CentOS7编译生成openssl和openssh RPM包

# yum install -y wget rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel openssl-libs curl which make  perl perl-WWW-Curl

# curl -O --silent https://www.openssl.org/source/openssl-1.1.1t.tar.gz

Summary: OpenSSL 1.1.1t for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1t}
Release: 1%{?dist}
Obsoletes: %{name} 

# mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
# cp openssl.spec /root/rpmbuild/SPECS/
# cp openssl-1.1.1t.tar.gz /root/rpmbuild/SOURCES/
# cd /root/rpmbuild/SPECS/
# rpmbuild -D "version 1.1.1t" -ba openssl.spec

# ll /root/rpmbuild/RPMS/x86_64
total 5656
-rw-r--r-- 1 root root 5417376 May 12 16:10 openssl-1.1.1t-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  133608 May 12 16:10 openssl-debuginfo-1.1.1t-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  234776 May 12 16:10 openssl-devel-1.1.1t-1.el7.x86_64.rpm

openssl-libs不需要卸载
# yum remove openssl
# rpm -e openssl-devel   
# ll
total 5524
-rw-r--r-- 1 root root 5417376 May 12 16:23 openssl-1.1.1t-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  234776 May 12 16:23 openssl-devel-1.1.1t-1.el7.x86_64.rpm
只安装openssl和openssl-devel两个包即可
# rpm -Uvh *.rpm --nodeps
# rpm -qa |grep openssl
xmlsec1-openssl-1.2.20-7.el7_4.x86_64
openssl-libs-1.0.2k-26.el7_9.x86_64
openssl-1.1.1t-1.el7.x86_64
openssl-devel-1.1.1t-1.el7.x86_64
# openssl version
OpenSSL 1.1.1t  7 Feb 2023

# cp openssh-9.3p1.tar.gz /root/rpmbuild/SOURCES/
# cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
# tar zxvf openssh-9.3p1.tar.gz
# cp openssh-9.3p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/

# vi /root/rpmbuild/SPECS/openssh.spec
修改内容如下：
1）将原先openssh.spec中的
%global no_x11_askpass 0
%global no_gnome_askpass 0
修改为
%global no_x11_askpass 1
%global no_gnome_askpass 1
2）注释掉#BuildRequires: openssl-devel 

# ll /root/rpmbuild/RPMS/x86_64/openssh*
-rw-r--r-- 1 root root  667080 May 12 16:47 /root/rpmbuild/RPMS/x86_64/openssh-9.3p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  639504 May 12 16:47 /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 3192984 May 12 16:47 /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root  470000 May 12 16:47 /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p1-1.el7.x86_64.rpm

# cp /etc/ssh/sshd_config /root/
# ll
total 1740
-rw-r--r-- 1 root root 667080 May 12 17:04 openssh-9.3p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 639504 May 12 17:04 openssh-clients-9.3p1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 470000 May 12 17:04 openssh-server-9.3p1-1.el7.x86_64.rpm
# rpm -Uvh openssh-*
# mv /root/sshd_config /etc/ssh/
mv: overwrite ‘/etc/ssh/sshd_config’? y
# rm -rf /etc/ssh/ssh_host_*
# systemctl restart sshd
# ssh -V
OpenSSH_9.3p1, OpenSSL 1.1.1t  7 Feb 2023

# cat /etc/pam.d/sshd
#%PAM-1.0
auth	   required	pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare