Most of us know the approach of the RHEL developers to publishing the latest versions of software in the repositories. Every day new vulnerabilities are being discovered and it really important to keep the software up to date.
What can be done if the latest version of any software is not available in the software repository? The only solution is to compile it from source package.
Usually it is risky, especially with OpenSSH that stands for remote access to the server. If anything goes wrong than you will lose access to your server forever. This is why please make sure to backup all data to local PC before moving forward.
For example the latest version of OpenSSH available for CentOS 5.8 is 4.3 but the latest version available today is v.7-2p2.
This manual was tested with openssh v.6.6p1 this is why I’ll proceed with this version.
Let’s download the available openssh from the repositories and save rpm file locally. This will allow to install it if anything goes wrong:
yum -y install yum-utils.noarch
Next install some dependencies:
yum install gcc make openssl-devel pam-devel screen
Download the source package and uncompres it:
tar xvf openssh-6.4*.gz
I used the following
- configuration files will be located in
- binaries will be located in
- support pam auth
./configure –sysconfdir=/etc/sshd/ –bindir=/usr/bin/ –sbindir=/usr/sbin/ –with-ipv4-default –with-md5-passwords –with-pam
Now we can remove the existing openssh from the server. Please make sure that you have a stable internet connection because starting from this point your active session is the only connection to the server. If it get’s interrupted the server will become unavailable for you:
yum remove openssh-server
Compile and install new openssh:
Copy init script and enable autostart:
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig sshd –add
chkconfig sshd on
Make sure to edit the configuration file with required configuration options (PermitRootLogin, etc.)
Comment-out the following line in the init.d script (/etc/init.d/sshd) otherwice it will result into the certificate error:
Backup the old openssh folder and make a symlink of the new one:
mv /etc/ssh /etc/ssh.bak && ln -s /etc/sshd /etc/ssh
At this point I was looking forward to restarting the ssh daemon however testing environment allowed me to determine that it is better to stop and start it in a separate commands.
When I ran
/etc/init.d/sshd restart my session terminated but ssh daemon didn’t start. I could not determine what happened.
Let’s run two commands in screen:
/etc/init.d/sshd stop && /etc/init.d/sshd start
During the compilation you can get the following message:
configure: error: PAM headers not found
This can happen if pam-devel is missing:
yum install pam-devel