Upgrading openssh
RHEL5 and CentOS 5 run an older version of ssh, which makes doing a chroot sftp or scp more difficult.
Pre-requisites:=
You need to have following packages and it’s dependencies installed:-
Yum install -y rpm-devel rpm-build pam pam-devel perl openssl-devel tcp-wrappers
Steps:-
It is not recommended to build RPM as root user.
1. Login to server using SSH as a normal user.
2. In your home directory create a file .rpmmacros and add following entires to ot.
%_topdir %(echo $HOME)/rpmbuild
3. Next step is creating the build environment. In your home directory, create following directories:-
$mkdir rpmbuild
$cd rpmbuild
$mkdir BUILD RPMS SOURCES SPECS SRPMS
4. Download the latest openssh from their site. http://filedump.se.rit.edu/pub/OpenBSD/OpenSSH/portable/
5. Once it is downloaded, copy the tarball to the rpmbuild/SOURCES directory that you made.
6. You will also need to extract the tarball and copy over the spec file.
$tar xvf openssh-.tar.gz
$cd openssh-
$cp contrib/redhat/openssh.spec $HOME/rpmbuild/SPECS
$cd ..
$cp openssh-.tar.gz rpmbuild/SOURCES
7. Edit the spec file(HOME/rpmbuild/SPECS/openssh.spec).
Also change
%define no_x11_askpass 0
from 0 to 1. We don’t need the X11 accessories for this.
Do the same with
%define no_gnome_askpass 0
for the same reason. Lastly, comment out the line
%define build6x 0
As we’re not building for RHEL6.
8. Build rpm. In $HOME/rpmbuild/SPECS run the following command:-
$rpmbuild -ba openssh.spec
The above command should build and create several rpms in $HOME/rpmbuild/RPMS/i386
9. In the i386 directory holding the rpms run,
$rpm -Uvh openssh*
It should update openssh, openssh-server, and openssh-clients.
10. It will also create a new file in /etc/ssh called sshd_config.rpmnew. Make sure you have a copy of your old sshd_config. The rest of this will be done as root or with root privilege.
#cd /etc/ssh
#cp sshd_config sshd_config.orig
#mv sshd_config.rpmnew sshd_config
11. Restart the SSH service.
#/etc/init.d/sshd restart or
#service sshd restart
Check the versions of the OpenSSH installed
#rpm -qa | grep openssh