Welcome to the Linux Foundation Forum!

Upgrading openssh?

tmccaff Posts: 1
edited December 2017 in Red Hat Enterprise

I was told by my pci scan newed to update to newest openssh. How do I install it by source?


  • linuxhitman
    linuxhitman Posts: 1
    edited September 2019

    (Oops! I just noticed this is a necro-thread -- I'll leave it JIC it will help someone.)

    This is how I do it when I need to install a new version on CentOS 6 or CentOS 7.

    This is for VERSION=7.9p1 -- latest is 8.0p1 but the process is essentially the same. The rpms are built as a non-root user in home directory. (See ~/.rpmmacros)

    $ sudo yum install rpm-build gcc make wget openssl-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel gtk2-devel

    copy x11-ssh-askpass- to ~/rpms/SOURCES (this file can be hard to find...)

    copy the openssh tar.gz file to ~/rpms/SOURCES

    cd to ~/rpms/SOURCES
    $ cd ~/rpms/SOURCES

    extract tar file
    $ tar -xvzf openssh-7.9p1.tar.gz

    $ cd openssh-7.9p1

    copy system pam.d/ssh file to extracted archive
    $ cp /etc/pam.d/sshd contrib/redhat/sshd.pam.old

    copy spec file to SPECS directory
    $ cp contrib/redhat/openssh.spec ~/rpms/SPECS/.

    $ cd ..

    rebuild the tar file
    $ tar -zcpf openssh-7.9p1.tar.gz openssh-7.0p1

    $ cd ~/rpms/SPECS

    check version of openssl-devel should be >=1.0.1 and < 1.1
    $ openssl version

    if desired, edit openssh.spec to disable gnome askpass programs. It is
    only necessary for desktops and can be removed from servers.
    %define no_gnome_askpass 1

    might need to comment out this line -- dunno why
    BuildRequires: openssl-devel < 1.1

    these are probably not necessary any more
    replace BuildPreReq with BuildRequires
    comment out the entries for slogin and slogin.1 under %files clients

    build a src.rpm and .rpm file (use -ba to build both, -bs to build src.rpm only)
    $ rpmbuild -ba openssh.spec


Upcoming Training