How to upgrade OpenSSH on CentOS 5

openssh-upgrade-centos5

If want your server to pass the PCI DSS scan then you will need the latest version OpenSSH. But the CentOS 5 repos doesn’t contain the latest version of OpenSSH. So will have to create your own rpm and install it.

First of all install the rpmbuild tools

yum install rpm-build gcc make

Then download the latest version from http://www.openssh.com/portable.html

wget http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-6.5p1.tar.gz
tar zxvf openssh-6.5p1.tar.gz

Copy the files to specific folders. Create the folders if they don’t exist.

cp ./openssh-6.5p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/

Now disable the x11-askpas and gnome-askpass as we don’t require it. Edit /usr/src/redhat/SPECS/openssh.spec and set below values

# Do we want to disable building of x11-askpass? (1=yes 0=no)
%define no_x11_askpass 1

# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 1

Now build the rpm

cd /usr/src/redhat/SPECS
rpmbuild -bb openssh.spec

Above commands will create the rpm in /usr/src/redhat/RPMS/ folder. Go ahead and install them

cd /usr/src/redhat/RPMS/x86_64/
rpm -Uvh *.rpm

And it’s done. You can check the SSH version using command “ssh -V”

About 

Sreejit is the founder of Server Management Plus. His motto is "If there's an easier way, Why do it any other way" and following it, he has created a lots of automation scripts for the company using which we are able to resolve issue at an extremely fast rate and save lots of time. He has a very keen interest in new technologies and spend most of his free time online researching about it apart from listening music and watching movies.

14 thoughts on “How to upgrade OpenSSH on CentOS 5”

  1. Hello,

    I am following steps mentioned to upgrade openssh.
    But one of the step is following.
    cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/

    my question is how did we get openssh-5.8p1.tar.gz ?

    Thanks
    Sachin

    1. You have to download it from http://www.openssh.com/portable.html as mentioned it in above steps.

  2. Hi, could you help me, after rebuilding I have got next files:
    ls -l
    openssh-6.6p1-1.x86_64.rpm
    openssh-clients-6.6p1-1.x86_64.rpm
    openssh-server-6.6p1-1.x86_64.rpm

    But when I want to install this rpm, I get an error:

    # rpm -Uvh *.rpm
    error: Failed dependencies:
    openssh = 5.3p1-81.el6 is needed by (installed) openssh-askpass-5.3p1-81.el6.x86_64

  3. Carlos Cetina

    excellent information,
    we update my ssh version on centOS Server.
    Thanks for your kindly efforts!!!

  4. After a successful OpenSSH 6.6P1 upgrade, i am not able to ssh to the system . Its giving me Permission denied error. Any Idea why this happening.
    Got really frustrated with this issue. Even for root, this permission denied error is coming. I have googled at lot but couldnt find a solution still. Please help.

    Thanks in advance.

    1. I can’t say anything for sure. Login to console and check the /var/log/secure and /var/log/messages for the exact reason.

    2. I encountered exactly the same issue. After upgrading to ssh6.5p1 on a RHEL 6.5, I was no longer to be able to login, even with root. Is there a quick work-around or some tricks to have it resolved?

      Thanks,

    3. I figured it out.

      After updating sshd, the /etc/pam.d/sshd file got messed up. After changing the settings, it is working now.

  5. CER TXG: Please i want to know what settings exactly that you changed that made it to start working becuase i am having same problem here

  6. I had issues logging in after upgrade, but replacing contents in /etc/pam.d/sshd

    with

    #%PAM-1.0
    #auth required pam_stack.so service=system-auth
    #account required pam_nologin.so
    #account required pam_stack.so service=system-auth
    #password required pam_stack.so service=system-auth
    #session required pam_stack.so service=system-auth

    auth required pam_sepermit.so
    auth include password-auth
    account required pam_nologin.so
    account include password-auth
    password include password-auth
    # pam_selinux.so close should be the first session rule
    session required pam_selinux.so close
    session required pam_loginuid.so
    # pam_selinux.so open should only be followed by sessions to be executed in the user context
    session required pam_selinux.so open env_params
    session optional pam_keyinit.so force revoke
    session include password-auth

  7. Pingback: Centos Latest Version | xcarplay.com

Comments are closed.