Updated June 19th with the latest version of openssh and openssl.
I also included the --without-zlib-version-check function which is neede for RHEL, the version is upgraded but the version numbers do not look ok with the configure script, it is nothing to worry about.
First step we will enable telnet so if something screws up you can still access the server:
-----command-----
pico -w /etc/xinetd.d/telnet
-----command-----
change disable = yes to no
Save and then exit
-----command-----
/etc/init.d/xinetd restart
-----command-----
First we will upgrade open ssl:
-----command-----
cd /usr/local/src
wget http://www.openssl.org/source/openssl-0.9.8d.tar.gz
tar -zxf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d
./config
make
make test
-----command-----
Now get the latest source from an official mirror:
-----command-----
cd /usr/local/src/
wget ftp://mirror.mcs.anl.gov/pub/openssh/portable/openssh-4.5p1.tar.gz
tar -zxf openssh-4.5p1.tar.gz
cd openssh-4.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl-0.9.8d --with-pam --with-libs=-ldl --without-zlib-version-check
make
make install
/sbin/service sshd restart
-----command-----
If you get a user error you need to add a sshd user. Do that by running this
command:
-----command-----
adduser sshd -s /sbin/nologin
-----command-----
If you don't get any error about a user you do not have to worry about adding the user.
Open another ssh window and make sure ssh works ok, if running the following command returns something with “OpenSSH_4.1P1” you did it correctly.
-----command-----
sshd –V
-----command-----
Now go back and turn telnet off:
-----command-----
pico -w /etc/xinetd.d/telnet
-----command-----
change disable = no to yes
Save and then exit
-----command-----
/etc/init.d/xinetd restart
-----command-----
That’s it!
typo error
here is the fix ;)
Now get the latest source from an official mirror:
-----command-----
cd /usr/local/src
wget ftp://rt.fm/pub/OpenBSD/OpenSSH/portable/openssh-4.0p1.tar.gz
tar -xzf openssh-4.0p1.tar.gz
cd openssh-4.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl-0.9.7e --with-pam
make
make install
/sbin/service sshd restart
-----command-----
typo - fixed
Thanks I fixed it.
If you tried ./configure
If you tried
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl-0.9.8 --with-pam
or got the following error during make:
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x37): In function `dlfcn_load':
: undefined reference to `dlopen'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x98): In function `dlfcn_load':
: undefined reference to `dlclose'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0xc0): In function `dlfcn_load':
: undefined reference to `dlerror'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x141): In function `dlfcn_bind_var':
: undefined reference to `dlsym'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x16c): In function `dlfcn_bind_var':
: undefined reference to `dlerror'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x229): In function `dlfcn_bind_func':
: undefined reference to `dlsym'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x254): In function `dlfcn_bind_func':
: undefined reference to `dlerror'
/usr/local/src/openssl-0.9.8/libcrypto.a(dso_dlfcn.o)(.text+0x512): In function `dlfcn_unload':
: undefined reference to `dlclose'
collect2: ld returned 1 exit status
make: *** [ssh] Error 1
then all you need to do is add --with-libs=-ldl to the end of your ./configure. Seems that the configure can't find the dl libs for some reason. Simple fix, works like a charm :)
OpenSSH_4.1p1, OpenSSL 0.9.8 05 Jul 2005
William Arias - Microsoft MVP
will this change for amd
will this change for amd users
./Configure --prefix=/usr linux-pentium
pentium
No it should work fine, if there is any problem it will have trouble while compiling.
x86_64
For x86_64 i use:
./Configure --prefix=/usr linux-x86_64
or simple run ./config to auto-detect arch type !!!
regards !!!
newer version available
http://www.openssl.org/source/openssl-0.9.8a.tar.gz
new version of OpenSSH
http://ftp.scarlet.be/pub/openbsd/OpenSSH/portable/openssh-4.3p2.tar.gz
Hi, Can i use it with my
Hi,
Can i use it with my Cpanel BoX....
When i scaning my server using Nessus it is advice that openssl and openssh is vulernable.
Please advice.
Effort is important, but knowing where to make an effort in your life makes all the difference.
nessus
You *can* use it but it is not needed. Redhat updates the packages for vulnerabilities but does not change the version number which will trigger things like nessus.
So assuming you are running RHEL3/4 Centos3/4 and are fully updated you are fine. If you are running an EOL OS then you may in fact have problems.
Physically I have tested it on cPanel servers and it will work, I hope that answers your questions.
my server havenot /etc/xinetd.d/telnet file
Hi,
I have a CentOS4.4 + Cpanel, but when I try :
pico -w /etc/xinetd.d/telnet
it donot find this file and pico want to create a new file.
what's the problem and how can i do ?
--------------------------
MahdiOnline
WoW Power Leveling and WoW Gold
WoW Power Leveling and WoW Gold
http://www.gmlvl.com
http://www.globalleveling.com
http://www.mmogpal.com