 ~]# cd /root/rpmbuild/RPMS/x86_64/
[root@centos7-31 ~]# rpm -Uvh openssh-*.rpm
或是使用以下命令删除旧软件包,再安装。
[root@centos7-31 ~]# rpm -e $(rpm -qa |grep openssh) --nodeps
[root@centos7-31 ~]# rpm -ivh openssh-*.rpm
8,检查配置文件内容是否有误,启用sshd服务
[root@centos7-31 ~]# sshd -t
[root@centos7-31 ~]# systemctl disable sshd
[root@centos7-31 ~]# systemctl enable sshd
[root@centos7-31 ~]# systemctl restart sshd
openssh9.4p1的rpm包下载地址
以下是openssh9.4p1的rpm包下载地址
openssh9.4.p1.zip
https://www.micoder.cc/attachment.php?fid=8660
以下是打包配置文件,使用此文件可解决没有ssh-copy-id命令的问题
- 点赞
- 收藏
- 关注作者
评论(0)