If want your server to pass the PCI DSS scan then you will need the latest version OpenSSH. But the CentOS 5 repos doesn’t contain the latest version of OpenSSH. So will have to create your own rpm and install it.
First of all install the rpmbuild tools
yum install rpm-build gcc make
Then download the latest version from http://www.openssh.com/portable.html
wget http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-6.5p1.tar.gz tar zxvf openssh-6.5p1.tar.gz
Copy the files to specific folders. Create the folders if they don’t exist.
cp ./openssh-6.5p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/
Now disable the x11-askpas and gnome-askpass as we don’t require it. Edit /usr/src/redhat/SPECS/openssh.spec and set below values
# Do we want to disable building of x11-askpass? (1=yes 0=no) %define no_x11_askpass 1 # Do we want to disable building of gnome-askpass? (1=yes 0=no) %define no_gnome_askpass 1
Now build the rpm
cd /usr/src/redhat/SPECS rpmbuild -bb openssh.spec
Above commands will create the rpm in /usr/src/redhat/RPMS/ folder. Go ahead and install them
cd /usr/src/redhat/RPMS/x86_64/ rpm -Uvh *.rpm
And it’s done. You can check the SSH version using command “ssh -V”
Hello,
I am following steps mentioned to upgrade openssh.
But one of the step is following.
cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/
my question is how did we get openssh-5.8p1.tar.gz ?
Thanks
Sachin
You have to download it from http://www.openssh.com/portable.html as mentioned it in above steps.
Hi, could you help me, after rebuilding I have got next files:
ls -l
openssh-6.6p1-1.x86_64.rpm
openssh-clients-6.6p1-1.x86_64.rpm
openssh-server-6.6p1-1.x86_64.rpm
But when I want to install this rpm, I get an error:
# rpm -Uvh *.rpm
error: Failed dependencies:
openssh = 5.3p1-81.el6 is needed by (installed) openssh-askpass-5.3p1-81.el6.x86_64
You should also download the latest version of openssh-askpass and update it too.
excellent information,
we update my ssh version on centOS Server.
Thanks for your kindly efforts!!!
After a successful OpenSSH 6.6P1 upgrade, i am not able to ssh to the system . Its giving me Permission denied error. Any Idea why this happening.
Got really frustrated with this issue. Even for root, this permission denied error is coming. I have googled at lot but couldnt find a solution still. Please help.
Thanks in advance.
I can’t say anything for sure. Login to console and check the /var/log/secure and /var/log/messages for the exact reason.
I encountered exactly the same issue. After upgrading to ssh6.5p1 on a RHEL 6.5, I was no longer to be able to login, even with root. Is there a quick work-around or some tricks to have it resolved?
Thanks,
I figured it out.
After updating sshd, the /etc/pam.d/sshd file got messed up. After changing the settings, it is working now.
CER TXG: Please i want to know what settings exactly that you changed that made it to start working becuase i am having same problem here
I had issues logging in after upgrade, but replacing contents in /etc/pam.d/sshd
with
#%PAM-1.0
#auth required pam_stack.so service=system-auth
#account required pam_nologin.so
#account required pam_stack.so service=system-auth
#password required pam_stack.so service=system-auth
#session required pam_stack.so service=system-auth
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
Pingback: Centos Latest Version | xcarplay.com
Confirmed !!!
The post above works 100% !
Thank you Kwasi!