Monday, March 7, 2011

Steps to upgrade openssh package


1st Method

1.  Download the latest openssh package from http://www.openssh.org/ under /usr/local.
2.  Extract the package: # tar -xvf openssh-<version>.tar.gz
3.  Take a note of current SSH installation on the server by executing the following commands:
      # which ssh
      # rpm -qa | grep ssh
      # rpm -qf  `which ssh` 
      Also take a backup of /etc/ssh folder.
4.  Go to /usr/local/openssh-<version no>/ 
5.  Compile the openssh package as follows:
     # ./configure --with-kerberos5 --with-pam --with-md5-passwords 
6. make 
7. make install 
8. Check if the system is using the newly compiled openssh package by running the 'which' and 'ssh -v' command. 
9. Manually link the older version of  'ssh' command to new version:
   # mv /usr/sbin/ssh /usr/sbin/ssh_old
   # ln -s /usr/local/bin/ssh /usr/sbin/ssh  


2nd Method (by overriding existing SSH config)
1.  Download the latest openssh package from http://www.openssh.org/ under /usr/local.
2.  Extract the package: # tar -xvf openssh-<version>.tar.gz
3.  Take a note of current SSH installation on the server by executing the following commands:
      # which ssh
      # rpm -qa | grep ssh
      # rpm -qf  `which ssh` 
      Also take a backup of /etc/ssh folder.
4.  Go to /usr/local/openssh-<version no>/ 
5.  Compile the openssh package as follows:

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/opt/openssl-0.9.8e --with-pam  --with-kerberos5 --with-md5-passwords --with-tcp-wrappers

6. make 
7. make install 
8. Check if the system is using the newly compiled openssh package by running the 'which' and 'ssh -v' command. 


Posted by at
Labels:

6 comments:

  1. shjn96March 9, 2011 at 7:37 AM

    Hi, thanks for the great detailed instructions above.

    I did the upgrade with the following commands:-
    "./configure --prefix=/opt/ssh5_8 --sysconfdir=/etc/ssh5_8"

    Then I ran the following commands:
    make
    make install

    ------
    My question is, where and what other things should I do to enable the system to use the new SSH version rather than the old version?

    The reason I am doing the above is because I want to be sure that the new version is working fine. If it's not, I can always revert to the old version first.

    ReplyDelete
  2. UnknownApril 13, 2011 at 2:06 AM

    hi, when i tried to upgrade this error came

    " OpenSSL headers missing - please install first or check config.log "

    ReplyDelete
  3. UnknownFebruary 19, 2013 at 4:47 PM

    unable to run make command kindly suggest

    ReplyDelete
  4. UnknownFebruary 19, 2013 at 4:48 PM

    unable to run make command kindly suggest

    ReplyDelete
  5. AnonymousFebruary 23, 2013 at 4:51 PM

    Good info. Lucky me I ran across your blog by accident (stumbleupon).
    I've saved it for later!

    Feel free to surf to my blog - payday loan

    ReplyDelete
  6. MuthuJuly 15, 2015 at 9:20 AM

    why cannot we use rpm -uvh to upgrade the openssh

    ReplyDelete

Subscribe to: Post Comments (Atom)