Untitled Document

As you are probably aware, RedHat do not provide the most up-to-date release of the OpenSSH suite for secure logins to Linux.
RedHat only port PART of the updates into their RPM’s, which has been causing a bit of concern amongst the IRLP community globally.

The procedure below details how to update your OpenSSL and OpenSSH versions FROM SOURCE (not RPM) so that you have the latest security packages installed. This procedure works on RedHat and Fedora nodes.

To find out what version of OpenSSH you are running, enter ssh –V

The latest version (as at Mar 2005) is 4.0p1

Installing the new OpenSSL

Note that to upgrade OpenSSH, you will also need to upgrade OpenSSL

1. Download the latest OpenSSL source from http://www.openssl.org

2. cd into /usr/src and extract the tarball

tar –xvzf openssl-0.9.7e.tar.gz

3. cd into the /usr/src/openssl-0.9.7e directory.

4. Now you get to make OpenSSL configure itself for your system by typing ./config

This may take a few minutes.

5. Now compile OpenSSL by typing ‘make’

This can seemingly take FOREVER on a slow computer.

When done, you will have a nice fresh new OpenSSL build in /usr/local/ssl

Installing the new OpenSSH

(If you have RH7.3, you may need to install the ‘pam-devel’ RPM before performing this procedure)

apt-get install pam-devel

1. Download the OpenSSH source from http://www.openssh.org to the /usr/src directory on your node

2. cd into /usr/src and extract the tarball

tar –xvzf openssh-4.0p1.tar.gz

3. cd into the /usr/src/openssh-3.8.1p1 directory.

4. Now we get to build OpenSSH. we tell OpenSSH to configure with this long line:

./configure --with-ssl-dir=/usr/local/ssl --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-md5 --with-rand-helper –-with-pam

5. After SSH configures, do a make

6. Now do a make install

7. Restart SSH with /etc/rc.d/init.d/sshd restart

You should now be running the latest openssh. Type ssh –V and verify:

[root@server work]# ssh -V
OpenSSH_4.0p1, OpenSSL 0.9.7e Feb 19 2004

8. Uninstall the RPM versions of openssh from the RPM database, to avoid future problems with RedHat updates

rpm –e openssh-clients -–justdb
rpm –e openssh-server –-justdb
rpm –e openssh --justdb

9. Verify that openssh is no longer installed via RPM with rpm –q openssh

[root@irlp-6290 root]# rpm -q openssh
package openssh is not installed