Install OpenSSH from source on remote server

Posted on Posted in SSH

This tutorial describes a way to install the latest OpenSSH from the source package on the remote server.

First of all let's install the required build packages:
yum install gcc make openssl-devel pam-devel screen yum-utils.noarch

Next step would be to download the available RPM packages from the software repositories just in case if something goes wrong:
yumdownloader openssh-server

Next download the latest package from OpenSSH server:
wget ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.gz
tar xvf openssh-7.3p1.tar.gz
cd openssh-7.3p1

Now we can move forward with the compilation. I am going to have the following:

  • Locate configuration files in /etc/ssh/
  • Binaries will go to /usr/bin/
  • Enable ipv4 support by default
  • Enable the cached passwords and pam authentification

Backup the current configuration:
cp /etc/ssh /etc/ssh.bak

Run the configure tool to prepare installation:
./configure --sysconfdir=/etc/ssh/ --bindir=/usr/bin/ --sbindir=/usr/sbin/ --with-ipv4-default --with-md5-passwords --with-pam

Now we need to remove the currently installed OpenSSH. From this point your active shell session remains the only thread that has remote access to the server. Make sure that your internet connection is stable.
yum remove openssh-server

Now you can run make to install the new OpenSSH:
make
make install

Create init.d script:
cp contrib/redhat/sshd.init /etc/init.d/sshd

Edit the script and comment out the string that contains the following certificate:

/etc/ssh/ssh_host_ecdsa_key.pub

Enable startup of the new OpenSSH server:
chkconfig sshd --add
chkconfig sshd on

Now we are almost ready to start new OpenSSH server but my session was terminated when I ran the following, so don't do it:
/etc/init.d/sshd restart

If you are connecting to server using root user please edit the following file accordingly:
/etc/ssh/sshd_config

Let' run it in screen:
screen
/etc/init.d/sshd stop && /etc/init.d/sshd start

Your session will be terminated after this. Now you can re-connect to server and verify the version of OpenSSH.

Leave a Reply

Your email address will not be published. Required fields are marked *