Updating OpenSSH from source

[Christopher Murtagh]

 Here are simple instructions on how to update OpenSSH to the most
recent version (for those of use who do this sort of thing of course :-).
Updating to openssh-3.4 is *strongly* recommended, whether you do it via
source or RPM as there has been a vulnerability found that can lead to a
root compromise.

 These steps are assuming you have installed a previous version of openssh
(like a YellowDog or RedHat distributed RPM), but will probably work
otherwise. They have worked for me on all my YDL boxes as well as my
RedHat and Mandrake (x86) boxes.

 You also need pam, pam-devel, tcp_wrappers and developer RPMs, but likely
have them installed if you did a default developer workstation.

 You'll have to do most of this as the user 'root'.

1) Get the latest (openssh-3.4p1.tar.gz) portable tarball from a mirror
listed here:

  http://www.openssh.org/portable.html

2)

 tar -zxvf  openssh-3.4p1.tar.gz

3)

 cd  openssh-3.4p1

4)

./configure --with-pam \
--with-tcp-wrappers \
-with-md5-passwords \
--prefix=/usr \
--sysconfdir=/etc/ssh

5) if no errors from above

 make

6)

 adduser sshd

7)

 make install

 (ignore the warning saying user 'sshd' doesn't exist)

8) Add this line to /etc/ssh/sshd_config

UsePrivilegeSeparation yes

9)

 /etc/rc.d/init.d/sshd restart

10) Done! Now try doing ssh -v username@yourbox and check that the remote
version is indeed 3.4p1.


Cheers,

Chris

-- 

Christopher Murtagh
Webmaster / Sysadmin
Web Communications Group
McGill University
Montreal, Quebec
Canada

Tel.: (514) 398-3122
Fax:  (514) 398-2017