openssh upgrade

Taking care of your Linux box.

openssh upgrade

Postby nedian » Mon Apr 12, 2004 4:29 pm

i have openssh 3.5 i, i want to upgrade tp 3.7 buti i cant find rpms in iopehssh.org or in the redhat update site, does anyone knows how to uograde using source coz sources of 3.7 are available
nedian
Lance Naik
 
Posts: 16
Joined: Sat Feb 28, 2004 1:31 am
Yahoo Messenger: nedian81@yahoo.com

Re: openssh upgrade

Postby LinuxFreaK » Mon Apr 12, 2004 11:17 pm

Dear nedian,
Salam,

nedian wrote:i have openssh 3.5 i, i want to upgrade tp 3.7 buti i cant find rpms in iopehssh.org or in the redhat update site, does anyone knows how to uograde using source coz sources of 3.7 are available


Title: Upgrading OpenSSH on Redhat Servers
Revision: 1.0
Date: April 12th, 2004
Time: 12:00am PST
Description: Guide for installing and upgrading OpenSSH services on a typical Redhat server.
Difficulty: 5/10


-----------------------------------------------------------------------------------

Disclaimer:
THIS HOWTO IS PROVIDED BY LINUXPAKISTAN DOT NET "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LINUXPAKISTAN DOT NET. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Introduction:
OpenSSH has become the standard for accessing servers today. And maintain its security is a must to keep your server free from intruders. Standard Redhat installations of all versions install OpenSSH but these default installations all also have root exploits for them.

This howto will attempt to guide you in upgrading your current OpenSSH installation to aid in hardening your system.

NOTE: This guide can be considered dangerous as if the directions are not followed exactly and all steps completed you may loose access to your server completely. Use this with caution!

This howto assumes the reader has a general knowledge of Linux and the command line interface for installing applications and has root access to the server. Readers with minimal knowledge of Linux or the processes of compiling and installing software should not attempt this without proper supervision from a system administrator or in a production environment.

Pre-Installation:
We will begin with checking the OpenSSHd version number to see if we are running an older version than current.

Code: Select all

# sshd -v


NOTE: -v is not a legal flag that is normally passed onto sshd but for this purpose it will produce the list of accepted parameters and the SSHd version. The output should look like this:

Code: Select all

root@grep [/]# sshd -v             
sshd: illegal option -- v
sshd version OpenSSH_3.4p1
Usage: sshd [options]
<snip>


Once we have verified that we are running an older version of OpenSSH we will be downloading the OpenSSH source tar ball to /usr/src. At the time of this writing the latest version available is 3.6.1p2. We will also be untarring the downloaded file and changing to the new directory.

Code: Select all

# cd /usr/src
# wget ftp://ftp.openbsd.org/pub/OpenBSD/O...-3.6.1p2.tar.gz
# tar -xvzf openssh-3.6.1p2.tar.gz
# cd openssh-3.6.1p2/


Now to be safe we will also be turning telnetd on incase OpenSSH does not come back up after we restart it. This should NOT be left on after the compile as all commands and logins will be transmitted in plain text.

Code: Select all

# chkconfig --level 1235 telnet on


Installation and upgrading:
The configure command bellow will enable the pluggable authentication module, PAM and set the configuration path for SSH.

Code: Select all

# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam


After configure has ran on your system and if no errors are given it is safe to begin building your OpenSSH package with make.

Code: Select all

# make
# make install


NOTE: You may receive an error after running make install saying that the user sshd is not present on your system. To fix this error run this command:

Code: Select all

# adduser sshd -s /sbin/nologin
# make install


If everything has been compiled without any errors then it is time to restart sshd. This is when it is important to either have telnet up or someone that can console to the server incase sshd does not come back up after the restart.

Code: Select all

# /etc/init.d/sshd restart


After restarting OpenSSH you can now verify that you are running your new build with this command:

Code: Select all

# sshd -v


Acceptable output would be:

Code: Select all

root@grep [/]# sshd -v             
sshd: illegal option -- v
sshd version OpenSSH_3.6.1p2
Usage: sshd [options]
<snip>


After you have verified that OpenSSH has been properly upgraded and accepts connections fine it is HIGHLY recommended to turn telnetd off.

Code: Select all

# chkconfig --level 1235 telnet off


Closing:
If you have found any glaring typos, or outdated info in this document, please let me know.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

done!!

Postby nedian » Tue Apr 13, 2004 12:37 pm

perfect.....i have sucessfully updated ssh to 3.7. Thanx a lot
nedian
Lance Naik
 
Posts: 16
Joined: Sat Feb 28, 2004 1:31 am
Yahoo Messenger: nedian81@yahoo.com


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron