I was told by my pci scan newed to update to newest openssh. How do I install it by source?
(Oops! I just noticed this is a necro-thread -- I'll leave it JIC it will help someone.)
This is how I do it when I need to install a new version on CentOS 6 or CentOS 7.
This is for VERSION=7.9p1 -- latest is 8.0p1 but the process is essentially the same. The rpms are built as a non-root user in home directory. (See ~/.rpmmacros)
$ sudo yum install rpm-build gcc make wget openssl-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel gtk2-devel
copy x11-ssh-askpass-220.127.116.11.tar.gz to ~/rpms/SOURCES (this file can be hard to find...)
copy the openssh tar.gz file to ~/rpms/SOURCES
cd to ~/rpms/SOURCES
$ cd ~/rpms/SOURCES
extract tar file
$ tar -xvzf openssh-7.9p1.tar.gz
$ cd openssh-7.9p1
copy system pam.d/ssh file to extracted archive
$ cp /etc/pam.d/sshd contrib/redhat/sshd.pam.old
copy spec file to SPECS directory
$ cp contrib/redhat/openssh.spec ~/rpms/SPECS/.
$ cd ..
rebuild the tar file
$ tar -zcpf openssh-7.9p1.tar.gz openssh-7.0p1
$ cd ~/rpms/SPECS
check version of openssl-devel should be >=1.0.1 and < 1.1
$ openssl version
if desired, edit openssh.spec to disable gnome askpass programs. It isonly necessary for desktops and can be removed from servers.
%define no_gnome_askpass 1
might need to comment out this line -- dunno why
BuildRequires: openssl-devel < 1.1
these are probably not necessary any more
replace BuildPreReq with BuildRequires
comment out the entries for slogin and slogin.1 under %files clients
build a src.rpm and .rpm file (use -ba to build both, -bs to build src.rpm only)
$ rpmbuild -ba openssh.spec