Upgrading OpenSSH on CentOS

First, download the OpenSSH source tarball from the vendor and unpack it. You can find the tarballs at http://www.openssh.com/portable.html

cd /usr/src

wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.8p1.tar.gz

tar -xvzf openssh-6.8p1.tar.gz

You may need to install a few things for the RPM build to work:

yum install rpm-build gcc make wget openssl-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel

Copy the spec file and tarball:

mkdir -p /root/rpmbuild/{SOURCES,SPECS}

cp ./openssh-6.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/

cp openssh-6.8p1.tar.gz /root/rpmbuild/SOURCES/

Do a little magic:

cd /root/rpmbuild/SPECS
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec
sed -i -e "s/BuildPreReq/BuildRequires/g" /usr/src/redhat/SPECS/openssh.spec

…and build your RPM:

rpmbuild -bb openssh.spec

Now if you go back into /root/rpmbuild/RPMS/<arch> , you should see three RPMs. Go ahead and install them:

rpm -Uvh *.rpm

To verify the installed version, just type ‘ssh -v localhost’ and you should see the banner come up, indicating the new version.

*IMPORTANT! You may want to open a new SSH session to your server before exiting, to make sure everything is working! If you have a problem, simply:

yum downgrade openssh-server


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s