helmet
April 17th, 2007, 04:35 AM
Ubuntu is pretty good about updating software, but sometimes you just want the latest. This howto will show you how to compile and install the latest openssh (4.6p1 at the time of writing) with the latest openssl library (0.9.8e at the time of writing).
DISCLAIMER
This worked flawlessly on my setup: Ubuntu server 6.10 x86
Your mileage may vary. It's probably a good idea to do this on a machine you have direct access (keyboard,mouse,monitor) to or at least have webmin installed (with webmin you can run commands to fix things). I can provide some basic "try this" support, but for the most part you're on your own. More than likely everything will be fine. The nice part is at least if you are logged in with ssh, you can still install and restart the server and stay logged in. w00t! :D
First, install some important tools. I'm not sure about all the packages you need to compile this, but usually build-essential does the the trick for most things. (Run things in code blocks on the command line, in a program like konsole or terminal)
sudo aptitude install build-essential libpam-dev
If you get any errors at any point about command not found or anything, leave a comment and I'll update the howto with the new information. You can try just 'apt-get'ing the software it claims to be missing.
So anyway, let's get started.
Make a directory to work in:
cd && mkdir dev && cd dev
Now let's download the latest openssl.
wget -c http://www.openssl.org/source/openssl-0.9.8e.tar.gz
And while we are in a downloading mood, let's get the latest openssh package.
wget -c ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
Again, these are the latest at the time of writing, so for newer release head over the the websites and go to the download section to find out what the latest is, and download that.
OpenSSL (http://www.openssl.org/)
OpenSSH (http://openssh.org/)
Unpack the archives:
for i in `ls *.gz`; do tar zxf $i; done
Now you should have to directories: openssl-0.9.8e and openssh-4.6p1
Move into the openssl directory:
cd openssl-0.9.8e
Configure openssl:
./config --prefix=/opt/openssl-0.9.8e
You can replace prefix with something else to install elsewhere or just remove the option to install the default. For this application, I like to install it in /opt to keep it seperate.
Compile openssl:
make
Make sure openssl compiled properly:
make tests
If everything compiled and tested okay, install openssl
sudo make install
Now you should have the directory /opt/openssl-0.9.8e with a bunch of folders and files in it. Sweet.
Lets move on and get openssh going.
The install will not overwrite existing files (like sshd_config or your host key files) if it finds them, so if you want to keep your existing configuration, leave the /etc/ssh directory alone. If you want new everything, backup the original ssh directory.
sudo mv /etc/ssh /etc/ssh.bak
Move into the openssh directory:
cd ../openssh-4.6p1
Configure openssh
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/opt/openssl-0.9.8e
Replace the --with-ssl-dir option with whatever you configured openssl with as the prefix (again to keep things simple, I just used /opt)
Compile openssh
make
And install openssh
sudo make install
Now you have the latest openssh installed with the latest openssl. Check if the install worked and restart the ssh server and check the running version.
sshd -v
Which should return some info, including OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
Restart the server:
sudo /etc/init.d/ssh restart
And test it:
telnet localhost 22
Which should return some info, including SSH-1.99-OpenSSH_4.6
Now you have the latest and greatest openssh installed. Happy secure remote console access!
Please post comments and questions.
(this howto is also on my blog: darkhelmetlive (http://www.darkhelmetlive.com/blog/))
DISCLAIMER
This worked flawlessly on my setup: Ubuntu server 6.10 x86
Your mileage may vary. It's probably a good idea to do this on a machine you have direct access (keyboard,mouse,monitor) to or at least have webmin installed (with webmin you can run commands to fix things). I can provide some basic "try this" support, but for the most part you're on your own. More than likely everything will be fine. The nice part is at least if you are logged in with ssh, you can still install and restart the server and stay logged in. w00t! :D
First, install some important tools. I'm not sure about all the packages you need to compile this, but usually build-essential does the the trick for most things. (Run things in code blocks on the command line, in a program like konsole or terminal)
sudo aptitude install build-essential libpam-dev
If you get any errors at any point about command not found or anything, leave a comment and I'll update the howto with the new information. You can try just 'apt-get'ing the software it claims to be missing.
So anyway, let's get started.
Make a directory to work in:
cd && mkdir dev && cd dev
Now let's download the latest openssl.
wget -c http://www.openssl.org/source/openssl-0.9.8e.tar.gz
And while we are in a downloading mood, let's get the latest openssh package.
wget -c ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
Again, these are the latest at the time of writing, so for newer release head over the the websites and go to the download section to find out what the latest is, and download that.
OpenSSL (http://www.openssl.org/)
OpenSSH (http://openssh.org/)
Unpack the archives:
for i in `ls *.gz`; do tar zxf $i; done
Now you should have to directories: openssl-0.9.8e and openssh-4.6p1
Move into the openssl directory:
cd openssl-0.9.8e
Configure openssl:
./config --prefix=/opt/openssl-0.9.8e
You can replace prefix with something else to install elsewhere or just remove the option to install the default. For this application, I like to install it in /opt to keep it seperate.
Compile openssl:
make
Make sure openssl compiled properly:
make tests
If everything compiled and tested okay, install openssl
sudo make install
Now you should have the directory /opt/openssl-0.9.8e with a bunch of folders and files in it. Sweet.
Lets move on and get openssh going.
The install will not overwrite existing files (like sshd_config or your host key files) if it finds them, so if you want to keep your existing configuration, leave the /etc/ssh directory alone. If you want new everything, backup the original ssh directory.
sudo mv /etc/ssh /etc/ssh.bak
Move into the openssh directory:
cd ../openssh-4.6p1
Configure openssh
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/opt/openssl-0.9.8e
Replace the --with-ssl-dir option with whatever you configured openssl with as the prefix (again to keep things simple, I just used /opt)
Compile openssh
make
And install openssh
sudo make install
Now you have the latest openssh installed with the latest openssl. Check if the install worked and restart the ssh server and check the running version.
sshd -v
Which should return some info, including OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
Restart the server:
sudo /etc/init.d/ssh restart
And test it:
telnet localhost 22
Which should return some info, including SSH-1.99-OpenSSH_4.6
Now you have the latest and greatest openssh installed. Happy secure remote console access!
Please post comments and questions.
(this howto is also on my blog: darkhelmetlive (http://www.darkhelmetlive.com/blog/))