Update openssh7.9 on centos6

一、製作RPM安裝包
1）依賴安裝
yum install rpm-build gcc make wget openssl-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel

2）目錄創建
mkdir -p /usr/src/redhat/{SOURCES,SPECS}
cd /usr/src/redhat/SOURCES/

3）安裝文件下載
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.9.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

4）解壓編譯文件
cd /usr/src/redhat/SOURCES/
tar xfz openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec
mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/
chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec
cp /usr/src/redhat/SPECS/openssh.spec /usr/src/redhat/SPECS/openssh.spec_bak

5) 修改幾個配置選項 可選項
#關掉no_gnome_askpass no_x11_askpass這兩個參數
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
#查看修改了哪些參數
diff openssh.spec openssh.spec_bak

6）拷貝安裝軟件到預編譯目錄
mkdir -pv /root/rpmbuild/SOURCES/
cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz /root/rpmbuild/SOURCES/
cp /usrsrc/redhat/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
#執行編譯操作
cd /usr/src/redhat/SPECS/
rpmbuild -ba openssh.spec
#編譯後生成的目錄結構如下
tree -L 2 /root/rpmbuild/
/root/rpmbuild/
├── BUILD
│   └── openssh-7.9p1
├── BUILDROOT
├── RPMS
│   └── x86_64
├── SOURCES
│   ├── openssh-7.9p1.tar.gz
│   └── x11-ssh-askpass-1.2.4.1.tar.gz
├── SPECS
└── SRPMS
└── openssh-7.9p1-1.el6.src.rpm
#編譯後RPM包目錄
/root/rpmbuild/RPMS/x86_64/openssh-7.9p1-1.el6.x86_64.rpm
/root/rpmbuild/RPMS/x86_64/openssh-clients-7.9p1-1.el6.x86_64.rpm
/root/rpmbuild/RPMS/x86_64/openssh-debuginfo-7.9p1-1.el6.x86_64.rpm
/root/rpmbuild/RPMS/x86_64/openssh-server-7.9p1-1.el6.x86_64.rpm
#取出供其他機器安裝的RPM包
mkdir -pv /root/openssh7.9
cp /root/rpmbuild/RPMS/x86_64/{openssh-7.9p1-1.el6.x86_64.rpm,openssh-clients-7.9p1-1.el6.x86_64.rpm,openssh-server-7.9p1-1.el6.x86_64.rpm} /root/openssh7.9

6）自己打的rpm包下載地址，懶人可以直接下，centos6的！centos6的！centos6的！7別裝！
https://pan.baidu.com/s/1UNete3cn9tX5taQt30qnwg

二、利用RPM安裝包，升級openssh至7.9
1）查看系統已openssh安裝包版本
#如果曾經有手動編譯安裝，未必能查到信息
rpm -qa|grep openssh
2）查看查看已安裝老rpm包和待安裝新rpm版本有哪些文件
cd openssh新版rpm包的目錄
rpm -ql openssh-???.???p1
rpm -qpl openssh-7.9p1-1.el6.x86_64.rpm
rpm -ql openssh-clients-???.???p1
rpm -qpl openssh-clients-7.9p1-1.el6.x86_64.rpm
rpm -ql openssh-server-???.???p1
rpm -qpl openssh-server-7.9p1-1.el6.x86_64.rpm
3）選擇性備份一些配置
#備份原有的openssh服務
mkdir -pv /root/oppenssh_backup
cd /root/oppenssh_backup
tar -cvzf etc_ssh.tar.gz /etc/ssh
tar -cvzf etcpamd.tar.gz /etc/pam.d
cp /etc/pam.d/sshd /etc/pam.d/system-auth .
cp -p /etc/pam.d/sshd /etc/pam.d/sshddate +%Y%m%d
cp -p /etc/pam.d/system-auth /etc/pam.d/system-auth_date +%Y%m%d
一般來說rpm包安裝時遇到存在的同名配置文件，不會覆蓋。會把生成的同名文件重命名爲filename.rpmnew
4）升級安裝RPM
可能會由於各種原因爆炸，建議多開幾個ssh窗口，保險起見可以也安裝telnet並測試連接，保底openssh配置錯誤，服務器不會失聯
cd openssh新版rpm包的目錄
rpm -Uvh ./.rpm
5）按需修改配置文件
檢查/etc/pam.d/sshd /etc/pam.d/system-auth /etc/ssh/sshd.conf等是否爲升級之前的配置，被改了就備份一下新生成的配置文件，再利用備份的文件把配置文件替換回升級前的配置。
6）重啓sshd服務
#CentOS 6
service sshd restart
#CentOS 7
#systemctl restart sshd
7）重新連接查看版本
ssh -V