OpenSSH 8.3p1 update with OpenSSL 1.1.1g on CentOS 7

What’s new? OpenSSL 1.1.1g & OpenSSH 8.3p1

https://www.openssl.org/blog/blog/2018/09/11/release111/

https://www.openssh.com/releasenotes.html

1. remove openssl

yum remove openssl -y

2. compiler

yum group install ‘Development Tools’
yum install perl-core zlib-devel -y

3. openssl download

cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
gzip -d openssl-1.1.1g.tar.gz
tar -xvf openssl-1.1.1g.tar.gz

4. openssl compile

cd openssl-1.1.1g

./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib

make

make test

make install

5. Configure Link Libraries

cd /etc/ld.so.conf.d/
vi openssl-1.1.1g.conf

/usr/local/ssl/lib

5.1 Now reload the dynamic link using the command below

ldconfig -v

6. Create new environment files for OpenSSL

vi /etc/profile.d/openssl.sh

• #Set OPENSSL_PATH
  OPENSSL_PATH=/usr/local/ssl/bin
  export OPENSSL_PATH
  PATH=$PATH:$OPENSSL_PATH
  export PATH

7. final  work

chmod +x /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
echo $PATH
which openssl

8. Testing

openssl version -a

OpenSSL 1.1.1g 21 Apr 2020
built on: Fri Aug 14 01:17:13 2020 UTC
platform: linux-x86_64

9. openssh download

cd /usr/local/src
wget https://www.ftp.ne.jp/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
gzip -d openssh-8.3p1.tar.gz
tar -xvf openssh-8.3p1.tar

10. openssh config backup

cp -r /etc/ssh /etc/ssh.bak

11. openssh remove

yum remove openssh -y

12. openssh compile

cd openssh-8.3p1

cd /usr/local/src/openssh-8.3p1

./configure –prefix=/usr/local/openssh –with-ssl-dir=/usr/local/ssl –with-sysconfdir=/etc/ssh –with-md5-passwords

make

make test

make install

13. add service

cd ./contrib

cp sshd.pam.generic /etc/pam.d/sshd

cp redhat/sshd.init /etc/init.d/sshd

vi /etc/init.d/sshd

• # Some functions to make the below more readable
  SSHD=/usr/local/openssh/sbin/sshd
  PID_FILE=/var/run/sshd.pid
• # Create keys if necessary
  /usr/local/openssh/bin/ssh-keygen -A

chkconfig –add sshd

14. link bin files

ln -s /usr/local/openssh/bin/* /usr/bin/
ln -s /usr/local/openssh/sbin/* /usr/sbin/

15. restore backup

cp /etc/ssh.bak/sshd_config /usr/local/openssh/etc/

vi /usr/local/openssh/etc/sshd_config

• PermitRootLogin yes

16. start sshd

service sshd start

16. Testing

ssh -V

OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020