Upgrading openssh

RHEL5 and CentOS 5 run an older version of ssh, which makes doing a chroot sftp or scp more difficult.


You need to have following packages and it’s dependencies installed:-

Yum install -y rpm-devel rpm-build pam pam-devel perl openssl-devel tcp-wrappers


It is not recommended to build RPM as root user.

1. Login to server using SSH as a normal user.
2. In your home directory create a file .rpmmacros and add following entires to ot.

%_topdir %(echo $HOME)/rpmbuild

3. Next step is creating the build environment. In your home directory, create following directories:-

$mkdir rpmbuild
$cd rpmbuild

4. Download the latest openssh from their site. http://filedump.se.rit.edu/pub/OpenBSD/OpenSSH/portable/
5. Once it is downloaded, copy the tarball to the rpmbuild/SOURCES directory that you made.
6. You will also need to extract the tarball and copy over the spec file.

$tar xvf openssh-.tar.gz
$cd openssh-
$cp contrib/redhat/openssh.spec $HOME/rpmbuild/SPECS
$cd ..
$cp openssh-.tar.gz rpmbuild/SOURCES

7. Edit the spec file(HOME/rpmbuild/SPECS/openssh.spec).

Also change

%define no_x11_askpass 0
from 0 to 1. We don’t need the X11 accessories for this.

Do the same with

%define no_gnome_askpass 0
for the same reason. Lastly, comment out the line

%define build6x 0
As we’re not building for RHEL6.

8. Build rpm. In $HOME/rpmbuild/SPECS run the following command:-

$rpmbuild -ba openssh.spec
The above command should build and create several rpms in $HOME/rpmbuild/RPMS/i386

9. In the i386 directory holding the rpms run,

$rpm -Uvh openssh*
It should update openssh, openssh-server, and openssh-clients.

10. It will also create a new file in /etc/ssh called sshd_config.rpmnew. Make sure you have a copy of your old sshd_config. The rest of this will be done as root or with root privilege.

#cd /etc/ssh
#cp sshd_config sshd_config.orig
#mv sshd_config.rpmnew sshd_config

11. Restart the SSH service.

#/etc/init.d/sshd restart or
#service sshd restart

Check the versions of the OpenSSH installed

#rpm -qa | grep openssh