自己制作OpenSSH 6.6p1 RPM包
yum -y install pam-devel rpm-build zlib-devel krb5-devel tcp_wrappers-devel tcp_wrappers mkdir -p /usr/src/redhat/{BUILD,RPMS,SOURCES,SPECS,SRPMS} echo '%_topdir /usr/src/redhat' > ~/.rpmmacros
下载OpenSSH-6.6的源码包放到/usr/src/redhat/SOURCES 目录下
cd /usr/src/redhat/SPECS/ tar xfz ../SOURCES/openssh-6.6p1.tar.gz openssh-6.6p1/contrib/redhat/openssh.spec mv openssh-6.6p1/contrib/redhat/openssh.spec . chown 74:74 openssh.spec sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec cp /etc/pam.d/sshd /tmp/sshd.pam.backup.$$ cd /usr/src/redhat/SPECS/ time rpmbuild -ba openssh.spec cd /usr/src/redhat/RPMS/x86_64/ rpm -e openssh-askpass rpm -Fvh openssh*6.6p1-1*rpm service sshd restart ssh -V
OpenSSH_6.6p1, OpenSSL 1.0.1e-fips 11 Feb 2013
或者直接下载附件中的rpm包安装即可。
5、openssh升级后无法登录报错
PAM unable todlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot openshared object
file: No such file or directory
解决:sshrpm 升级后会修改/etc/pam.d/sshd 文件。需要升级前备份此文件最后还原即可登录。
文件内容
#%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth