Mise à jour
[root@node01-ssh ~]# dnf update -y
Etat initial
[root@node01-ssh ~]# ssh -V
[root@node01-ssh ~]# cat /etc/os-release
Dépendance nécessaire
[root@node-hadoop01 ~]# dnf install -y pam-devel rpm-build rpmdevtools zlib-devel openssl-devel krb5-devel gcc wget gtk2-devel libXt-devel [root@node-hadoop01 ~]# dnf -y install libX11-devel perl [root@node-hadoop01 ~]# dnf --enablerepo=powertools install imake
Récupération des sources
[root@node-hadoop01 ~]# mkdir -p ~/rpmbuild/SOURCES && cd ~/rpmbuild/SOURCES
Source openssh
[root@node01-ssh SOURCES]# wget -c https://ftp.lip6.fr/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz [root@node01-ssh SOURCES]# wget -c https://ftp.lip6.fr/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz.asc
Source askpass
- https://mirrors.slackware.com/slackware/slackware-14.2/source/xap/x11-ssh-askpass/x11-ssh-askpass-1.2.4.1.tar.gz.mirrorlist
[root@node01-ssh SOURCES]# wget -c https://mirror.de.leaseweb.net/slackware/slackware-14.2/source/xap/x11-ssh-askpass/x11-ssh-askpass-1.2.4.1.tar.gz
Préparation du fichier spec
[root@node01-ssh SOURCES]# version=9.3p1 [root@node01-ssh SOURCES]# tar zxvf openssh-${version}.tar.gz [root@node01-ssh SOURCES]# cp /etc/pam.d/sshd openssh-${version}/contrib/redhat/sshd.pam [root@node01-ssh SOURCES]# mv openssh-${version}.tar.gz{,.orig} [root@node01-ssh SOURCES]# tar zcpf openssh-${version}.tar.gz openssh-${version} [root@node01-ssh SOURCES]# tar zxvf openssh-9.3p1.tar.gz openssh-${version}/contrib/redhat/openssh.spec
Ajustement du fichier spec
[root@node01-ssh SOURCES]# cd openssh-${version}/contrib/redhat/ [root@node01-ssh redhat]# chown root.root openssh.spec [root@node01-ssh redhat]# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec [root@node01-ssh redhat]# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec [root@node01-ssh redhat]# sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec [root@node01-ssh redhat]# sed -i -e "s/PreReq: initscripts >= 5.00/#PreReq: initscripts >= 5.00/g" openssh.spec [root@node01-ssh redhat]# sed -i -e "s/BuildRequires: openssl-devel < 1.1/#BuildRequires: openssl-devel < 1.1/g" openssh.spec [root@node01-ssh redhat]# sed -i -e "/check-files/ s/^#*/#/" /usr/lib/rpm/macros
Création des RPM via les sources openssh 8.3p1
[root@node01-ssh redhat]# ls -al
[root@node01-ssh redhat]# rpmbuild -ba openssh.spec
[root@node01-ssh redhat]# cd /root/rpmbuild/RPMS/x86_64/ [root@node01-ssh x86_64]# ls -al
Création de l’Archive openssh 8.3p1
[root@node01-ssh x86_64]# tar zcvf /home/openssh-${version}-RPMs.el8.tar.gz openssh*
[root@node-hadoop01 x86_64]# rm -rf ~/rpmbuild ~/openssh-${version}
Installation des paquets (archive)
[root@node01-ssh x86_64]# cd /home [root@node01-ssh home]# ls -al |grep RPM [root@node01-ssh home]# tar -xzvf openssh-9.3p1-RPMs.el8.tar.gz
Sauvegarde des fichiers conf 9.0p1
[root@node01-ssh home]cp /etc/pam.d/sshd pam-ssh-conf-06052023
Installation Openssh 9.3p1
[root@node01-ssh home]# rpm -Uvh *.rpm
Restauration du fichier de conf 9.0p1
[root@node01-ssh home]# mv /etc/pam.d/sshd /etc/pam.d/sshd_93p1_06052023 [root@node01-ssh home]# cp pam-ssh-conf-06052023 /etc/pam.d/sshd
Autorisation root acces (option)
[root@node01-ssh ~]# cat /etc/ssh/sshd_config |grep PermitRootLogin
[root@node01-ssh ~]# sed -i 's/prohibit-password/yes/' /etc/ssh/sshd_config [root@node01-ssh ~]# sed -i 's/#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config [root@node01-ssh ~]# cat /etc/ssh/sshd_config |grep PermitRootLogin
Activation Identification PAM (option)
[root@node01-ssh ~]# cat /etc/ssh/sshd_config |grep UsePAM [root@node01-ssh ~]# sed -i 's/#UsePAM no/UsePAM yes/' /etc/ssh/sshd_config [root@node01-ssh ~]# cat /etc/ssh/sshd_config |grep UsePAM
Redémarrage du service sshd
[root@node01-ssh ~]# chmod 600 /etc/ssh/ssh* [root@node01-ssh ~]# systemctl restart sshd [root@node01-ssh ~]# systemctl status sshd
Correction de l’erreur « ssh_host_dsa_key.pub »
[root@node01-ssh ~]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_dsa_key [root@node01-ssh ~]# systemctl restart sshd [root@node01-ssh ~]# systemctl status sshd
[root@node01-ssh ~]# ssh -V
Views: 1