How to Update OpenSSH on Red Hat Fedora Core 7

This morning, my Mcafee Secure badge on one of my sites stopped working. When I checked, the reason was cited as a vulnerability on the server in the form of an outdated OpenSSH. I called Godaddy and they said that since my server was on a non-managed plan (i.e I was not paying them $1200 per year), they woud not be able to update the OpenSSH or apply a patch to make sure the server would not be compromised. So, I decided to roll up my sleeves and do it myself. With a little research and 30 minutes of my time, I was able to update the OpenSSH version and saved $1200 in the process!

Disclaimer:

THIS HOWTO IS PROVIDED BY BONIGALA DOT COM “AS IS” AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BONIGALA DOT COM. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

STOP: This guide can be considered dangerous as if the directions are not followed exactly and all steps completed you may loose access to your server completely. Use this with caution!

This howto assumes the reader has a general knowledge of Linux and the command line interface for installing applications and has root access to the server. Readers with minimal knowledge of Linux or the processes of compiling and installing software should not attempt this without proper supervision from a system administrator or in a production environment.

1) Open Terminal in Mac OS X

2) Enter command# ssh [email protected] (replace the username and domain with your own details)

3) If you see a message like: “Are you sure you want to continue connecting (yes/no)?”, type “yes” and hit enter

4) Enter your system password

5) Enter command# su - (This will take you to the root)

6) Enter command# sshd -v (To see the current version of OpenSSH on your server). You may see a message like:

OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006

STOP: This guide can be considered dangerous as if the directions are not followed exactly and all steps completed you may loose access to your server completely. Use this with caution!

7) Enter command# wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.4p1.tar.gz (This will download the latest version of the OpenSSH files. You will have to change the version number if a more recent version has been released. Check on openbsd.com for the latest version number)

8 ) Enter command# tar -xvzf openssh-5.4p1.tar.gz (This will unarchive the file)

9) Enter command# chkconfig –level 1235 telnet on (You might get an error message like “error reading information on service telnet: No such file or directory”. You can ignore this and move on.)

10) Enter command# ./configure –prefix=/usr –sysconfdir=/etc/ssh –with-pam (The configure command bellow will enable the pluggable authentication module, PAM and set the configuration path for SSH.)

STOP: This guide can be considered dangerous as if the directions are not followed exactly and all steps completed you may loose access to your server completely. Use this with caution!

11) Enter command# ./configure
Enter command# make
Enter command# make install

12) Enter command# /etc/init.d/sshd restart (To restart openssh. You may see messages like this:)
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

13) Enter command# su - (To back to root)

14) Enter command# sshd -v (To check version to see if upgrade is successful. You may see messages like this:)
sshd: illegal option — v
OpenSSH_5.4p1, OpenSSL 0.9.8b 04 May 2006

15) Enter command# chkconfig –level 1235 telnet off
You might get an error message like “error reading information on service telnet: No such file or directory”. You can ignore this and move on.

16) Reboot server