Sunday, September 23, 2012

upgrading ssh version

Upgrading your ssh version in cpanel centos server.


If you have a specific  CVEs from your PCI report (vulnerability scan report) you can check  this using the following method whether they have fixed that  particular vulnerability in your installed version.

# rpm -q --changelog openssh > openssh.changelog
# cat  openssl.fixlog | grep CVE-2006-5794
root@ajeesh [~]# cat openssh.changelog | grep CVE-2006-5794
- CVE-2006-5794 - properly detect failed key verify in monitor (#214642)



root@ajeesh [~]# rpm -qa | grep ssh
openssh-server-4.3p2-82.el5
openssh-clients-4.3p2-82.el5
fuse-sshfs-2.4-1.el5
openssh-4.3p2-82.el5

root@ajeesh [~]# yum upgrade openssh*
Loaded plugins: fastestmirror, rhnplugin
Loading mirror speeds from cached hostfile
 * cloudlinux-x86_64-server-5: xmlrpc.cln.cloudlinux.com
 * epel: mirrors.tummy.com
 * rpmforge: mirror.teklinks.com
Excluding Packages in global exclude list
Finished
Setting up Upgrade Process
No Packages marked for Update
root@ajeesh [~]#

We can not do this yum upgrade for ssh. Centos is not issued the latest repository for ssh.

So we can do the following steps to upgrade openssh in your centos server.

1. root@Ajeesh [/usr/src]# wgetwget http://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz

2. [/usr/src]# tar -xvzf openssh-6.1p1.tar.gz

3. [/usr/src]# cd openssh-6.1p1
4. [/usr/src/openssh-6.1p1]# cp contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
5. [/usr/src/openssh-6.1p1]# cd ..
6. ]# cp openssh-6.1p1.tar.gz  /usr/src/redhat/SOURCES/
7. cd /usr/src/redhat/SPECS
8. perl -i.bak -pe 's/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/' openssh.spec
9. [/usr/src/redhat/SPECS]# rpmbuild -bb openssh.spec
10 ]# cd /usr/src/redhat/RPMS/x86_64/
11 ]# rpm -Uvh *.rpm


]# rpm -qa | grep ssh
openssh-6.1p1-1
openssh-server-6.1p1-1
openssh-clients-6.1p1-1






No comments:

Post a Comment