一、背景说明

Centos7.9 默认安装的openssh 版本为7.4p1,经绿盟扫描,存在高危漏洞,需要升级到最新。

官网只提供编译安装包,为了方便升级,先通过编译安装包,制作rpm包,并进行升级

如下为做好的rpm升级包,可直接下载使用:

openssh 9.3p2 for Centos7.9版本,及升级指引

1.1 系统版本查看 cat /etc/redhat-release

[root@mysql8test ~]# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)
[root@mysql8test ~]# 

二、rpm包制作

2.1、安装制作的工具

##配置yum源(省略)


##安装依赖包
[root@mysql8test ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y

##安装imake
[root@mysql8test ~]# yum install -y imake

2.2 创建编译目录

mkdir -p /root/rpmbuild

cd /root/rpmbuild

mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS

[root@mysql8test ~]# mkdir -p /root/rpmbuild
[root@mysql8test ~]# cd /root/rpmbuild
[root@mysql8test rpmbuild]# mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@mysql8test rpmbuild]# 

2.3 下载openssh9.3p2和x11-ssh-askpass-1.2.4.1.tar.gz


##将下载的文件放入SOURCES文件夹下
cd /root/rpmbuild/SOURCES/

##下载openssh9.3p2
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz

[root@mysql8test SOURCES]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
--2023-08-06 20:12:24--  http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
Resolving ftp.openbsd.org (ftp.openbsd.org)... 199.185.178.81
Connecting to ftp.openbsd.org (ftp.openbsd.org)|199.185.178.81|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1835850 (1.8M) [text/plain]
Saving to: ‘openssh-9.3p2.tar.gz’

100%[=====================================================================================================>] 1,835,850    550KB/s   in 3.3s   

2023-08-06 20:12:28 (550 KB/s) - ‘openssh-9.3p2.tar.gz’ saved [1835850/1835850]

[root@mysql8test SOURCES]#



##下载x11-ssh-askpass-1.2.4.1.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz



[root@mysql8test SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
--2023-08-06 20:13:56--  https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
Resolving src.fedoraproject.org (src.fedoraproject.org)... 38.145.60.20, 38.145.60.21
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:58--  http://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:59--  https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1223 (1.2K) [text/html]
Saving to: ‘x11-ssh-askpass-1.2.4.1.tar.gz’

100%[=====================================================================================================>] 1,223       --.-K/s   in 0s      

2023-08-06 20:14:00 (81.0 MB/s) - ‘x11-ssh-askpass-1.2.4.1.tar.gz’ saved [1223/1223]

[root@mysql8test SOURCES]# 


2.4 修改openssh.spec配置

[root@mysql8test SOURCES]# cd /root/rpmbuild/SOURCES/
[root@mysql8test SOURCES]# tar -zxf openssh-9.3p2.tar.gz 

##编辑编译配置文件
cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
cd /root/rpmbuild/SPECS/

##结果:
[root@mysql8test SOURCES]# cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@mysql8test SOURCES]# cd /root/rpmbuild/SPECS/
[root@mysql8test SPECS]# ls -l
total 32
-rw-r--r--. 1 root root 30082 Aug  6 20:19 openssh.spec
[root@mysql8test SPECS]# 

##不生成askpass包
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec

cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpass
cat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpass

##修改openssl-devel的报错
sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec

##修改PreReq的报错
sed -i '/PreReq:/s/^/#/' openssh.spec

##.解决Obsoletes报错
sed -i '/Obsoletes:/s/^/#/' openssh.spec

cat /root/rpmbuild/SPECS/openssh.spec | grep Obsoletes


2.5 编译源码包,制作成rpm包

cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec

提示

...
Processing files: openssh-server-9.3p2-1.el7.x86_64
Provides: config(openssh-server) = 9.3p2-1.el7 openssh-server = 9.3p2-1.el7 openssh-server(x86-64) = 9.3p2-1.el7
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/bash libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.16)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.6)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit) libcrypto.so.10(OPENSSL_1.0.2)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
Processing files: openssh-debuginfo-9.3p2-1.el7.x86_64
Provides: openssh-debuginfo = 9.3p2-1.el7 openssh-debuginfo(x86-64) = 9.3p2-1.el7
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
Wrote: /root/rpmbuild/SRPMS/openssh-9.3p2-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.FtwsQ7
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p2
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
+ exit 0
[root@mysql8test SPECS]# 

2.5 查看生成的rpm包,并打包

##编译完成后的软件在,debug的包不用下载安装 
[root@mysql8test SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/
total 4.9M
-rw-r--r--. 1 root root 634K Aug  6 20:27 openssh-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 627K Aug  6 20:27 openssh-clients-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 462K Aug  6 20:27 openssh-server-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 3.2M Aug  6 20:27 openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
[root@mysql8test SPECS]# 

##对rpm进行打包
[root@mysql8test x86_64]# tar -zcvf /root/openssh-9.3p2_rpm_for_centos7.9.tar.gz *.rpm
openssh-9.3p2-1.el7.x86_64.rpm
openssh-clients-9.3p2-1.el7.x86_64.rpm
openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
openssh-server-9.3p2-1.el7.x86_64.rpm

三、centos7.9 从openssh7.4p1升级到openssh9.3p2

##升级之前查看版本
[root@mysql8test x86_64]# rpm -qa|grep openssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
[root@mysql8test x86_64]# 
[root@mysql8test x86_64]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@mysql8test x86_64]# 


##升级前备份 /etc/pam.d/sshd

cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd


验证openssh是否升级成功

##升级openssh

yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y


[root@mysql8test x86_64]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
Loaded plugins: fastestmirror
Examining openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64
Marking openssh-9.3p2-1.el7.x86_64.rpm as an update to openssh-7.4p1-21.el7.x86_64
Examining openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64
Marking openssh-clients-9.3p2-1.el7.x86_64.rpm as an update to openssh-clients-7.4p1-21.el7.x86_64
Examining openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64
Marking openssh-server-9.3p2-1.el7.x86_64.rpm as an update to openssh-server-7.4p1-21.el7.x86_64
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:9.3p2-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
 Package                         Arch                   Version                      Repository                                           Size
===============================================================================================================================================
Updating:
 openssh                         x86_64                 9.3p2-1.el7                  /openssh-9.3p2-1.el7.x86_64                         2.9 M
 openssh-clients                 x86_64                 9.3p2-1.el7                  /openssh-clients-9.3p2-1.el7.x86_64                 2.4 M
 openssh-server                  x86_64                 9.3p2-1.el7                  /openssh-server-9.3p2-1.el7.x86_64                  1.1 M

Transaction Summary
===============================================================================================================================================
Upgrade  3 Packages

Total size: 6.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : openssh-9.3p2-1.el7.x86_64                                                                                                  1/6 
  Updating   : openssh-server-9.3p2-1.el7.x86_64                                                                                           2/6 
  Updating   : openssh-clients-9.3p2-1.el7.x86_64                                                                                          3/6 
  Cleanup    : openssh-clients-7.4p1-21.el7.x86_64                                                                                         4/6 
  Cleanup    : openssh-server-7.4p1-21.el7.x86_64                                                                                          5/6 
  Cleanup    : openssh-7.4p1-21.el7.x86_64                                                                                                 6/6 
  Verifying  : openssh-server-9.3p2-1.el7.x86_64                                                                                           1/6 
  Verifying  : openssh-9.3p2-1.el7.x86_64                                                                                                  2/6 
  Verifying  : openssh-clients-9.3p2-1.el7.x86_64                                                                                          3/6 
  Verifying  : openssh-clients-7.4p1-21.el7.x86_64                                                                                         4/6 
  Verifying  : openssh-7.4p1-21.el7.x86_64                                                                                                 5/6 
  Verifying  : openssh-server-7.4p1-21.el7.x86_64                                                                                          6/6 

Updated:
  openssh.x86_64 0:9.3p2-1.el7              openssh-clients.x86_64 0:9.3p2-1.el7              openssh-server.x86_64 0:9.3p2-1.el7             

Complete!
[root@mysql8test x86_64]# 
[root@mysql8test x86_64]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@mysql8test x86_64]#

##重启sshd出现报错
[root@mysql8test x86_64]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@mysql8test x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2023-08-06 20:39:07 CST; 7s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 32668 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
 Main PID: 1029 (code=exited, status=0/SUCCESS)

Aug 06 20:39:07 mysql8test sshd[32668]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Aug 06 20:39:07 mysql8test sshd[32668]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Aug 06 20:39:07 mysql8test sshd[32668]: It is required that your private key files are NOT accessible by others.
Aug 06 20:39:07 mysql8test sshd[32668]: This private key will be ignored.
Aug 06 20:39:07 mysql8test sshd[32668]: sshd: no hostkeys available -- exiting.
Aug 06 20:39:07 mysql8test sshd[32668]: [FAILED]
Aug 06 20:39:07 mysql8test systemd[1]: sshd.service: control process exited, code=exited status=1
Aug 06 20:39:07 mysql8test systemd[1]: Failed to start SYSV: OpenSSH server daemon.
Aug 06 20:39:07 mysql8test systemd[1]: Unit sshd.service entered failed state.
Aug 06 20:39:07 mysql8test systemd[1]: sshd.service failed.
[root@mysql8test x86_64]# 


##修改文件权限

chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@mysql8test x86_64]# chmod 600 /etc/ssh/ssh_host_ed25519_key


##再次重启sshd,正常
[root@mysql8test x86_64]# systemctl restart sshd
[root@mysql8test x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: active (running) since Sun 2023-08-06 20:40:10 CST; 3s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 32689 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
 Main PID: 32697 (sshd)
   CGroup: /system.slice/sshd.service
           └─32697 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups

Aug 06 20:40:10 mysql8test systemd[1]: Starting SYSV: OpenSSH server daemon...
Aug 06 20:40:10 mysql8test sshd[32689]: /sbin/restorecon:  lstat(/etc/ssh/ssh_host_dsa_key.pub) failed:  No such file or directory
Aug 06 20:40:10 mysql8test sshd[32697]: Server listening on 0.0.0.0 port 22.
Aug 06 20:40:10 mysql8test sshd[32697]: Server listening on :: port 22.
Aug 06 20:40:10 mysql8test sshd[32689]: Starting sshd:[  OK  ]
Aug 06 20:40:10 mysql8test systemd[1]: Started SYSV: OpenSSH server daemon.
[root@mysql8test x86_64]# 

四、Centos7.9 openssh 9.3p1升级到openssh 9.3p2


[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@ucsp-rancher-03 openssh9.3p2]# 
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]# cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]# 
[root@ucsp-rancher-03 openssh9.3p2]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
已加载插件:fastestmirror, langpacks
正在检查 openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64
openssh-9.3p2-1.el7.x86_64.rpm 将作为 openssh-9.3p1-1.el7.x86_64 的更新
正在检查 openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64
openssh-clients-9.3p2-1.el7.x86_64.rpm 将作为 openssh-clients-9.3p1-1.el7.x86_64 的更新
正在检查 openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64
openssh-server-9.3p2-1.el7.x86_64.rpm 将作为 openssh-server-9.3p1-1.el7.x86_64 的更新
正在解决依赖关系
--> 正在检查事务
---> 软件包 openssh.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh.x86_64.0.9.3p2-1.el7 将被 更新
---> 软件包 openssh-clients.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh-clients.x86_64.0.9.3p2-1.el7 将被 更新
---> 软件包 openssh-server.x86_64.0.9.3p1-1.el7 将被 升级
---> 软件包 openssh-server.x86_64.0.9.3p2-1.el7 将被 更新
--> 解决依赖关系完成
base/7/x86_64                                                                                                                                                                                  | 3.6 kB  00:00:00     
centosplus/7/x86_64                                                                                                                                                                            | 2.9 kB  00:00:00     
epel/7/x86_64                                                                                                                                                                                  | 4.7 kB  00:00:00     
extras/7/x86_64                                                                                                                                                                                | 2.9 kB  00:00:00     
updates/7/x86_64                                                                                                                                                                               | 2.9 kB  00:00:00     

依赖关系解决

======================================================================================================================================================================================================================
 Package                                           架构                                     版本                                          源                                                                     大小
======================================================================================================================================================================================================================
正在更新:
 openssh                                           x86_64                                   9.3p2-1.el7                                   /openssh-9.3p2-1.el7.x86_64                                           2.9 M
 openssh-clients                                   x86_64                                   9.3p2-1.el7                                   /openssh-clients-9.3p2-1.el7.x86_64                                   2.4 M
 openssh-server                                    x86_64                                   9.3p2-1.el7                                   /openssh-server-9.3p2-1.el7.x86_64                                    1.1 M

事务概要
======================================================================================================================================================================================================================
升级  3 软件包

总计:6.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : openssh-9.3p2-1.el7.x86_64                                                                                                                                                                        1/6 
  正在更新    : openssh-server-9.3p2-1.el7.x86_64                                                                                                                                                                 2/6 
  正在更新    : openssh-clients-9.3p2-1.el7.x86_64                                                                                                                                                                3/6 
  清理        : openssh-clients-9.3p1-1.el7.x86_64                                                                                                                                                                4/6 
  清理        : openssh-server-9.3p1-1.el7.x86_64                                                                                                                                                                 5/6 
  清理        : openssh-9.3p1-1.el7.x86_64                                                                                                                                                                        6/6 
  验证中      : openssh-server-9.3p2-1.el7.x86_64                                                                                                                                                                 1/6 
  验证中      : openssh-9.3p2-1.el7.x86_64                                                                                                                                                                        2/6 
  验证中      : openssh-clients-9.3p2-1.el7.x86_64                                                                                                                                                                3/6 
  验证中      : openssh-9.3p1-1.el7.x86_64                                                                                                                                                                        4/6 
  验证中      : openssh-clients-9.3p1-1.el7.x86_64                                                                                                                                                                5/6 
  验证中      : openssh-server-9.3p1-1.el7.x86_64                                                                                                                                                                 6/6 

更新完毕:
  openssh.x86_64 0:9.3p2-1.el7                                      openssh-clients.x86_64 0:9.3p2-1.el7                                      openssh-server.x86_64 0:9.3p2-1.el7                                     

完毕!
[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@ucsp-rancher-03 openssh9.3p2]# systemctl restart sshd
[root@ucsp-rancher-03 openssh9.3p2]# 

08-06 15:53