Updating OpenSSH from source
Christopher Murtagh
yellowdog-general@lists.terrasoftsolutions.com
Wed Jun 26 15:17:01 2002
Here are simple instructions on how to update OpenSSH to the most
recent version (for those of use who do this sort of thing of course :-).
Updating to openssh-3.4 is *strongly* recommended, whether you do it via
source or RPM as there has been a vulnerability found that can lead to a
root compromise.
These steps are assuming you have installed a previous version of openssh
(like a YellowDog or RedHat distributed RPM), but will probably work
otherwise. They have worked for me on all my YDL boxes as well as my
RedHat and Mandrake (x86) boxes.
You also need pam, pam-devel, tcp_wrappers and developer RPMs, but likely
have them installed if you did a default developer workstation.
You'll have to do most of this as the user 'root'.
1) Get the latest (openssh-3.4p1.tar.gz) portable tarball from a mirror
listed here:
http://www.openssh.org/portable.html
2)
tar -zxvf openssh-3.4p1.tar.gz
3)
cd openssh-3.4p1
4)
./configure --with-pam \
--with-tcp-wrappers \
-with-md5-passwords \
--prefix=/usr \
--sysconfdir=/etc/ssh
5) if no errors from above
make
6)
adduser sshd
7)
make install
(ignore the warning saying user 'sshd' doesn't exist)
8) Add this line to /etc/ssh/sshd_config
UsePrivilegeSeparation yes
9)
/etc/rc.d/init.d/sshd restart
10) Done! Now try doing ssh -v username@yourbox and check that the remote
version is indeed 3.4p1.
Cheers,
Chris
--
Christopher Murtagh
Webmaster / Sysadmin
Web Communications Group
McGill University
Montreal, Quebec
Canada
Tel.: (514) 398-3122
Fax: (514) 398-2017