最近發現redhat 5.4 使用的openssh server的版本還是4.3p1,這是一個有漏洞的版本,網上沒有找到合適的版本,最後決定自己編譯一個rpm解決。
必須安裝開發環境,如果沒有按照以下步驟安裝
# yum install gcc
# yum install openssl-devel
# yum install pam-devel
# yum install rpm-build
得到openssh server的版本
# wget http://ftp.bit.nl/mirror/openssh/portable/openssh-5.2p1.tar.gz
# wget http://ftp.bit.nl/mirror/openssh/portable/openssh-5.2p1.tar.gz.asc
# wget -O- http://ftp.bit.nl/mirror/openssh/DJM-GPG-KEY.asc | gpg --import
# gpg openssh-5.2p1.tar.gz.asc
gpg: Signature made Mon 23 Feb 2009 01:18:28 AM CET using DSA key ID 86FF9C48
gpg: Good signature from "Damien Miller (Personal Key) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3981 992A 1523 ABA0 79DB FC66 CE8E CB03 86FF 9C48
製作rpm包
# tar zxvf openssh-5.2p1.tar.gz
# cp openssh-5.2p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS
# perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
如果出現zlib版本錯誤,可以先安裝zlib1.2.3 或者使用以下命令解決。
--without-zlib-version-check
建立安裝包
# rpmbuild -bb openssh.spec
生成在/usr/src/redhat/RPMS/i386目錄下
# cd /usr/src/redhat/RPMS/`uname -i`
# ls -l
-rw-r--r-- 1 root root 275808 Feb 27 08:08 openssh-5.2p1-1.x86_64.rpm
-rw-r--r-- 1 root root 439875 Feb 27 08:08 openssh-clients-5.2p1-1.x86_64.rpm
-rw-r--r-- 1 root root 277714 Feb 27 08:08 openssh-server-5.2p1-1.x86_64.rpm
安裝
# rpm -Uvh openssh*rpm
Preparing... ########################################### [100%]
1:openssh ########################################### [ 33%]
2:openssh-clients ########################################### [ 67%]
3:openssh-server ########################################### [100%]
# service sshd restart