Leeladharan Achar - alias - leelu ~ blogging...hola mi amigos..'s Blog

Posted June 25, 2017   382 views

CentOS7 Updating OpenSSH To OpenSSH7.5p1

Below are instructions on upgrading openssh6 to openssh7.5p1 on centOS7

Login to RemoteMachine

ssh to the remote machine, where we need to update. Login as root.

Now open another terminal and connect to same remote machine and login as root.

This is to make sure while upgrading if by mistake you get logged out/quit u have another session.

Steps To Follow

    yum install pam-devel
    mkdir /root/rpmbuild
    cd /root/rpmbuild/
    mkdir -pv {BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
    cd SOURCES/
    wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
    wget http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz 
    tar -zxvf openssh-7.5p1.tar.gz
    cp openssh-7.5p1/contrib/redhat/openssh.spec ../SPECS/
    rm -rf openssh-7.5p1
    cd ../SPECS/
    vi openssh.spec

change below details

    # Do we want to disable building of x11-askpass? (1=yes 0=no) 
     % define   no_x11 _ askpass  1

     # Do we want to disable building of gnome-askpass? (1=yes 0=no) 
     % define  no_gnome _ askpass  1

save the file and exit and execute below commands

    rpmbuild -bb openssh.spec
    cd /root/rpmbuild/RPMS/x86_64/ 
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak 
    cp /etc/pam.d/sshd /etc/pam.d/sshd_old.bak

    yum install ./*
    chmod 400 /etc/ssh/ssh_host_rsa_key 
    chmod 400 /etc/ssh/ssh_host_ecdsa_key
    chmod 400 /etc/ssh/ssh_host_ed25519_key

/etc/pam.d/sshd file will get overwritten while installing above rpms, so make sure you had the backup of pam.d/sshd file in previous steps

    vi /etc/pam.d/sshd

comment existing data in file by adding # at the start of all lines and copy the /etc/pam.d/sshd_old.bak content here

or if you don't have the backup file then add below contents

    auth include system-auth
    account required pam_nologin.so
    account include system-auth
    password include system-auth
    session include system-auth

save and exit the file and execute below command

    systemctl restart sshd